Re: [squid-users] Re: Re: Squid + Kerberos + Active Directory

From: <truth_seeker_3535_at_yahoo.com>
Date: Sat, 6 Jun 2009 08:46:19 -0700 (PDT)

Dear Markus, First of all i disabled the "debug_options ALL,1 33,2 28,9" in squid.conf. Then when i reloaded the squid service, i was looking in all the log files where it will reflect anything about squid_kerb_auth. I found in two places about this information. Please have a look at it; in /var/log/messages; Jun  6 11:49:30 linuxproxy squid[8577]: Squid Parent: child process 8579 started and in /var/log/squid/cache.log; 2009/06/06 18:15:28| Reconfiguring Squid Cache (version 3.0.STABLE13)... 2009/06/06 18:15:28| FD 21 Closing HTTP connection 2009/06/06 18:15:28| FD 23 Closing ICP connection 2009/06/06 18:15:28| Processing Configuration File: /etc/squid/squid.conf (depth 0) 2009/06/06 18:15:28| Initializing https proxy context 2009/06/06 18:15:28| User-Agent logging is disabled. 2009/06/06 18:15:28| Referer logging is disabled. 2009/06/06 18:15:28| DNS Socket created at 0.0.0.0, port 32776, FD 9 2009/06/06 18:15:28| Adding nameserver 192.168.0.111 from /etc/resolv.conf 2009/06/06 18:15:28| Adding nameserver 192.168.0.12 from /etc/resolv.conf 2009/06/06 18:15:28| helperStatefulOpenServers: Starting 10 'squid_kerb_auth' processes 2009/06/06 18:15:28| Accepting  HTTP connections at 0.0.0.0, port 8080, FD 21. 2009/06/06 18:15:28| Accepting ICP messages at 0.0.0.0, port 3130, FD 23. 2009/06/06 18:15:28| HTCP Disabled. 2009/06/06 18:15:28| Loaded Icons. 2009/06/06 18:15:28| Ready to serve requests. Then the output of ps is; [root@linuxproxy ~]# ps -ef | grep squid_kerb_auth squid     9474  8579  0 18:15 ?        00:00:00 (squid_kerb_auth) -d squid     9475  8579  0 18:15 ?        00:00:00 (squid_kerb_auth) -d squid     9476  8579  0 18:15 ?        00:00:00 (squid_kerb_auth) -d squid     9477  8579  0 18:15 ?        00:00:00 (squid_kerb_auth) -d squid     9478  8579  0 18:15 ?        00:00:00 (squid_kerb_auth) -d squid     9479  8579  0 18:15 ?        00:00:00 (squid_kerb_auth) -d squid     9480  8579  0 18:15 ?        00:00:00 (squid_kerb_auth) -d squid     9481  8579  0 18:15 ?        00:00:00 (squid_kerb_auth) -d squid     9482  8579  0 18:15 ?        00:00:00 (squid_kerb_auth) -d squid     9483  8579  0 18:15 ?        00:00:00 (squid_kerb_auth) -d root      9485  7946  0 18:15 pts/1    00:00:00 grep squid_kerb_auth [root@linuxproxy ~]# So i think we can say that squid_kerb_auth is working in the system. the following is my squid.conf; acl manager proto cache_object acl localhost src 127.0.0.1/32 acl to_localhost dst 127.0.0.0/8 acl localnet src 10.0.0.0/8     # RFC1918 possible internal network acl localnet src 172.16.0.0/12  # RFC1918 possible internal network acl localnet src 192.168.0.0/16 # RFC1918 possible internal network acl SSL_ports port 443 acl Safe_ports port 80          # http acl Safe_ports port 21          # ftp acl Safe_ports port 443         # https acl Safe_ports port 70          # gopher acl Safe_ports port 210         # wais acl Safe_ports port 1025-65535  # unregistered ports acl Safe_ports port 280         # http-mgmt acl Safe_ports port 488         # gss-http acl Safe_ports port 591         # filemaker acl Safe_ports port 777         # multiling http acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports auth_param negotiate program  /usr/lib/squid/squid_kerb_auth -d auth_param negotiate children 10 auth_param negotiate keep_alive on acl auth proxy_auth REQUIRED http_access deny !auth http_access allow auth http_access allow localhost http_access deny all icp_access allow localnet icp_access deny all htcp_access allow localnet htcp_access deny all http_port 8080 hierarchy_stoplist cgi-bin ? access_log /var/log/squid/access.log squid refresh_pattern ^ftp:           1440    20%     10080 refresh_pattern ^gopher:        1440    0%      1440 refresh_pattern (cgi-bin|\?)    0       0%      0 refresh_pattern .               0       20%     4320 icp_port 3130 coredump_dir /var/spool/squid Still if i browse, i will get the error "cache access denied" and the following are the details in the log files; in squid/access.log; 1244303002.590 0 192.168.4.139 TCP_DENIED/407 2866 GET http://google.com/ - NONE/- text/html 1244303021.209 0 192.168.4.222 TCP_DENIED/407 2175 CONNECT mail.google.com:443 - NONE/- text/html 1244303021.222 0 192.168.4.222 TCP_DENIED/407 2175 CONNECT mail.google.com:443 - NONE/- text/html in squid/store.log; 1244303002.590 RELEASE -1 FFFFFFFF 893DDA4586FEA28E3D7CC6A9AF02FF06 407 1244303002 0 -1 text/html 2393/2393 GET http://google.com/ 1244303021.209 RELEASE -1 FFFFFFFF 4860F9392E667CA248F079F4475457A6 407 1244303021 0 -1 text/html 1702/1702 CONNECT mail.google.com:443 1244303021.222 RELEASE -1 FFFFFFFF DB4AC6E80A21A7065675FE615D788ED2 407 1244303021 0 -1 text/html 1702/1702 CONNECT mail.google.com:443 in squid/cache.log; NOTHING. as you asked i didnnt played anything with cache option in squid.conf (you can also see above my squid.conf) Kindly advice...
Received on Sat Jun 06 2009 - 15:46:27 MDT

This archive was generated by hypermail 2.2.0 : Sun Jun 07 2009 - 12:00:02 MDT