I'm not sure if this is right but this is what my
squid.conf looks like. Let me know what you want me
to do with it.
Thanks
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access deny all
http_reply_access allow all
icp_access allow all
visible_hostname MCSquid
coredump_dir /var/spool/squid
cache_effective_user squid
cache_effective_group squid
--- Tim Neto <tneto@komatsu.ca> wrote:
>
> Could this be a iptables (lokkit) issue? The access
> denied could be a clue.
>
> Try stripping all control ACLs from your squid.conf
> file. Run Squid as
> just an open proxy relay for a moment to test. See
> if Squid is the
> "access" denied or is there another service in the
> OS causing the access
> denied.
>
> Tim
>
>
-----------------------------------------------------------
> Timothy E. Neto
> Computer Systems Engineer Komatsu Canada
> Limited
> Ph#: 905-625-6292 x265 1725B Sismet Road
> Fax: 905-625-6348 Mississauga,
> Canada
> E-Mail: tneto@komatsu.ca L4W 1P9
>
-----------------------------------------------------------
>
>
>
> Johnny Doe wrote:
>
> >I'm not sure whats going on. I just put a clean
> >fedora 2 install on the box and I am getting the
> same
> >exact problem. I have no idea what I'm doing wrong
> >but there is def something wrong. The only thing I
> >find wierd is that I am trying to use this with
> >dansguardian and if I stop dansguardian and comment
> >out the auth_param ntlm program /usr/bin/ntlm_auth
> >--helper-protocol=squid-2.5-ntlmssp it still doenst
> >let me out. I keep getting denied in the access
> log.
> >--- Adam Aube <aaube01@baker.edu> wrote:
> >
> >
> >
> >>Please reply to the list and not to me personally.
> >>
> >>Johnny Doe wrote:
> >>
> >>
> >>>--- Adam Aube <aaube01@baker.edu> wrote:
> >>>
> >>>
> >>>>Since you didn't explicitly show it, I'm going
> to
> >>>>
> >>>>
> >>guess that you did a
> >>
> >>
> >>>>"su squid" before running wbinfo.
> >>>>
> >>>>
> >>>>Have you added any winbind lines to
> nsswitch.conf
> >>>>
> >>>>
> >>or PAM? If all you are
> >>
> >>
> >>>>using winbind for is Squid integration with a
> >>>>
> >>>>
> >>Windows domain, you don't
> >>
> >>
> >>>>need those lines and can take them out.
> >>>>
> >>>>
> >>>>Just to be thorough, can you post your smb.conf
> >>>>
> >>>>
> >>file and the output of
> >>
> >>
> >>>>"squid -v"?
> >>>>
> >>>>
> >>>Yes I did su over to squid before running that
> >>>
> >>>
> >>command. I'm not sure you
> >>
> >>
> >>>ment by the if I changed pam but here is the
> squid
> >>>
> >>>
> >>file from
> >>
> >>
> >>>the /etc/pam.d
> >>>
> >>>
> >>>#%PAM-1.0
> >>>auth required pam_stack.so
> >>>
> >>>
> >>service=system-auth
> >>
> >>
> >>>account required pam_stack.so
> >>>
> >>>
> >>service=system-auth
> >>
> >>
> >>
> >>>Here is a copy of my nsswitch.conf
> >>>
> >>>
> >>>passwd: files nisplus
> >>>shadow: files nisplus
> >>>group: files nisplus
> >>>hosts: files nisplus dns
> >>>bootparams: nisplus [NOTFOUND=return] files
> >>>ethers: files
> >>>netmasks: files
> >>>networks: files
> >>>protocols: files winbind nisplus
> >>>rpc: files
> >>>services: files winbind nisplus
> >>>netgroup: files winbind nisplus
> >>>publickey: nisplus
> >>>automount: files winbind nisplus
> >>>aliases: files nisplus
> >>>
> >>>
> >>>smb.conf
> >>>
> >>>
> >>>[global]
> >>> workgroup = SMC
> >>> server string = SMCSquid Samba Server
> >>> winbind uid = 10000-20000
> >>> winbind gid = 10000-20000
> >>> winbind enum users = yes
> >>> winbind enum groups = yes
> >>> template homedir = /home/winnt/%D/%U
> >>> template shell = /bin/bash
> >>> printcap name = /etc/printcap
> >>> load printers = yes
> >>> log file = /var/log/samba/%m.log
> >>> max log size = 50
> >>> security = domain
> >>> password server = smcnt3
> >>> encrypt passwords = yes
> >>> smb passwd file = /etc/samba/smbpasswd
> >>> unix password sync = Yes
> >>> passwd program = /usr/bin/passwd %u
> >>> passwd chat = *New*UNIX*password* %n\n
> >>>
> >>>
> >>*ReType*new*UNIX*password* %n\n
> >>
>
>>*passwd:*all*authentication*tokens*updated*successfully*
> >>
> >>
> >>
> >>> socket options = TCP_NODELAY SO_RCVBUF=8192
> >>>
> >>>
> >>SO_SNDBUF=8192
> >>
> >>
> >>> local master = no
> >>> os level = 33
> >>> dns proxy = no
> >>> idmap uid = 16777216-33554431
> >>> idmap gid = 16777216-33554431
> >>> template shell = /bin/bash
> >>> winbind use default domain = yes
> >>> password server = smcnt3
> >>>[homes]
> >>> comment = Home Directories
> >>> browseable = no
> >>> writable = yes
> >>>[printers]
> >>> comment = All Printers
> >>> path = /var/spool/samba
> >>> browseable = no
> >>> guest ok = no
> >>> writable = no
> >>> printable = yes
> >>>
> >>>
> >>>squid -v
> >>>Squid Cache: Version 2.5.STABLE5
> >>>configure options: --host=i386-redhat-linux
> >>>
> >>>
> >>--build=i386-redhat-linux
> >>
>
=== message truncated ===
__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - Send 10MB messages!
http://promotions.yahoo.com/new_mail
Received on Wed Jul 28 2004 - 09:04:36 MDT
This archive was generated by hypermail pre-2.1.9 : Sun Aug 01 2004 - 12:00:03 MDT