authentication problem from Paul Z. Stagner on 2000-07-11 (squid-users)

From: Paul Z. Stagner <paul.stagner@dont-contact.us>
Date: Tue, 11 Jul 2000 09:27:25 -0600

I have Squid 2.3 Stable 1-5 running on a RH6.1 box. All is well
with its operation, so I decided to add some acl's and an external
authenticator. My acl list is as follows:

acl users src 172.16.0.0/0.0.0.0
acl password proxy_auth REQUIRED
http_access allow localhost
http_access allow users
http_access allow password
http_access deny all

I have installed pam_auth and added it to the
squid.conf as:

authenticate_program /usr/bin/pam_auth

I have also added pam_ncp_auth.so to
/lib/security

According to the secure log, pam_ncp is
correctly talking to my netware server:

Jul 10 12:50:03 test pam_ncp_auth[8865]: User
Cb1/pzs was successfully authorized
Jul 10 12:57:52 test pam_ncp_auth[8923]: Trying
to contact Cb1/pzs
Jul 10 12:57:53 test pam_ncp_auth[8923]: User
Cb1/pzs was successfully authorized
Jul 10 12:57:56 test pam_ncp_auth[8923]: Trying
to contact Cb1/pzs
Jul 10 12:57:57 test pam_ncp_auth[8923]: User
Cb1/pzs was successfully authorized

Here is the output from cache.log which appears
to show a problem with the authentication:

2000/07/10 13:03:36| aclCheckFast: list: 0x8201fa8
/07/10 13:03:36| aclMatchAclList: checking all
/07/10 13:03:36| aclMatchAcl: checking 'acl all src
0.0.0.0/0.0.0.0'
/07/10 13:03:36| aclMatchIp: '172.16.128.132' found
/07/10 13:03:36| aclMatchAclList: returning 1
/07/10 13:03:36| aclCheck: checking 'http_access allow
manager localhost'
/07/10 13:03:36| aclMatchAclList: checking manager
/07/10 13:03:36| aclMatchAcl: checking 'acl manager
proto cache_object'
/07/10 13:03:36| aclMatchAclList: returning 0
/07/10 13:03:36| aclCheck: checking 'http_access deny
manager'
/07/10 13:03:36| aclMatchAclList: checking manager
/07/10 13:03:36| aclMatchAcl: checking 'acl manager
proto cache_object'
/07/10 13:03:36| aclMatchAclList: returning 0
/07/10 13:03:36| aclCheck: checking 'http_access deny
!Safe_ports'
/07/10 13:03:36| aclMatchAclList: checking !Safe_ports
/07/10 13:03:36| aclMatchAcl: checking 'acl Safe_ports
port 80 21 180 443 563 70 210 1025-65535'
/07/10 13:03:36| aclMatchAclList: returning 0
/07/10 13:03:36| aclCheck: checking 'http_access deny
CONNECT !SSL_ports'
/07/10 13:03:36| aclMatchAclList: checking CONNECT
/07/10 13:03:36| aclMatchAcl: checking 'acl CONNECT
method CONNECT'
/07/10 13:03:36| aclMatchAclList: returning 0
/07/10 13:03:36| aclCheck: checking 'http_access allow
localhost'
/07/10 13:03:36| aclMatchAclList: checking localhost
/07/10 13:03:36| aclMatchAcl: checking 'acl localhost
src 127.0.0.1/255.255.255.255'
/07/10 13:03:36| aclMatchIp: '172.16.128.132' NOT found
/07/10 13:03:36| aclMatchAclList: returning 0
/07/10 13:03:36| aclCheck: checking 'http_access allow
users password'
/07/10 13:03:36| aclMatchAclList: checking users
/07/10 13:03:36| aclMatchAcl: checking 'acl users src
172.16.0.0/0.0.0.0'
/07/10 13:03:36| aclMatchIp: '172.16.128.132' found
/07/10 13:03:36| aclMatchAclList: checking password
/07/10 13:03:36| aclMatchAcl: checking 'acl password
proxy_auth REQUIRED'
/07/10 13:03:36| aclDecodeProxyAuth: header = 'Basic
cHpzOmxhbWVy'
/07/10 13:03:36| aclDecodeProxyAuth: cleartext =
'pzs:lamer'
/07/10 13:03:36| aclMatchProxyAuth: checking user 'pzs'
/07/10 13:03:36| aclMatchProxyAuth: user 'pzs' not yet
known
/07/10 13:03:36| aclMatchAclList: returning 0
/07/10 13:03:36| aclCheck: checking password via
authenticator
/07/10 13:03:36| aclDecodeProxyAuth: header = 'Basic
cHpzOmxhbWVy'
/07/10 13:03:36| aclDecodeProxyAuth: cleartext =
'pzs:lamer'
/07/10 13:03:36| aclLookupProxyAuthStart: going to ask
authenticator on pzs
/07/10 13:03:36| aclLookupProxyAuthDone: result = ERR
/07/10 13:03:36| aclCheck: checking 'http_access allow
users password'
/07/10 13:03:36| aclMatchAclList: checking users
/07/10 13:03:36| aclMatchAcl: checking 'acl users src
172.16.0.0/0.0.0.0'
/07/10 13:03:36| aclMatchIp: '172.16.128.132' found
/07/10 13:03:36| aclMatchAclList: checking password
/07/10 13:03:36| aclMatchAcl: checking 'acl password
proxy_auth REQUIRED'
/07/10 13:03:36| aclDecodeProxyAuth: header = 'Basic
cHpzOmxhbWVy'
/07/10 13:03:36| aclDecodeProxyAuth: cleartext =
'pzs:lamer'
/07/10 13:03:36| aclMatchProxyAuth: checking user 'pzs'
/07/10 13:03:36| aclMatchProxyAuth: authentication
failed for user 'pzs'
/07/10 13:03:36| aclMatchAclList: returning 0
/07/10 13:03:36| aclCheck: match found, returning 2
/07/10 13:03:36| aclCheckCallback: answer=2

Anyone have any ideas as to why this does not work? I
am somewhat of a newbie and do not know where to go
from here. Thanks.
Received on Tue Jul 11 2000 - 09:34:44 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:54:30 MST