On 10/06/2016 9:13 p.m., --Ahmad-- wrote: > again , if i use the same steps below on centos 6 is works fine without any issue > That means nothing. CentOS is based on RHEL, whic on ly gets updated periodically. There are about five years worth of changes across the entire IOS and everything installed with it between v6 and v7. Obviously something in those changes to CentOS does not work with that very old version of Squid and seems to work fine with the newer Squid. >> On Jun 10, 2016, at 11:54 AM, --Ahmad-- wrote: >> >> hi eliezer >> ============================================= >> 1- selinux is disabled >> [root@localhost ~]# sestatus >> SELinux status: disabled >> [root@localhost ~]# >> >> 2- >> i have the PID file with permission to squid >> [root@localhost ~]# ls -l /var/run/squid.pid >> -rw-r--r-- 1 squid squid 5 Jun 10 04:45 /var/run/squid.pid >> [root@localhost ~]# squid.pid should not exist when Squid is shutdown. You should delete it and ensure that Squid is started by the root user, which already should have permission to alter the /var/run directory and create the squid.pid file correctly. >> >> but here i don’t see the file /var/run/squid …….i used to see file called /var/run/squid not /var/run/squid.pid >> /var/run/squid should be a directory. Its where the state data gets placed now. It may be unused in your installation or just not. squid.pid may be under /var/run/squid or /var/run depending on your installation. /run may be used instead of /var/run if you have a new enough system. ** For pre-packaged Squid. Don't worry about these unless Squid explicitly complains. Just go with what the package installation chose. ** For custom builds, the "make install" action should create /var/run/squid directory. If for some reason it does not (such as newly building an already deprecated old Squid version - which one shodul never do anyway). You may need to create it yourself, and assign squid:squid ownership. >> i also tried to add directive to squid.conf ==> pid_filename /var/run/squid.pid >> >> but i have the same errror >> >> 3-im using kernel default for Centos 7 and it do support IPV6 , i didn’t compile any kernel >> >> >> >> agin the error that i have is : >> kid2| commBind: Cannot bind socket FD 782 to [::]: (2) No such file or directory >> As mentioned in the URL Eliezer reference you to already (<http://wiki.squid-cache.org/Features/SmpScale#Cannot_bind_socket_FD_NN_to_.5B::.5D:_.2813.29_Permission_denied>) that error is about the SMP UDS sockets. More specifically it is about the system shared memory device (/dev/shm). * Some systems need the /dev/shm device to be explicitly turned on during startup. Check if it is enabled in your system and if not, what you have to do to fix that. Hints in the wiki. * Check that /dev/shm path is owned by root. Only the OS itself should be doing things in there. Programs like Squid use kernel syscalls to make changes. * Older Squid like yours could leave UDS sockets after a crash or broken config abort. Check that /dev/shm/ does not contain any "files" starting with "squid-" or owned by Squid when Squid is shutdown. If some exist use 'rm' to remove them and try restarting Squid. >> >> not >> kid2| commBind: Cannot bind socket FD 782 to [::]: permission denied >> >> >> here is again compile options : >> >>>> Squid Cache: Version 3.5.2 >>>> Service Name: squid >>>> configure options: '--prefix=/usr' '--includedir=/include' '--mandir=/share/man' '--infodir=/share/info' '--sysconfdir=/etc' >> '--enable-cachemgr-hostname=Ahmad-Allzaeem' ... unusual URL for accessing management reports: http://Ahmad-Allzaeem/squid-internal-mgr/ 'cachemgr' means the Squid cache management API, specifically the cachemgr.cgi tool. Not an administrators name. >> '--localstatedir=/var' '--libexecdir=/lib/squid' '--disable-maintainer-mode' '--disable-dependency-tracking' '--disable-silent-rules' '--srcdir=.' '--datadir=/usr/share/squid' '--sysconfdir=/etc/squid' '--mandir=/usr/share/man' '--enable-inline' '--enable-async-io=8' '--enable-storeio=ufs,aufs,diskd,rock' '--enable-removal-policies=lru,heap' '--enable-delay-pools' '--enable-cache-digests' '--enable-underscores' '--enable-icap-client' '--enable-follow-x-forwarded-for' '--enable-auth' '--enable-basic-auth-helpers=LDAP,MSNT,NCSA,PAM,SASL,SMB,YP,DB,POP3,getpwnam,squid_radius_auth,multi-domain-NTLM' '--enable-ntlm-auth-helpers=smb_lm' '--enable-digest-auth-helpers=ldap,password' '--enable-negotiate-auth-helpers=squid_kerb_auth' '--enable-esi' '--disable-translation' '--with-logdir=/var/log/squid' '--with-pidfile=/var/run/squid.pid' '' '--with-large-files' '--with-default-user=squid' --with-openssl' '--enable-snmp' '--with-included-ltdl' '--disable-arch-native' >>>> [root@localhost ~]# >> >> >> and here is squid.conf >> >> [root@localhost ~]# cat /etc/squid/squid.conf | less >> cache deny all >> ################# >> #pid_filename /var/run/squid.pid >> #################### >> visible_hostname squid >> cache_effective_user squid >> cache_effective_group squid You should not need to use cache_effective_group. Particularly if you are wanting to use NTLM or Kerberos related functionality with Squid. >> #################################### >> #workers 2 >> ######################################################################## >> # Lockdown Procedures >> auth_param basic program /lib/squid/basic_ncsa_auth /etc/squid/squid_user >> acl ncsa_users proxy_auth REQUIRED >> http_access allow ncsa_users >> ############################ >> f Please move the auth and http_access lines down to below where it says: " # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS " Doing complex things like auth up here at the top of the config your proxy is made more vulnerable than it should be to various DoS and traffic smuggling attacks. <snip> >> # >> # Recommended minimum Access Permission configuration: >> # >> # Deny requests to certain unsafe ports >> http_access deny !Safe_ports >> >> # Deny CONNECT to other than secure SSL ports >> http_access deny CONNECT !SSL_ports >> >> # Only allow cachemgr access from localhost >> http_access allow localhost manager >> http_access deny manager >> >> # We strongly recommend the following be uncommented to protect innocent >> # web applications running on the proxy server who think the only >> # one who can access services on "localhost" is a local user >> #http_access deny to_localhost >> >> # >> # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS >> # >> >> # Example rule allowing access from your local networks. >> # Adapt localnet in the ACL section to list your (internal) IP networks >> # from where browsing should be allowed >> http_access allow localnet >> http_access allow localhost >> >> # And finally deny all other access to this proxy >> http_access deny all >> >> # Squid normally listens to port 3128 >> http_port 1234 Why 1234? 3128 has been formally registered for Squid use. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users