Dear all,
I am having an incredibly annoying problem with getting squid to run with
the pam_auth module so I can authenticate users based on the shadow
passwords file.
The problem: when I start squid (with -d 1 -N: debug level 1 no daemon mode)
everything is fine and dandy until I get to the line:
helperOpenServers: starting 5 'pam_auth' processes.
It halts here for about five minutes and then states:
WARNING: Cannot run '/usr/local/squid/libexec/squid/pam_auth'.
It repeatedly states this every four minutes or so for about twenty minutes
and then squid appears to start normally. However squid doesn't answer
queries and constantly complains that either its already running with a
message like:
squid is already running! PID: 15749
or the same warning as before, complaining that it can't run pam_auth.
I have the /etc/pam.d/squid file correct - it is the exact copy of the one
on a colleague's proxy - and I specify the path to it in squid.conf.
Now, I have tried running it without debugging, with full debugging (-X) not
as daemon and as a daemon. I have also tried every possible combination of
permissions on both the squid binary and the pam_auth module.
If I su squid I can run pam_auth.
I have also written a shell script authenticator which echos something to a
file as soon as it is run. This confirms that the auth module is not run by
squid and it is, as it says, that it can't run it.
A friend of mine who has got pam_auth working suggested that I should have
pam_auth owned by root:root but with the 's' bits set: chmod ug+s pam_auth.
This didn't help.
I have tried two version of 2.4 (STABLE1 and STABLE2) and have compiled both
versions with and without optimisation. (At one stage squid was core dumping
with the -X option and in this months mailing list someone suggested
compiling with gcc -g -Wall.)
I have also tried reducing the cache_mem in squid.conf because I thought
maybe the server was running out of memory when it tried to spawn the
children. This didn't help.
In desperation I have even copied the entire /usr/local/squid directory off
another server upon which it was working. Still the same problem!
Any suggestions as to what could be wrong would be muchly, muchly
appreciated!!
TIA, Geordie.
PS:
kernel 2.4.3
Red Hat 7.0
fairly heavy packet filtering on the machine but ports 8080 and 3128 are
free to tcp traffic.
also running apache.
Squid works when I comment the out the authenticate program.
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
Received on Mon Oct 08 2001 - 07:19:44 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:02:38 MST