Simon Brereton wrote:
>> -----Original Message-----
>> From: Amos Jeffries
>> Sent: Friday, April 30, 2010 1:26 AM
>
>
>>>>> my squid.conf looks like this:
>>>>>
>>>>> 1742 auth_param basic program /usr/lib/squid3/sasl_auth
>>>>> /etc/postfix/sasl/smtpd.conf
>>>> Does it actually need the config file listed? My understanding was
>>>> that placing it in /usr/lib/sasl caused SASL to load it
>> automatically
>>>> as needed.
>>> Interesting - part of the problem I guess is that I didn't really
>> understand the sasl mech when I set it up - and I can't really
>> remember what I did. I only have .h and .c files in /usr/lib/sasl -
>> after a bit of looking I found a file at /etc/default/saslauth that
>> seems to list the config options for sasl. What I don't seem to be
>> able to do at the moment is to tell /usr/lib/squid3/sasl_auth where
>> or to do what it needs to do. (The file /etc/postfix/sasl/smtpd.conf
>> tells saslauth what query to run on the DB to compare credentials.
>> I'll keep trying.
>
> Perhaps Ralf can help - since I largely set up SASL with his and Patrick's help *wave*
>
>>>>> Trying
>>>>> /usr/sbin/squid3 from the commandline with -d9 -N gives me too
>> much
>>>>> information although I'm trying now to trap it and see, but
>> having
>>>>> spent
>>>> 48
>>>>> hours to get this far, I thought I'd ask. It's probably as
>> simple
>>>> as
>>>>> fixing line 1742, but I'd appreciate any pointers in doing that.
>>>>>
>>>> If this way gets too much there are two other helpers which may be
>> an
>>>> option for you:
>>>> POP3 helper (squid tries to use the credentials to login to the
>> POP
>>>> server and uses the success/fail result from that).
>>>> DB helper (Squid passes an SQL query direct to the MySQL
>> database.
>>>> Using the success/fail of that as the result)
>>> Frankly, either would be fine.. In fact, that's all that SASL is
>> doing. The only reason I went for SASL was because it was the only
>> thing I could find that seemed relevant to my system. MYSQL would be
>> more than adequate since it removes the middle-man.. However, I
>> don't find documentation on this. Can you point me to some?
>>> I found this: http://www.squid-
>> cache.org/Versions/v3/HEAD/manuals/basic_db_auth but I can't find
>> db_auth.pl on my system so I don't know what to put for the
>> auth_param basic program..
>> Thats manual you found is pretty much the entire documentation for
>> the DB helper. It does not mention that the --cond parameter can take
>> a whole string of complex condition if its quoted with "".
>>
>> Luckily that latter is a perl script. I have a temporary copy here:
>> http://treenet.co.nz/projects/squid/src/helpers/basic_auth/DB/basic_d
>> b_auth.in
>>
>> Just needs:
>> alter the @PERL@ in the first line
>> remove the file extension.
>> chmod / chown to the squid user with read/execute privileges.
>> configure squid.conf
>
> Forgive me for being an idiot. Sometimes what's clear to the person who wrote something is a complete black box to someone trying to use it (and I disclose I'm not techie, just a geek).
>
> That manual page doesn't say where these options should go. I presume on the command line (i.e. immediately following /usr/lib/squid3/basic_db_auth) as in
>
> /usr/lib/squid3/basic_db_auth --dsn=Mail --table=Accounts, etc.
Yes.
>
> But is it --dsn=Mail or --dsn Mail (both are common in *nix world..)
>
I use a space between the option and quote the values like so:
--dsn "DI:mysql:foo:database=ex"
have not really tested the = way though.
> Also, could I put my args in a file (say /etc/squid3/dbauth) and just have:
>
> /usr/lib/squid3/basic_db_auth /etc/squid3/dbauth
>
Not as far as I know. Though you could make a wrapper shell script that
runs the command and use that script in your squid.conf instead.
> Finally, I opted for editing basic_db_auth (I would have opened it up even if I didn't need to change the @PERL@ and when I saw the my options in there, I figured that would be easiest route). However - and this may not be related, I'm getting a seg fault.
>
If you realy want to go that way, the "my" bit is only their definition.
options are set later on after the documetation text.
>
> donald:~# /etc/init.d/squid3 start
> Starting Squid HTTP Proxy 3.0: squid32010/04/30 15:19:31.080| Processing: 'log_fqdn on'
> 2010/04/30 15:19:31.080| Processing: 'dns_nameservers 127.0.0.1 8.8.8.8'
> 2010/04/30 15:19:31.080| Processing: 'auth_param basic program /usr/lib/squid3/libexec/basic_db_auth '
> 2010/04/30 15:19:31.080| storeDirWriteCleanLogs: Starting...
> 2010/04/30 15:19:31.080| file_open: FD 5
> /etc/init.d/squid3: line 32: 19094 Segmentation fault start-stop-daemon --quiet --start --pidfile $PIDFILE --exec $DAEMON -- $SQUID_ARGS </dev/null
> failed!
>
I'd guess the "helper crashing too fast" which happens when the helpers
die on their own startup.
Amos
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.1Received on Sat May 01 2010 - 06:16:19 MDT
This archive was generated by hypermail 2.2.0 : Tue May 04 2010 - 12:00:03 MDT