[squid-users] ident auth problem with squid 3.1.0.6

From: <Michael.KASTINGER_at_spar.at>
Date: Wed, 8 Apr 2009 14:28:54 +0200

Hi!

Currently we are testing the new squid version 3.1.0.6. generally the squid is working fine, but we have a problem with authenticating users with ident.

cut of squid.conf:

http_port 3128
ident_lookup_access allow all
acl CONNECT method CONNECT
acl all src all
acl permit_user ident "/usr/local/config-squid/etc/permit_user1"

http_access allow CONNECT
http_access allow manager localhost
http_access allow manager cachemanager
http_access deny manager
http_access allow messenger
http_access allow permit_user
http_access deny all

http_reply_access allow all

icp_access allow all

but on every request, the squid is trying to connect to the users ident port there is the message

commBind: Cannot bind socket FD 12 to 172.31.19.100:3128: (98) Address already in use

in cache.log an the user will get "access denied".

lsof is showing, that no other processes are using this port.

# lsof -i tcp:3128
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
squid 28992 suqid 55u IPv4 31976219 TCP *:squid (LISTEN)
#

Strace is showing that there is something wrong with opening socket on the right port:

9.1.4.9 (client ip)
172.31.19.100 (server ip)

accept(55, {sa_family=AF_INET, sin_port=htons(24395), sin_addr=inet_addr("9.1.4.9")}, [16]) = 10
getsockname(10, {sa_family=AF_INET, sin_port=htons(3128), sin_addr=inet_addr("172.31.19.100")}, [16]) = 0
...

bind(12, {sa_family=AF_INET, sin_port=htons(3128), sin_addr=inet_addr("172.31.19.100")}, 16) = -1 EADDRINUSE (Address already in use)

why does squid bind his ident connect to port 3128?
The same config is working fine with squid 2.7 without any troubles.

Is this a known issue with squid 3.1.0.6 ? does anyone have the same issue?

Thanks for help!

br
Mike
-------------------------------------------
SPAR Österreichische Warenhandels-AG
Hauptzentrale
A - 5015 Salzburg, Europastrasse 3
FN 34170 a
 
Tel: +43 662 4470 24245
Mobile: +43 664 8159150
E-Mail: Michael.KASTINGER_at_spar.at
Internet: http://www.spar.at
 
Wichtiger Hinweis: Der Inhalt dieser E-Mail kann vertrauliche und rechtlich geschützte Informationen, insbesondere Betriebs- oder Geschäftsgeheimnisse, enthalten, zu deren Geheimhaltung der Empfänger verpflichtet ist. Die Informationen in dieser E-Mail sind ausschließlich für den Adressaten bestimmt. Sollten Sie die E-Mail irrtümlich erhalten haben so ersuchen wir Sie, die Nachricht von Ihrem System zu löschen und sich mit uns in Verbindung zu setzen.
Über das Internet versandte E-Mails können leicht manipuliert oder unter fremdem Namen erstellt werden. Daher schließen wir die rechtliche Verbindlichkeit der in dieser Nachricht enthaltenen Informationen aus. Der Inhalt der E-Mail ist nur rechtsverbindlich, wenn er von uns schriftlich bestätigt und gezeichnet wird.
Sollte trotz der von uns verwendeten Virus-Schutzprogramme durch die Zusendung von E-Mails ein Virus in Ihre Systeme gelangen, haften wir nicht für evtl. hieraus entstehende Schäden.
Wir danken für Ihr Verständnis.
 
Important notice: The contents of this e-mail may contain confidential and legally protected information that is in particular related to operational and trade secrets, which the recipient is obliged to treat as confidential. The information in this e-mail is made available exclusively for use by the addressee. In the event that the e-mail may have been sent to you in error, we would ask you to kindly delete this communication from your system and to contact us.
E-mails sent via the Internet can be easily manipulated or sent out under someone else's name. We therefore do not accept legal liability for the information contained in this communication. The contents of the e-mail are only legally binding if they have been confirmed and signed by us in writing.
If, in spite of our using Antivirus protection software, a virus may have penetrated your system through the sending of this e-mail, we do not accept liability for any damage that may possibly arise as a result of this.
We trust that you appreciate our position.

-------------------------------------------
Received on Wed Apr 08 2009 - 12:29:24 MDT

This archive was generated by hypermail 2.2.0 : Thu Apr 09 2009 - 12:00:02 MDT