Re: [squid-users] ident lookup

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Thu, 7 Apr 2005 23:28:36 +0200 (CEST)

On Wed, 6 Apr 2005, Marc Grober wrote:

> I spent quite a few hours trying to get squid 2.4 stable 7 to do ident lookups.
> First off, though docs for 2.4 on the web site have been known to be wrong since 2002, they have not been changed and still indicate that you
> should set ident_lookup to on..... I did find a note where Henrik pointed out that this was not current in 2002 and indicated that the
> squid.conf was authoritative, but portions of the cong file for 2.4 still reference ident_lookup.

Squid-2.4 is end-of-life since September 2002.

Current maintained Squid version is Squid-2.5, with the current
production release being Squid-2.5.STABLE9, and does not reference the
ident_lookup directive anywhere.

> More problematic was the fact that there was inadequate info on how to configure the ident_lookup_access (especially in light of the
> confusing text from other directives) and that though ident appears to be working on the client, the acl does not appear to be working.

the acl and ident_lookup_access is independent.

ident_lookup_access only controls if ident lookups shuold be performed in
the background even if you do not use ident acls.

> Additinally, the current FAQ indicates that you do not need to use the ident_lookup_access command if you have and ident acl.

correct.

> doing a tcpdump on the box running squid it appears that using a browser on the remote host results in an ident query, but it does not look
> like the remote host is responding and the browser will be denied access.

looks like the ident server used does not like something with the ident
queries sent by Squid.

Regards
Henrik
Received on Thu Apr 07 2005 - 15:28:43 MDT

This archive was generated by hypermail pre-2.1.9 : Sun May 01 2005 - 12:00:03 MDT