Two things:
- take a look at this helper to see something that works:
http://bazaar.launchpad.net/~squid/squid/trunk/view/head:/helpers/storeid_rewrite/file/storeid_file_rewrite.pl.in
- newlines are important in the communication between squid and the
helper.
perl's "print" is not sending a new line character even if needed, you
need to put it there.
Since squid 3.5.X there is a string "%un" which sends the authenticated
user name to the helper without triggering a authentication if not needed.
All The Bests,
Eliezer
On 24/08/2015 03:17, hs tan wrote:
I have been trying to test squid but it doesn't seems to be working. The
closest example I studied are:
http://etutorials.org/Server+Administration/Squid.+The+definitive+guide/Chapter+12.+Authentication+Helpers/12.5+External+ACLs/
http://www.stress-free.co.nz/transparent_squid_authentication_to_edirectory
but none of it works.
From the simple test, I did on the following:
The print "ERR" supposed to have an out put at the cache.log, but I din't
see anything appearing
Neither I change the "ERR" nor "OK", there is no effect on the access.
I just want a simple test, if set to print "ERR" then stop user to proceed,
if "OK" then proceed.
The error message in cache.log
2015/07/28 11:45:56 kid1| helperHandleRead: unexpected reply on channel 0
from mysql_log #Hlpr17 ''
squid.conf is:
auth_param basic program /usr/lib64/squid/basic_ldap_auth -v 3 -b
"dc=xxx,dc=edu.xx" -D "cn=Manager,dc=xxx,dc=edu.xx" -w passwd -f uid=%s
ldap.xxx.edu.xx:389
acl ldap-auth proxy_auth REQUIRED
auth_param basic children 5
auth_param basic realm Web Proxy Server
auth_param basic credentialsttl 1 minute
external_acl_type mysql_log %SRC %LOGIN %{Host} /home/squid/quota_helper.pl
acl ex_log external mysql_log
http_access allow ex_log
....
http_access allow ldap-auth
http_access allow localnet
http_access allow localhost
http_access deny all
quota_helper.pl is:
#!/usr/bin/perl -wl
$|=1;
while(<STDIN>){
print "ERR";
}
[root@localhost ~]# squid -v shows:
Squid Cache: Version 3.5.5
Service Name: squid
configure options: '--build=x86_64-redhat-linux-gnu'
'--host=x86_64-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr'
'--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin'
'--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include'
'--libdir=/usr/lib64' '--libexecdir=/usr/libexec'
'--sharedstatedir=/var/lib' '--mandir=/usr/share/man'
'--infodir=/usr/share/info' '--exec_prefix=/usr'
'--libexecdir=/usr/lib64/squid' '--localstatedir=/var'
'--datadir=/usr/share/squid' '--sysconfdir=/etc/squid'
'--with-logdir=$(localstatedir)/log/squid'
'--with-pidfile=$(localstatedir)/run/squid.pid'
'--disable-dependency-tracking' '--enable-follow-x-forwarded-for'
'--enable-auth'
'--enable-auth-basic=DB,LDAP,NCSA,NIS,PAM,POP3,RADIUS,SASL,SMB,getpwnam'
'--enable-auth-ntlm=smb_lm,fake' '--enable-auth-digest=file,LDAP'
'--enable-auth-negotiate=kerberos,wrapper'
'--enable-external-acl-helpers=wbinfo_group,kerberos_ldap_group'
'--enable-cache-digests' '--enable-cachemgr-hostname=localhost'
'--enable-delay-pools' '--enable-epoll' '--enable-icap-client'
'--enable-ident-lookups' '--enable-linux-netfilter'
'--enable-removal-policies=heap,lru' '--enable-snmp'
'--enable-storeio=aufs,diskd,ufs,rock' '--enable-wccpv2' '--enable-esi'
'--enable-ssl-crtd' '--enable-icmp' '--with-aio'
'--with-default-user=squid' '--with-filedescriptors=16384' '--with-dl'
'--with-openssl' '--with-pthreads' '--with-included-ltdl'
'--disable-arch-native' '--without-nettle'
'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu'
'CFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions
-fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches
-m64 -mtune=generic' 'LDFLAGS=-Wl,-z,relro ' 'CXXFLAGS=-O2 -g -pipe -Wall
-Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong
--param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic
-fPIC'
'PKG_CONFIG_PATH=%{_PKG_CONFIG_PATH}:/usr/lib64/pkgconfig:/usr/share/pkgconfig'
--enable-ltdl-convenience
[root@localhost ~]#
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users