[squid-users] external_acl_type not working on Squid Cache: Version 3.5.5

Eliezer Croitoru eliezer at ngtech.co.il
Mon Aug 24 16:10:27 UTC 2015 

Two things:
  - take a look at this helper to see something that works: 
http://bazaar.launchpad.net/~squid/squid/trunk/view/head:/helpers/storeid_rewrite/file/storeid_file_rewrite.pl.in
  - newlines are important in the communication between squid and the 
helper.
perl's "print" is not sending a new line character even if needed, you 
need to put it there.

Since squid 3.5.X there is a string "%un" which sends the authenticated 
user name to the helper without triggering a authentication if not needed.

All The Bests,
Eliezer

On 24/08/2015 03:17, hs tan wrote:
> I have been trying to test squid but it doesn't seems to be working. The
> closest example I studied are:
>
> http://etutorials.org/Server+Administration/Squid.+The+definitive+guide/Chapter+12.+Authentication+Helpers/12.5+External+ACLs/
> http://www.stress-free.co.nz/transparent_squid_authentication_to_edirectory
> but none of it works.
>
>  From the simple test, I did on the following:
>
> The print "ERR" supposed to have an out put at the cache.log, but I din't
> see anything appearing
> Neither I change the "ERR" nor "OK", there is no effect on the access.
> I just want a simple test, if set to print "ERR" then stop user to proceed,
> if "OK" then proceed.
>
> The error message in cache.log
> 2015/07/28 11:45:56 kid1| helperHandleRead: unexpected reply on channel 0
> from mysql_log #Hlpr17 ''
>
> squid.conf is:
>
> auth_param basic program /usr/lib64/squid/basic_ldap_auth -v 3 -b
> "dc=xxx,dc=edu.xx" -D "cn=Manager,dc=xxx,dc=edu.xx"  -w passwd -f uid=%s
> ldap.xxx.edu.xx:389
>
> acl ldap-auth proxy_auth REQUIRED
> auth_param basic children 5
> auth_param basic realm Web Proxy Server
> auth_param basic credentialsttl 1 minute
>
> external_acl_type mysql_log %SRC %LOGIN %{Host} /home/squid/quota_helper.pl
> acl ex_log external mysql_log
> http_access allow ex_log
> ....
> http_access allow ldap-auth
> http_access allow localnet
> http_access allow localhost
> http_access deny all
> quota_helper.pl is:
>
> #!/usr/bin/perl -wl
>
> $|=1;
> while(<STDIN>){
> print "ERR";
> }
> [root at localhost ~]# squid -v shows:
>
> Squid Cache: Version 3.5.5
> Service Name: squid
> configure options:  '--build=x86_64-redhat-linux-gnu'
> '--host=x86_64-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr'
> '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin'
> '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include'
> '--libdir=/usr/lib64' '--libexecdir=/usr/libexec'
> '--sharedstatedir=/var/lib' '--mandir=/usr/share/man'
> '--infodir=/usr/share/info' '--exec_prefix=/usr'
> '--libexecdir=/usr/lib64/squid' '--localstatedir=/var'
> '--datadir=/usr/share/squid' '--sysconfdir=/etc/squid'
> '--with-logdir=$(localstatedir)/log/squid'
> '--with-pidfile=$(localstatedir)/run/squid.pid'
> '--disable-dependency-tracking' '--enable-follow-x-forwarded-for'
> '--enable-auth'
> '--enable-auth-basic=DB,LDAP,NCSA,NIS,PAM,POP3,RADIUS,SASL,SMB,getpwnam'
> '--enable-auth-ntlm=smb_lm,fake' '--enable-auth-digest=file,LDAP'
> '--enable-auth-negotiate=kerberos,wrapper'
> '--enable-external-acl-helpers=wbinfo_group,kerberos_ldap_group'
> '--enable-cache-digests' '--enable-cachemgr-hostname=localhost'
> '--enable-delay-pools' '--enable-epoll' '--enable-icap-client'
> '--enable-ident-lookups' '--enable-linux-netfilter'
> '--enable-removal-policies=heap,lru' '--enable-snmp'
> '--enable-storeio=aufs,diskd,ufs,rock' '--enable-wccpv2' '--enable-esi'
> '--enable-ssl-crtd' '--enable-icmp' '--with-aio'
> '--with-default-user=squid' '--with-filedescriptors=16384' '--with-dl'
> '--with-openssl' '--with-pthreads' '--with-included-ltdl'
> '--disable-arch-native' '--without-nettle'
> 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu'
> 'CFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions
> -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches
> -m64 -mtune=generic' 'LDFLAGS=-Wl,-z,relro ' 'CXXFLAGS=-O2 -g -pipe -Wall
> -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong
> --param=ssp-buffer-size=4 -grecord-gcc-switches   -m64 -mtune=generic
> -fPIC'
> 'PKG_CONFIG_PATH=%{_PKG_CONFIG_PATH}:/usr/lib64/pkgconfig:/usr/share/pkgconfig'
> --enable-ltdl-convenience
> [root at localhost ~]#
>
>
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>

More information about the squid-users mailing list