Could this be a iptables (lokkit) issue? The access denied could be a clue.
Try stripping all control ACLs from your squid.conf file. Run Squid as
just an open proxy relay for a moment to test. See if Squid is the
"access" denied or is there another service in the OS causing the access
denied.
Tim
-----------------------------------------------------------
Timothy E. Neto
Computer Systems Engineer Komatsu Canada Limited
Ph#: 905-625-6292 x265 1725B Sismet Road
Fax: 905-625-6348 Mississauga, Canada
E-Mail: tneto@komatsu.ca L4W 1P9
-----------------------------------------------------------
Johnny Doe wrote:
>I'm not sure whats going on. I just put a clean
>fedora 2 install on the box and I am getting the same
>exact problem. I have no idea what I'm doing wrong
>but there is def something wrong. The only thing I
>find wierd is that I am trying to use this with
>dansguardian and if I stop dansguardian and comment
>out the auth_param ntlm program /usr/bin/ntlm_auth
>--helper-protocol=squid-2.5-ntlmssp it still doenst
>let me out. I keep getting denied in the access log.
>--- Adam Aube <aaube01@baker.edu> wrote:
>
>
>
>>Please reply to the list and not to me personally.
>>
>>Johnny Doe wrote:
>>
>>
>>>--- Adam Aube <aaube01@baker.edu> wrote:
>>>
>>>
>>>>Since you didn't explicitly show it, I'm going to
>>>>
>>>>
>>guess that you did a
>>
>>
>>>>"su squid" before running wbinfo.
>>>>
>>>>
>>>>Have you added any winbind lines to nsswitch.conf
>>>>
>>>>
>>or PAM? If all you are
>>
>>
>>>>using winbind for is Squid integration with a
>>>>
>>>>
>>Windows domain, you don't
>>
>>
>>>>need those lines and can take them out.
>>>>
>>>>
>>>>Just to be thorough, can you post your smb.conf
>>>>
>>>>
>>file and the output of
>>
>>
>>>>"squid -v"?
>>>>
>>>>
>>>Yes I did su over to squid before running that
>>>
>>>
>>command. I'm not sure you
>>
>>
>>>ment by the if I changed pam but here is the squid
>>>
>>>
>>file from
>>
>>
>>>the /etc/pam.d
>>>
>>>
>>>#%PAM-1.0
>>>auth required pam_stack.so
>>>
>>>
>>service=system-auth
>>
>>
>>>account required pam_stack.so
>>>
>>>
>>service=system-auth
>>
>>
>>
>>>Here is a copy of my nsswitch.conf
>>>
>>>
>>>passwd: files nisplus
>>>shadow: files nisplus
>>>group: files nisplus
>>>hosts: files nisplus dns
>>>bootparams: nisplus [NOTFOUND=return] files
>>>ethers: files
>>>netmasks: files
>>>networks: files
>>>protocols: files winbind nisplus
>>>rpc: files
>>>services: files winbind nisplus
>>>netgroup: files winbind nisplus
>>>publickey: nisplus
>>>automount: files winbind nisplus
>>>aliases: files nisplus
>>>
>>>
>>>smb.conf
>>>
>>>
>>>[global]
>>> workgroup = SMC
>>> server string = SMCSquid Samba Server
>>> winbind uid = 10000-20000
>>> winbind gid = 10000-20000
>>> winbind enum users = yes
>>> winbind enum groups = yes
>>> template homedir = /home/winnt/%D/%U
>>> template shell = /bin/bash
>>> printcap name = /etc/printcap
>>> load printers = yes
>>> log file = /var/log/samba/%m.log
>>> max log size = 50
>>> security = domain
>>> password server = smcnt3
>>> encrypt passwords = yes
>>> smb passwd file = /etc/samba/smbpasswd
>>> unix password sync = Yes
>>> passwd program = /usr/bin/passwd %u
>>> passwd chat = *New*UNIX*password* %n\n
>>>
>>>
>>*ReType*new*UNIX*password* %n\n
>>
>>*passwd:*all*authentication*tokens*updated*successfully*
>>
>>
>>
>>> socket options = TCP_NODELAY SO_RCVBUF=8192
>>>
>>>
>>SO_SNDBUF=8192
>>
>>
>>> local master = no
>>> os level = 33
>>> dns proxy = no
>>> idmap uid = 16777216-33554431
>>> idmap gid = 16777216-33554431
>>> template shell = /bin/bash
>>> winbind use default domain = yes
>>> password server = smcnt3
>>>[homes]
>>> comment = Home Directories
>>> browseable = no
>>> writable = yes
>>>[printers]
>>> comment = All Printers
>>> path = /var/spool/samba
>>> browseable = no
>>> guest ok = no
>>> writable = no
>>> printable = yes
>>>
>>>
>>>squid -v
>>>Squid Cache: Version 2.5.STABLE5
>>>configure options: --host=i386-redhat-linux
>>>
>>>
>>--build=i386-redhat-linux
>>
>>
>>>--target=i386-redhat-linux-gnu --program-prefix=
>>>
>>>
>>--prefix=/usr
>>
>>
>>>--exec-prefix=/usr --bindir=/usr/bin
>>>
>>>
>>--sbindir=/usr/sbin --sysconfdir=/etc
>>
>>
>>>--datadir=/usr/share --includedir=/usr/include
>>>
>>>
>>--libdir=/usr/lib
>>
>>
>>>--libexecdir=/usr/libexec --localstatedir=/var
>>>
>>>
>>--sharedstatedir=/usr/com
>>
>>
>>>--mandir=/usr/share/man --infodir=/usr/share/info
>>>
>>>
>>--exec_prefix=/usr
>>
>>
>>>--bindir=/usr/sbin --libexecdir=/usr/lib/squid
>>>
>>>
>>--localstatedir=/var
>>
>>
>>>--sysconfdir=/etc/squid --enable-poll
>>>
>>>
>>--enable-snmp
>>
>>
>>>--enable-removal-policies=heap,lru
>>>--enable-storeio=aufs,coss,diskd,null,ufs
>>>
>>>
>>--enable-ssl
>>
>>
>>>--with-openssl=/usr/kerberos --enable-delay-pools
>>>
>>>
>>
>>
>>
>>>--enable-linux-netfilter --with-pthreads
>>>--enable-ntlm-auth-helpers=SMB,winbind
>>>
>>>
>>>
>--enable-external-acl-helpers=ip_user,ldap_group,unix_group,wbinfo_group,
>
>
>>>winbind_group
>>>--enable-auth=basic,ntlm
>>>
>>>
>>--with-winbind-auth-challenge
>>
>>
>>>--enable-useragent-log --enable-referer-log
>>>
>>>
>>--disable-dependency-tracking
>>
>>
>>>--enable-cachemgr-hostname=localhost
>>>
>>>
>>--disable-ident-lookups
>>
>>
>>>--enable-truncate --enable-underscores
>>>
>>>
>>--datadir=/usr/share
>>
>>
>--enable-basic-auth-helpers=LDAP,MSNT,NCSA,PAM,SMB,YP,getpwnam,
>
>
>>>multi-domain-NTLM,SASL,winbind
>>>
>>>
>>
>>
>>
>
>
>
>
>
>__________________________________
>Do you Yahoo!?
>New and Improved Yahoo! Mail - 100MB free storage!
>http://promotions.yahoo.com/new_mail
>
>
>
Received on Wed Jul 28 2004 - 06:57:17 MDT
This archive was generated by hypermail pre-2.1.9 : Sun Aug 01 2004 - 12:00:02 MDT