Re: Squid failure possiby related to IDENT Acls

Morris,
    I'd answer your question: but I don't know the answer. I have seen mail sent to the main list from digest users in the past -
and am not aware of changes to the list policy. I'm forwarding this mail to squid-users to get an answer for you.

Regarding squid 2.5 - http://www.squid-cache.org/Versions/v2/2.5/

Rob

----- Original Message -----
From: "Morris Maynard" <morris@maynidea.com>
To: "Robert Collins" <robert.collins@itdomain.com.au>
Sent: Wednesday, January 24, 2001 8:46 AM
Subject: RE: Squid failure possiby related to IDENT Acls

I don't want to be a member of squid-users@ircache.net since I just want to receive the digest; as a result, I can't post messages
to that group, only to the group to which I belong (the squid-users digest). The Instructions at the web site where I signed up said
that I could join either and post to either, it shouldn't matter. It turns out that it *did* matter, because of spam, to the
listserv software; now it turns out that it also matters to a moderator, for unknown reasons. I just need an answer, here. In the
past I have offered advice to others in this group; it seems perverse that now that I have a questions my access is denied.
And since I'm asking, how do I download 2.5 HEAD?

Morris Maynard
Mayn Idea, Inc.
Phone: +1(609)585-1029
Fax: +1(609)581-1389
Email: morris@maynidea.com
http://www.maynidea.com

 -----Original Message-----
From: Robert Collins [mailto:robert.collins@itdomain.com.au]
Sent: Monday, January 22, 2001 5:04 PM
To: Morris Maynard
Subject: RE: Squid failure possiby related to IDENT Acls

Morris,
The appropriate place to ask this is squid-users@ircache.net. I
haven't done any work on the ident code in squid, so it's really over to
the main list.

Also, please note that the stable NTLM code is now part of the main
squid distribution - you should download squid 2.5 HEAD and use that.

Rob

> -----Original Message-----
> From: Morris Maynard [mailto:morris@maynidea.com]
> Sent: Tuesday, 23 January 2001 8:25 AM
> To: Robert Collins
> Subject: Squid failure possiby related to IDENT Acls
>
>
> Running: squid2.5DEVEL-NTLM transparent proxy on RedHat 6.0
> I have the following ACLs:
>
> acl idents ident user1 user2 user3
> acl blockedsites url_regex "/etc/squid/block.txt"
> acl unblockedsites url_regex "/etc/squid/unblock.txt"
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl SSL_ports port 443 563
> acl Safe_ports port 80 # http
> ... and some others
> acl CONNECT method CONNECT
>
> And these http_access's:
>
> http_access allow manager localhost
> http_access deny manager
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> http_access allow unblockedsites idents
> http_access deny blockedsites
> http_access allow idents
> http_access deny all
>
> I have ident processes running on the clients.
> This worked fine this AM.
> Now, when a user on the network tries to access a web page,
> the following
> line
> shows up in cache.log:
>
> 2001/01/22 19:18:26| commBind: Cannot bind socket FD 17 to
> 216.32.31.189:0:
> (99) Cannot assign requested address
>
> The same line shows up many many times. Then the system logger gets:
>
> Jan 22 19:13:35 tower squid[2106]: Squid Parent: child
> process 2108 exited
> due to signal 11
> Jan 22 19:13:38 tower squid[2106]: Squid Parent: child
> process 2134 started
>
> Showing that the squid process died with a page fault (I
> guess) and that the
> parent started another child to take its place.
>
> If I comment out the http_access idents line, then squid
> doesn't crash.
>
> I know it sounds crazy, but I didn't change anything in the
> conf file to
> cause this.
> The crash happens whether or not the ident process runs on
> the clients.
>
>
>

--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html