|
Hai, I had troubles also with the squid config
files, so i created “squid-conf-split” Basicly this small piece of code blow. ## code starts here. #!/bin/sh DATE_NOW=$(date +%Y-%m-%d) if [ -d /etc/squid/conf.d ]; then cp -R /etc/squid/conf.d-${DATE_NOW} else mkdir /etc/squid/conf.d fi cd /etc/squid/conf.d if [ ! -e /etc/squid/squid.conf.debian ];
then if [ -e
/etc/squid/squid.conf.dpkg-dist ]; then cp /etc/squid/squid.conf.dpkg-dist
/etc/squid/squid.conf.debian else cp /etc/squid/squid.conf
/etc/squid/squid.conf.debian fi fi csplit -f squid- -n2
/etc/squid/squid.conf.debian '/# -----------------------------------------------------------------------------/-1'
'{*}' > /dev/null for x in `ls squid-*` ; do NAME=`cat $x |
head -n1 | tr -s ' ' | tr "[ ]" "[\-]"| cut -c3-100` ; mv
$x $x-00-$NAME.conf ; done cat << EOF >
/etc/squid/squid.conf ########################################" ## Debian Squid splitted based config ## edit the files in /etc/squid/conf.d/ include /etc/squid/conf.d/*.conf" EOF ## code ends here. You end up with a layout like this. All files starting with squid-XX-00 are
the default settings of squid. All squid-XX-01-custom are my changes. Only 1 file with an exeption. squid-03-00-ACCESS-CONTROLS.conf
. since order is a big thing in this file, i make a copy of it. And add my entries there. All other see
below. squid-00-00-WELCOME-TO-SQUID-3.5.12.conf
squid-12-01-custom.conf
squid-27-00-SNMP-OPTIONS.conf squid-01-00-OPTIONS-FOR-SMP.conf
squid-13-00-OPTIONS-FOR-EXTERNAL-SUPPORT-PROGRAMS.conf
squid-27-01-custom.conf squid-02-00-OPTIONS-FOR-AUTHENTICATION.conf
squid-13-01-custom.conf squid-28-00-ICP-OPTIONS.conf squid-02-01-auth-negotiate-both.conf
squid-14-00-OPTIONS-FOR-URL-REWRITING.conf
squid-28-01-custom.conf squid-02-04-auth-ldap-AD.conf
squid-15-00-OPTIONS-FOR-STORE-ID.conf
squid-29-00-MULTICAST-ICP-OPTIONS.conf squid-02-99-auth-acl.conf
squid-16-00-OPTIONS-FOR-TUNING-THE-CACHE.conf squid-30-00-INTERNAL-ICON-OPTIONS.conf squid-03-00-ACCESS-CONTROLS.conf
squid-16-01-custom.conf
squid-31-00-ERROR-PAGE-OPTIONS.conf squid-04-00-NETWORK-OPTIONS.conf
squid-17-00-HTTP-OPTIONS.conf
squid-31-01-custom.conf squid-05-00-SSL-OPTIONS.conf
squid-17-01-custom.conf squid-32-00-OPTIONS-INFLUENCING-REQUEST-FORWARDING-.conf squid-06-00-OPTIONS-RELATING-TO-EXTERNAL-SSL_CRTD-.conf
squid-18-00-TIMEOUTS.conf
squid-32-01-custom.conf squid-07-00-OPTIONS-WHICH-AFFECT-THE-NEIGHBOR-SELECTION-ALGORITHM.conf
squid-18-01-custom.conf
squid-33-00-ADVANCED-NETWORKING-OPTIONS.conf squid-08-00-MEMORY-CACHE-OPTIONS.conf
squid-19-00-ADMINISTRATIVE-PARAMETERS.conf squid-34-00-ICAP-OPTIONS.conf squid-08-01-custom.conf
squid-19-01-custom.conf
squid-34-01-icap-squidclamav.conf squid-09-00-DISK-CACHE-OPTIONS.conf
squid-20-00-OPTIONS-FOR-THE-CACHE-REGISTRATION-SERVICE.conf
squid-35-00-eCAP-OPTIONS.conf squid-09-01-custom.conf
squid-21-00-HTTPD-ACCELERATOR-OPTIONS.conf
squid-36-00-MESSAGE-ADAPTATION-OPTIONS.conf squid-10-00-LOGFILE-OPTIONS.conf
squid-22-00-DELAY-POOL-PARAMETERS.conf
squid-37-00-DNS-OPTIONS.conf squid-10-01-custom.conf
squid-23-00-CLIENT-DELAY-POOL-PARAMETERS.conf
squid-37-01-custom.conf squid-11-00-OPTIONS-FOR-TROUBLESHOOTING.conf
squid-24-00-WCCPv1-AND-WCCPv2-CONFIGURATION-OPTIONS.conf
squid-38-00-MISCELLANEOUS.conf squid-11-01-custom.conf
squid-25-00-PERSISTENT-CONNECTION-HANDLING.conf
squid-38-01-custom.conf squid-12-00-OPTIONS-FOR-FTP-GATEWAYING.conf
squid-26-00-CACHE-DIGEST-OPTIONS.conf If you use kerberos authentication. You can
use a setup like this., i’ve tested both, and both works as of 3.4.8
