LINUX.ORG.RU
ФорумAdmin

squid 2.5.9, проблема с аутентификацией


0

0 

Система debian sarge, squid 2.5.9

squid работает без проблем без аутентификации; пытаюсь сделать basic аутентификацию (пробовал для digest - та же проблема), появляется окно с приглашением ввести пароль, и дальше страница не загружается.
Есть подозрение, что не запускается процесс ncsa_auth (кстати, должен ли он быть в списке процессов при запущенном сквиде?)
Права доступа и пути - правильные (для файла паролей proxy:proxy), ncsa_auth работает в консоли без проблем, из-под пользователя proxy тоже.

Конфиг:
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squid_passwd
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl localnet src 192.168.128.0/24
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563	# https, snews
acl SSL_ports port 873		# rsync
acl Safe_ports port 80		# http
acl Safe_ports port 21		# ftp
acl Safe_ports port 443 563	# https, snews
acl Safe_ports port 70		# gopher
acl Safe_ports port 210		# wais
acl Safe_ports port 1025-65535	# unregistered ports
acl Safe_ports port 280		# http-mgmt
acl Safe_ports port 488		# gss-http
acl Safe_ports port 591		# filemaker
acl Safe_ports port 777		# multiling http
acl Safe_ports port 631		# cups
acl Safe_ports port 873		# rsync
acl Safe_ports port 901		# SWAT
acl purge method PURGE
acl CONNECT method CONNECT
acl authenticated_users proxy_auth REQUIRED

http_access allow purge localhost
http_access deny purge
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
#
# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS

# Example rule allowing access from your local networks. Adapt
# to list your (internal) IP networks from where browsing should
# be allowed
#acl our_networks src 192.168.1.0/24 192.168.2.0/24
#http_access allow our_network
http_access allow localhost
http_access allow localnet authenticated_users

# And finally deny all other access to this proxy
http_access deny all


2007/03/13 21:38:34| authBasicConfigured: returning configured
2007/03/13 21:38:34| helperOpenServers: Starting 5 'ncsa_auth' processes
2007/03/13 21:38:35| User-Agent logging is disabled.
2007/03/13 21:38:35| Referer logging is disabled.
2007/03/13 21:38:35| Unlinkd pipe opened on FD 19
2007/03/13 21:38:35| Swap maxSize 102400 KB, estimated 7876 objects
2007/03/13 21:38:35| Target number of buckets: 393
2007/03/13 21:38:35| Using 8192 Store buckets
2007/03/13 21:38:35| Max Mem  size: 8192 KB
2007/03/13 21:38:35| Max Swap size: 102400 KB
2007/03/13 21:38:35| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec
2007/03/13 21:38:35| Rebuilding storage in /var/spool/squid (CLEAN)
2007/03/13 21:38:35| Using Least Load store dir selection
2007/03/13 21:38:35| Set Current Directory to /var/spool/squid
2007/03/13 21:38:35| Loaded Icons.
2007/03/13 21:38:35| Accepting HTTP connections at 192.168.128.1, port 3128, FD 21.
2007/03/13 21:38:35| Accepting ICP messages at 0.0.0.0, port 3130, FD 22.
2007/03/13 21:38:35| HTCP Disabled.
2007/03/13 21:38:35| WCCP Disabled.
2007/03/13 21:38:35| Ready to serve requests.
2007/03/13 21:38:35| Done reading /var/spool/squid swaplog (0 entries)
2007/03/13 21:38:35| Finished rebuilding storage from disk.
2007/03/13 21:38:35|         0 Entries scanned
2007/03/13 21:38:35|         0 Invalid entries.
2007/03/13 21:38:35|         0 With invalid flags.
2007/03/13 21:38:35|         0 Objects loaded.
2007/03/13 21:38:35|         0 Objects expired.
2007/03/13 21:38:35|         0 Objects cancelled.
2007/03/13 21:38:35|         0 Duplicate URLs purged.
2007/03/13 21:38:35|         0 Swapfile clashes avoided.
2007/03/13 21:38:35|   Took 0.4 seconds (   0.0 objects/sec).
2007/03/13 21:38:35| Beginning Validation Procedure
2007/03/13 21:38:35|   Completed Validation Procedure
2007/03/13 21:38:35|   Validated 0 Entries
2007/03/13 21:38:35|   store_swap_size = 0k

...

2007/03/13 21:38:48| authenticateValidateUser: Validating Auth_user request '0x844d1e8'.
2007/03/13 21:38:48| authenticateValidateUser: Validated Auth_user request '0x844d1e8'.
2007/03/13 21:38:48| authenticateValidateUser: Validating Auth_user request '0x844d1e8'.
2007/03/13 21:38:48| authenticateValidateUser: Validated Auth_user request '0x844d1e8'.
2007/03/13 21:38:48| User not authenticated or credentials need rechecking.
2007/03/13 21:38:48| authenticateValidateUser: Validating Auth_user request '0x844d1e8'.
2007/03/13 21:38:48| authenticateValidateUser: Validated Auth_user request '0x844d1e8'.
2007/03/13 21:38:48| User not authenticated or credentials need rechecking.
2007/03/13 21:38:48| aclMatchAcl: returning 0 sending credentials to helper.
2007/03/13 21:38:48| aclMatchAclList: no match, returning 0
2007/03/13 21:38:48| aclCheck: checking password via authenticator
2007/03/13 21:38:48| authenticateValidateUser: Validating Auth_user request '0x844d1e8'.
2007/03/13 21:38:48| authenticateValidateUser: Validated Auth_user request '0x844d1e8'.
2007/03/13 21:38:48| authenticateStart: auth_user_request '0x844d1e8'
2007/03/13 21:38:48| authenticateStart: 'www:123'
2007/03/13 21:38:48| authenticateAuthUserRequestLock auth_user request '0x844d1e8'.
2007/03/13 21:38:48| authenticateAuthUserRequestLock auth_user request '0x844d1e8' now at '2'.
2007/03/13 21:38:48| helperDispatch: Request sent to basicauthenticator #1, 8 bytes
2007/03/13 21:38:48| helperSubmit: www 123

