RES: [squid-users] Squid3 don't run any external acl

Hi Andy,

The permissions and path is ok.

I find the problem... In my server, I disabled the ipv6, but squid try use it to connect 'external acl'... On the line of acl, put the 'ipv4' parameter and the problem is gone!
I don't find any solution where say 'put ipv4 on....', but I find this: http://wiki.squid-cache.org/Features/IPv6#How_do_I_make_squid_use_IPv6_to_its_helpers.3F

"With squid external ACL helpers there are two new options ipv4 and ipv6. Squid prefers to use unix pipes to helpers and these are ignored. But on some networks TCP sockets are required. To work with older setups, helpers are still connected over IPv4 by default. You can add ipv6 option to use IPv6."

But the squid use ipv6... because, I don’t now...

The line working:
external_acl_type ADGroup ipv4 ttl=60 children=5 %LOGIN /usr/lib/squid3/wbinfo_group.pl

Its ok now! :)

-----Mensagem original-----
De: Andrew Beverley [mailto:andy_at_andybev.com]
Enviada em: terça-feira, 20 de dezembro de 2011 18:01
Para: Igor NM
Cc: squid-users_at_squid-cache.org
Assunto: Re: [squid-users] Squid3 don't run any external acl

On Tue, 2011-12-20 at 15:49 -0200, Igor NM wrote:
> Hi all!
>
> My squid cannot run any “external acl” script or soft…
> I want to restrict web access by Windows AD group..
>
> I test with other helpers, softs and scripts in this location and other
> location (ex. /tmp, /, /etc/squid3) and I got same error on cache.log
>
> I use Ubuntu 64 11.10 and Squid 3.1.14
>
> Ps.: The linux was integrated with Win AD 2008 R2
>
> 2011/12/20 15:22:49| Starting Squid Cache version 3.1.14 for
> x86_64-pc-linux-gnu...
> 2011/12/20 15:22:49| Process ID 2503
> 2011/12/20 15:22:49| With 65535 file descriptors available
> 2011/12/20 15:22:49| Initializing IP Cache...
> 2011/12/20 15:22:49| DNS Socket created at [::], FD 7
> 2011/12/20 15:22:49| DNS Socket created at 0.0.0.0, FD 8
> 2011/12/20 15:22:49| Adding domain 4Talk.com.br from /etc/resolv.conf
> 2011/12/20 15:22:49| Adding domain 4Talk.com.br from /etc/resolv.conf
> 2011/12/20 15:22:49| Adding nameserver 192.168.1.6 from /etc/resolv.conf
> 2011/12/20 15:22:49| helperOpenServers: Starting 5/5 'wbinfo_group.pl'
> processes
> 2011/12/20 15:22:49| commBind: Cannot bind socket FD 9 to [::1]: (99) Cannot
> assign requested address
> 2011/12/20 15:22:49| commBind: Cannot bind socket FD 10 to [::1]: (99)
> Cannot assign requested address
> 2011/12/20 15:22:49| ipcCreate: Failed to create child FD.
> 2011/12/20 15:22:49| WARNING: Cannot run '/usr/lib/squid3/wbinfo_group.pl'
> process.

What are the permissions on /usr/lib/squid3/wbinfo_group.pl? Is it
executable by the squid user? Does it even exist?

Andy
Received on Tue Dec 20 2011 - 21:28:49 MST