-> 3.5.12 ( i recomiled 3.5 from sid ) ## this line needs a good working Pricipal
names. (SPN’s) Like HTTP/proxy1.internal.domain.tld and you need an A
and PTR record ! auth_param negotiate program
/usr/lib/squid/negotiate_wrapper_auth -d \ --kerberos
/usr/lib/squid/negotiate_kerberos_auth -s HTTP/proxy1.internal.domain.tld@xxxxxxxxxxxx
\ --ntlm /usr/bin/ntlm_auth
--helper-protocol=gss-spnego --domain=NTDOMAIN ## or same, check the -s ! #auth_param negotiate program
/usr/lib/squid/negotiate_wrapper_auth \ # --kerberos
/usr/lib/squid/negotiate_kerberos_auth -s GSS_C_NO_NAME -d \ # --ntlm /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp --domain= NTDOMAIN \ auth_param negotiate children 30 startup=5
idle=1 auth_param negotiate keep_alive on take one of the above lines and test with
debug on , like : /usr/lib/squid/negotiate_wrapper_auth -d \ --kerberos
/usr/lib/squid/negotiate_kerberos_auth -s HTTP/proxy1.internal.domain.tld@xxxxxxxxxxxx
\ --ntlm /usr/bin/ntlm_auth
--helper-protocol=gss-spnego --domain=NTDOMAIN -D ( -D added in this line ) So, do the following, start over with a
clean new config. Enable these: #acl localnet src 10.0.0.0/8 # RFC1918
possible internal network #acl localnet src 172.16.0.0/12 # RFC1918
possible internal network #acl localnet src 192.168.0.0/16 #
RFC1918 possible internal network #acl localnet src fc00::/7 # RFC
4193 local private network range #acl localnet src fe80::/10 # RFC
4291 link-local (directly plugged) machines Which allows all local networks, or change
them to your ip range. http_port 3128 intercept add to firewall: -A PREROUTING -i eth0 -p tcp --dport 80 -j
REDIRECT --to-port 3128 Reload squid and test. Give it a try, im back here in 15 hours..
;-) Greetz, Louis Van: squid-users
[mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx] Namens dolson@xxxxxxxxx Greetings, I am working with Squid 3.4.8 on a Debian 8.2 system. The
goal is to record all web activity, not block any sites at this time utilizing
squid. I have followed several different sets of instructions on setting
up Squid to utilize Active Directory Authentication to record who goes
where. I have yet to be able to access any websites, even internal
sites while passing through the Squid Proxy. The browser I’m
testing on is Mozilla Firefox 42.0 on a Windows 7 Professional system. I
am using Firefox for testing as I can set the proxy without affecting my other
browsers on my workstation. I have tried various different forms of the squid.conf file, found from
various sources and I have yet to get a successful connection. Depending
on the file configuration I use, I am getting an “access denied”
page from the squid server, or a “Problem loading page: The
connection was reset” error. With the current squid.conf,
which brings up the second error, nothing is recorded in the access.log file,
and the cache.log file keeps reporting the following error: WARNING: memberof #Hlpr0 exited FATAL: The memberof helpers are crashing too rapidly, need help! I feel like I’m banging my head against the wall at this
point. I have tried slowly building the squid.conf file, adding one
authenticator program at a time until I got some sort of different response and
I have not been able to get anything to work. I have attached several different squid.conf files that I have
used. The current “Squid.conf” file generates the
“Connection was reset” error message, while the squid.conf.bk5 file
just gives me an access is denied message. Please help! Thank you, Dan Olson Network Support Specialist Direct: 918.382.1212 |
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
