Re: [squid-users] Can someone help me block samba users at a particular time. from Avinash Rao on 2008-10-17 (squid-users)

From: Avinash Rao <avinash.aol_at_gmail.com>
Date: Fri, 17 Oct 2008 13:56:43 +0530

The path is /usr/lib/squid and i am able to use the below options in
squid.conf. In the sense that, squid starts without any errors!!

#auth_param basic program /usr/lib/squid/smb_auth /usr/local/squid/etc/passwd
#acl sambaUsers proxy_auth REQUIRED
#acl deadHours time 18:00-20:00
#http_access deny !deadHours sambaUsers

1) I didnt find the passwd file under /usr/local/squid/etc/ so i have
copied /etc/passwd file to this location just to check if it works.
2) After enabling these options, squid is not letting any connections
irrelevant of the time mentioned in the ACL. I am wondering what i am
missing.
3) the wbinfo is still not working, the error, is no logon servers available.

I have reached somewhere... :)

On Tue, Oct 14, 2008 at 5:45 PM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
>
> Avinash Rao wrote:
>>
>> Dear Amos,
>>
>> I have managed to recompile squid with the basic auth helpers and
>> proxy_auth without any errors.
>>
>> root_at_Studio-Server:~# /etc/init.d/squid reload
>> * Reloading Squid configuration files
>> FATAL: auth_param basic program /usr/local/squid/bin/proxy_auth: (2)
>> No such file or directory
>> Squid Cache (Version 2.6.STABLE18): Terminated abnormally.
>> CPU Usage: 0.039 seconds = 0.028 user + 0.011 sys
>> Maximum Resident Size: 0 KB
>> Page faults with physical i/o: 0
>> Aborted
>>
>>
>> Here's what is happening. According to the wiki documentation, i have
>> to add the auth_param basic program /usr/local/squid/bin/ncsa_auth
>> /usr/local/squid/etc/passwd
>>
>> If i am right, the basic program will be proxy_auth?
>> Also, i don't find any files under /usr/local/squid/bin?
>
> Neither does squid. thats why its dying.
>
> The examples are based on defaults. If you had --prefix or any of the other file control settings your helper may be elsewhere than the default place.
> Thing to do now is to find out where they installed too.
>
> The configure option --libexecdir=/somewhere if it was set is the directory.
>
> The usual places are:
> /usr/local/squid/bin/
> /usr/local/bin/squid
> /usr/bin/squid
> /usr/bin/squid/bin
>
> and also all the above with 'sbin' instead of just 'bin'.
>
> Amos
>
>>
>> wbinfo -a sscms\\root%password
>>
>> plaintext password authentication failed
>> error code was NT_STATUS_NO_LOGON_SERVERS (0xc000005e)
>> error messsage was: No logon servers
>> Could not authenticate user sscms\root%solaris with plaintext password
>> challenge/response password authentication failed
>> error code was NT_STATUS_NO_LOGON_SERVERS (0xc000005e)
>> error messsage was: No logon servers
>> Could not authenticate user sscms\root with challenge/response
>>
>> Regards,
>> Avinash
>>
>>
>> On Tue, Oct 14, 2008 at 7:31 AM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
>>>>
>>>> Amos,
>>>>
>>>> I was not there when squid was compiled on the server, I am not able
>>>> to find the configure file for squid.
>>>
>>> "squid -v" will list the configure options squid was built with.
>>>
>>>> So, will removing squid and reinstalling work?
>>>
>>> It will. Though the removal should not be necessary.
>>> Simply re-building the source with the same location options and finishing
>>> with a "make install" should work. You need to be careful about using the
>>> same configure options for folder and file locations though.
>>>
>>> Amos
>>>
>>>> Regards,
>>>> Avinash
>>>>
>>>>
>>>> On Fri, Oct 10, 2008 at 2:35 PM, Amos Jeffries <squid3_at_treenet.co.nz>
>>>> wrote:
>>>>>
>>>>> Avinash Rao wrote:
>>>>>>
>>>>>> Yes, I built squid myself. i downloaded the files from the squid site
>>>>>> and installed it.
>>>>>>
>>>>>> Are you asking me rebuild squid using these options --enable-auth