после этой строчки ничего не происходит, если нажать стоп в браузере, добавляются еще 2 строки:
2007/03/13 21:45:50| authenticateAuthUserRequestUnlock auth_user request '0x844d1e8'.
2007/03/13 21:45:50| authenticateAuthUserRequestUnlock auth_user_request '0x844d1e8' now at '1'.

Шейпер
NAT на freeBSD

При запуске сквида должны, кроме него самого висеть еще пять процессов /usr/lib/squid/ncsa_auth /etc/squid/squid_passwd

siniy-p
()
Ответ на: комментарий от siniy-p 

файл паролей делал htpasswd; проверял в косоли из под юзера proxy, все ок. Но 5 процессов не висят, хотя в логе написано что они запущены.
Если поставить debug_options повыше, то вот такой лог при старте ncsa_auth (см. ниже).
Может ли процесс авторизации конфликтовать с каким-то работающим процессом? Такой же результат был при попытке настроить digest ацтентификацию, соответственно с другим модулем.

2007/03/13 22:05:29| helperOpenServers: Starting 5 'ncsa_auth' processes
2007/03/13 22:05:30| comm_open: FD 10 is a new socket
2007/03/13 22:05:30| fd_open FD 10 ncsa_auth
2007/03/13 22:05:30| comm_open: FD 11 is a new socket
2007/03/13 22:05:30| fd_open FD 11 ncsa_auth
2007/03/13 22:05:30| ipcCreate: prfd FD 11
2007/03/13 22:05:30| ipcCreate: pwfd FD 11
2007/03/13 22:05:30| ipcCreate: crfd FD 10
2007/03/13 22:05:30| ipcCreate: cwfd FD 10
2007/03/13 22:05:30| ipcCreate: FD 11 sockaddr 127.0.0.1:34677
2007/03/13 22:05:30| ipcCreate: FD 10 sockaddr 127.0.0.1:34676
2007/03/13 22:05:30| ipcCreate: FD 10 listening...
2007/03/13 22:05:30| leave_suid: PID 10703 called
2007/03/13 22:05:30| leave_suid: PID 10703 giving up root priveleges forever

...

2007/03/13 22:05:30| cbdataLock: 0x82597d8
2007/03/13 22:05:30| commSetSelect: FD 15 type 1
2007/03/13 22:05:30| cachemgrRegister: registered basicauthenticator
2007/03/13 22:05:30| eventAdd: Adding 'User Cache Maintenance', in 3600.000000 seconds
2007/03/13 22:05:30| cachemgrRegister: registered external_acl
2007/03/13 22:05:30| User-Agent logging is disabled.
2007/03/13 22:05:30| Referer logging is disabled.
2007/03/13 22:05:30| cachemgrRegister: registered http_headers
2007/03/13 22:05:30| file_open: FD 10
2007/03/13 22:05:30| fd_open FD 10 /usr/share/squid/errors/English/ERR_READ_TIMEOUT
2007/03/13 22:05:30| file_close: FD 10, really closing
2007/03/13 22:05:30| fd_close FD 10 /usr/share/squid/errors/English/ERR_READ_TIMEOUT
2007/03/13 22:05:30| file_open: FD 10
2007/03/13 22:05:30| fd_open FD 10 /usr/share/squid/errors/English/ERR_LIFETIME_EXP
2007/03/13 22:05:30| file_close: FD 10, really closing
2007/03/13 22:05:30| fd_close FD 10 /usr/share/squid/errors/English/ERR_LIFETIME_EXP
2007/03/13 22:05:30| file_open: FD 10

здесь еще похожие сообщения

2007/03/13 22:05:30| fd_open FD 10 /usr/share/squid/errors/English/ERR_CACHE_MGR_ACCESS_DENIED
2007/03/13 22:05:30| file_close: FD 10, really closing
2007/03/13 22:05:30| fd_close FD 10 /usr/share/squid/errors/English/ERR_CACHE_MGR_ACCESS_DENIED
2007/03/13 22:05:30| file_open: FD 10
2007/03/13 22:05:30| fd_open FD 10 /
2007/03/13 22:05:30| file_open: FD 10
2007/03/13 22:05:30| fd_open FD 10 /var/log/squid/access.log

t08
() автор топика
Вы не можете добавлять комментарии в эту тему. Тема перемещена в архив.
Шейпер
Admin
NAT на freeBSD