Re: [squid-users] RE : [squid-users] NCSA problem too

From: Jurgen Hart <[email protected]>
Date: Tue, 06 Nov 2001 09:02:03 +0100

Hy,

Is your "/etc/shadow" compatible with the NCSA_AUTH file-format ?
each line contains "name:password" where pasword is standard "crypt()";
to check it out try to use the ncsa_auth manualy on the console to check it.

BONHERBE, Laurent wrote:

> Yes, indeed, the squid user has got the execute rights on the ncsa_auth, and
> when I launch squid I see the 20 ncsa_auth process running if I do a ps...
> So I guess the problem is bit different here!
> -----Original Message-----
> From: Winston Gutkowski [mailto:winston.gutkowski@eztext.com]
> Sent: Tuesday, November 06, 2001 1:38 AM
> To: Squid-Users; BONHERBE, Laurent
> Subject: RE: [squid-users] NCSA problem too
>
> Does the squid user have access/execute rights to /usr/lib/squid/ncsa_auth ?
> That was the problem I had when I couldn't get it to work (symptoms were the
> same as yours).
>
> Winston
>
> -----Original Message-----
> From: BONHERBE, Laurent [mailto:LBONHERBE@cora-h.hu]
> Sent: Monday, November 05, 2001 9:38 AM
> To: 'squid-users@squid-cache.org'
> Subject: [squid-users] NCSA problem too
>
>
> Hi there,
>
> I'm using squid 2.3 stable 4 on a RedHat 7.1 distribution, and I wish to
> configure my Windows users (IE6) to access the proxy by authenticating with
> their Linux accounts (everybody has an account on the Linux machine that is
> running squid). I thought the best for that would be to use the ncsa_auth
> program that comes with the package...
> So my squid.conf looks like that :
>
> authenticate_program /usr/lib/squid/ncsa_auth /etc/shadow
> authenticate_children 20
>
> acl bons proxy_auth REQUIRED
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl SSL_ports port 443 563
> acl Safe_ports port 80 21 443 563 70 210 1025-65535
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl CONNECT method CONNECT
>
> http_access allow manager localhost
> http_access allow bons
> http_access deny manager
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> http_access allow localhost
> http_access allow localhost
> http_access deny all
>
>
> Now the problem is that when I connect with my client, there is a credential
> demand (I should enter a user name and password), but after that, no matter
> what I try (I have some test users that I use all the time), it refuses my
> username and password...
>
> Here is an extract from the access.log :
> 1004960463.139 3 129.117.1.2 TCP_DENIED/407 1387 GET
> http://www.msn.com/int
> l/fr/ plazma NONE/- -
> 1004960463.586 2 129.117.1.2 TCP_DENIED/407 1387 GET
> http://www.msn.com/int
> l/fr/ plazma NONE/- -
> 1004963172.591 1 129.117.1.2 TCP_DENIED/407 1409 GET
> http://home.microsoft.
> com/intl/fr/ - NONE/- -
>
>
> Does anybody knows what could be wrong?
>
> Thx in advance, and best regards to you all...
>
> Laurent Bonherbe
>
>

-- 
Jurgen Hart
Received on Tue Nov 06 2001 - 01:07:17 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:03:54 MST