[squid-users] Squid3 and authenticating users SASL/MYSQL from Simon Brereton on 2010-04-28 (squid-users)

From: Simon Brereton <simon.brereton_at_dada.net>
Date: Wed, 28 Apr 2010 23:18:14 +0200

Hi

I have set up Squid3 and it's all working as I expect and now I'm trying to authenticate my users. Since this is not within my network, I can't use an IP acl.

I would like to use MYSQL preferably, but since my users already use SASL, that would be an option too. I'm running Debian Etch and the latest apt version of Squid3...

donald:~# /usr/sbin/squid3 -v
Squid Cache: Version 3.0.PRE5
configure options: '--build=i486-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--libe
xecdir=${prefix}/lib/squid3' '--disable-maintainer-mode' '--disable-dependency-tracking' '--srcdir=.' '--datadir=/usr/share/squid3' '--sysconfdir=/etc/squid3' '--mandir=/usr/share/man' '--with-cppunit-basedi
r=/usr' '--enable-inline' '--enable-async-io=8' '--enable-storeio=ufs,aufs,coss' '--enable-diskio=AIO,Blocking,DiskDaemon,DiskThreads' '--enable-removal-policies=lru,heap' '--enable-poll' '--enable-digest-po
ols' '--enable-snmp' '--enable-htcp' '--enable-select' '--enable-carp' '--enable-large-files' '--enable-underscores' '--enable-auth=basic,digest,ntlm' '--enable-basic-auth-helpers=LDAP,MSNT,NCSA,PAM,SASL,SMB
,YP,getpwnam,multi-domain-NTLM' '--enable-ntlm-auth-helpers=SMB' '--enable-digest-auth-helpers=ldap,password' '--enable-external-acl-helpers=ip_user,ldap_group,session,unix_group,wbinfo_group' '--with-filede
scriptors=4096' '--enable-epoll' '--enable-linux-netfilter' 'CC=cc' 'CFLAGS=-g -Wall -O2' 'CPPFLAGS=' 'CXXFLAGS=-g -Wall -O2' 'CXX=g++' 'LDFLAGS=' 'build_alias=i486-linux-gnu'

My SASL set-up uses MYSQL to retrieve the password against the username from the Mail Database. I would like it to do the same here. So far, I only found this resource for authenticating with MYSQL

http://www.pubbs.net/200906/squid/3948-squid-users-custom-auth-not-working.html

There is nothing about SASL in the manual - in fact, I only found it by accident.

http://www.squid-cache.org/Versions/v3/3.1/cfgman/auth_param.html

and this resource is not terrible verbose:
http://www.squid-cache.org/Versions/v3/HEAD/manuals/basic_sasl_auth.8.html

my squid.conf looks like this:

1742 auth_param basic program /usr/lib/squid3/sasl_auth /etc/postfix/sasl/smtpd.conf
1743 auth_param basic children 5
1744 auth_param basic realm The Proxy
1745 auth_param basic credentialsttl 2 hours
1746 auth_param basic casesensitive off

The smtpd.conf is the file sasl uses for authenticating smtp traffic, so it should be fine (i.e. defining the query, the db, the password, etc), and although the prompt box is coming up, it's not validating the response (at least not in the logs, even when I pushed the log level up to 9. Trying /usr/sbin/squid3 from the commandline with -d9 -N gives me too much information although I'm trying now to trap it and see, but having spent 48 hours to get this far, I thought I'd ask. It's probably as simple as fixing line 1742, but I'd appreciate any pointers in doing that.

Cheers

Simon

Received on Wed Apr 28 2010 - 21:19:45 MDT

This archive was generated by hypermail 2.2.0 : Thu Apr 29 2010 - 12:00:14 MDT