>>>>>> --enable-{auth type}-auth-helpers={helper names}
>>>>>>
>>>>>> Ok, let me try this and get back if necessary.
>>>>>
>>>>> Check the ones you have already. You may not need a full rebuild.
>>>>> If the helper you want to use and its auth type are missing then yes you
>>>>> will have to add hem and rebuild.
>>>>>
>>>>> Amos
>>>>>
>>>>>>
>>>>>> Thanks so much for your time.
>>>>>> Avinash
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Wed, Oct 8, 2008 at 4:18 PM, Amos Jeffries <squid3_at_treenet.co.nz>
>>>>>> wrote:
>>>>>>>
>>>>>>> Avinash Rao wrote:
>>>>>>>>
>>>>>>>> I went through the documentation. I need help in installing the
>>>>>>>> auth_proxy
>>>>>>>> module. I didn't install squid from Synaptic Manager, i did it
>>>>>>>> manually!
>>>>>>>> so,
>>>>>>>> the helpers directory is missing on my system and i am not able to
>>>>>>>> find
>>>>>>>> the
>>>>>>>> squid authenticators.
>>>>>>>>
>>>>>>>> Is there anyway i can get this?
>>>>>>>>
>>>>>>> You built squid yourself?
>>>>>>>
>>>>>>> Add some configure options to build the helpers and squid auth
>>>>>>> components:
>>>>>>>
>>>>>>> --enable-auth
>>>>>>> --enable-{auth type}-auth-helpers={helper names}
>>>>>>>
>>>>>>> and rebuild.
>>>>>>>
>>>>>>> ./configure --help shows the options and how to find out whats
>>>>>>> available.
>>>>>>>
>>>>>>> Amos
>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> On Thu, Oct 2, 2008 at 10:24 AM, Avinash Rao <avinash.aol_at_gmail.com
>>>>>>>> <mailto:avinash.aol_at_gmail.com>> wrote:
>>>>>>>>
>>>>>>>> thanks and i will check it today.
>>>>>>>>
>>>>>>>> On Thu, Oct 2, 2008 at 9:09 AM, Amos Jeffries <squid3_at_treenet.co.nz
>>>>>>>> <mailto:squid3_at_treenet.co.nz>> wrote:
>>>>>>>> >
>>>>>>>> > > Amos,
>>>>>>>> > >
>>>>>>>> > > Thank you for the information. I will go through the doc, test
>>>>>>>> it and get
>>>>>>>> > > back if necessary.
>>>>>>>> > > If i wrote my requirement right in my last email, the samba
>>>>>>>> users can get
>>>>>>>> > > access to internet only between 18:00 - 20:00 Hrs everyday.
>>>>>>>> >
>>>>>>>> > Ah, sorry. you wrote it right. I read it wrong.
>>>>>>>> >
>>>>>>>> > The http_access line should be:
>>>>>>>> > http_access deny !deadHours sambaUsers
>>>>>>>> >
>>>>>>>> > and the name makes better sense being okayHours instead of
>>>>>>>> deadHours.
>>>>>>>> >
>>>>>>>> > Amos
>>>>>>>> >
>>>>>>>> > >
>>>>>>>> > > Thanks again
>>>>>>>> > > Avinash
>>>>>>>> > >
>>>>>>>> > > On Thu, Oct 2, 2008 at 7:42 AM, Amos Jeffries
>>>>>>>> <squid3_at_treenet.co.nz <mailto:squid3_at_treenet.co.nz>>
>>>>>>>> > > wrote:
>>>>>>>> > >
>>>>>>>> > >> > Hi all,
>>>>>>>> > >> >
>>>>>>>> > >> > I have configured the latest version of squid on Ubuntu
>>>>>>>> Studio 8.0 -
>>>>>>>> > >> > AMD 64bit. I have also configured samba.
>>>>>>>> > >> > I am in need of blocking the samba users from accessing the
>>>>>>>> internet
>>>>>>>> > >> > anytime except 18:00 - 20:00 Hrs everyday. How do i do
>>>>>>>> this?
>>>>>>>> > >> > The samba is configured as a PDC with WinXP clients.
>>>>>>>> > >> >
>>>>>>>> > >>
>>>>>>>> > >> Standard samba config.
>>>>>>>> > >> http://wiki.squid-cache.org/SquidFaq/ProxyAuthentication
>>>>>>>> > >>
>>>>>>>> > >> Then this at the appropriate place of your config:
>>>>>>>> > >>
>>>>>>>> > >> acl sambaUsers proxy_auth REQUIRED
>>>>>>>> > >> acl deadHours time 18:00-20:00
>>>>>>>> > >> http_access deny deadHours sambaUsers
>>>>>>>> > >>
>>>>>>>> > >>
>>>>>>>> > >> Amos
>>>>>>>> > >>
>>>>>>>> > >>
>>>>>>>> > >
>>>>>>>> >
>>>>>>>> >
>>>>>>>>
>>>>>>>>
>>>>>>> --
>>>>>>> Please use Squid 2.7.STABLE4 or 3.0.STABLE9
>>>>>>>
>>>>>
>>>>> --
>>>>> Please use Squid 2.7.STABLE4 or 3.0.STABLE9
>>>>>
>>>
>>>
>
>
> --
> Please use Squid 2.7.STABLE4 or 3.0.STABLE9
Received on Fri Oct 17 2008 - 08:26:47 MDT

This archive was generated by hypermail 2.2.0 : Fri Oct 17 2008 - 12:00:03 MDT