Dear Markus,
First of all i disabled the "debug_options ALL,1 33,2 28,9" in squid.conf. Then when i reloaded the squid service, i was looking in all the log files where it will reflect anything about squid_kerb_auth. I found in two places about this information. Please have a look at it;
in /var/log/messages;
Jun 6 11:49:30 linuxproxy squid[8577]: Squid Parent: child process 8579 started
and in /var/log/squid/cache.log;
2009/06/06 18:15:28| Reconfiguring Squid Cache (version 3.0.STABLE13)...
2009/06/06 18:15:28| FD 21 Closing HTTP connection
2009/06/06 18:15:28| FD 23 Closing ICP connection
2009/06/06 18:15:28| Processing Configuration File: /etc/squid/squid.conf (depth 0)
2009/06/06 18:15:28| Initializing https proxy context
2009/06/06 18:15:28| User-Agent logging is disabled.
2009/06/06 18:15:28| Referer logging is disabled.
2009/06/06 18:15:28| DNS Socket created at 0.0.0.0, port 32776, FD 9
2009/06/06 18:15:28| Adding nameserver 192.168.0.111 from /etc/resolv.conf
2009/06/06 18:15:28| Adding nameserver 192.168.0.12 from /etc/resolv.conf
2009/06/06 18:15:28| helperStatefulOpenServers: Starting 10 'squid_kerb_auth' processes
2009/06/06 18:15:28| Accepting HTTP connections at 0.0.0.0, port 8080, FD 21.
2009/06/06 18:15:28| Accepting ICP messages at 0.0.0.0, port 3130, FD 23.
2009/06/06 18:15:28| HTCP Disabled.
2009/06/06 18:15:28| Loaded Icons.
2009/06/06 18:15:28| Ready to serve requests.
Then the output of ps is;
[root@linuxproxy ~]# ps -ef | grep squid_kerb_auth
squid 9474 8579 0 18:15 ? 00:00:00 (squid_kerb_auth) -d
squid 9475 8579 0 18:15 ? 00:00:00 (squid_kerb_auth) -d
squid 9476 8579 0 18:15 ? 00:00:00 (squid_kerb_auth) -d
squid 9477 8579 0 18:15 ? 00:00:00 (squid_kerb_auth) -d
squid 9478 8579 0 18:15 ? 00:00:00 (squid_kerb_auth) -d
squid 9479 8579 0 18:15 ? 00:00:00 (squid_kerb_auth) -d
squid 9480 8579 0 18:15 ? 00:00:00 (squid_kerb_auth) -d
squid 9481 8579 0 18:15 ? 00:00:00 (squid_kerb_auth) -d
squid 9482 8579 0 18:15 ? 00:00:00 (squid_kerb_auth) -d
squid 9483 8579 0 18:15 ? 00:00:00 (squid_kerb_auth) -d
root 9485 7946 0 18:15 pts/1 00:00:00 grep squid_kerb_auth
[root@linuxproxy ~]#
So i think we can say that squid_kerb_auth is working in the system.
the following is my squid.conf;
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
auth_param negotiate program /usr/lib/squid/squid_kerb_auth -d
auth_param negotiate children 10
auth_param negotiate keep_alive on
acl auth proxy_auth REQUIRED
http_access deny !auth
http_access allow auth
http_access allow localhost
http_access deny all
icp_access allow localnet
icp_access deny all
htcp_access allow localnet
htcp_access deny all
http_port 8080
hierarchy_stoplist cgi-bin ?
access_log /var/log/squid/access.log squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern (cgi-bin|\?) 0 0% 0
refresh_pattern . 0 20% 4320
icp_port 3130
coredump_dir /var/spool/squid
Still if i browse, i will get the error "cache access denied" and the following are the details in the log files;
in squid/access.log;
1244303002.590 0 192.168.4.139 TCP_DENIED/407 2866 GET http://google.com/ - NONE/- text/html
1244303021.209 0 192.168.4.222 TCP_DENIED/407 2175 CONNECT mail.google.com:443 - NONE/- text/html
1244303021.222 0 192.168.4.222 TCP_DENIED/407 2175 CONNECT mail.google.com:443 - NONE/- text/html
in squid/store.log;
1244303002.590 RELEASE -1 FFFFFFFF 893DDA4586FEA28E3D7CC6A9AF02FF06 407 1244303002 0 -1 text/html 2393/2393 GET http://google.com/
1244303021.209 RELEASE -1 FFFFFFFF 4860F9392E667CA248F079F4475457A6 407 1244303021 0 -1 text/html 1702/1702 CONNECT mail.google.com:443
1244303021.222 RELEASE -1 FFFFFFFF DB4AC6E80A21A7065675FE615D788ED2 407 1244303021 0 -1 text/html 1702/1702 CONNECT mail.google.com:443
in squid/cache.log;
NOTHING. as you asked i didnnt played anything with cache option in squid.conf (you can also see above my squid.conf)
Kindly advice...
Received on Sat Jun 06 2009 - 15:46:27 MDT
This archive was generated by hypermail 2.2.0 : Sun Jun 07 2009 - 12:00:02 MDT