The OpenNET Project / Index page

[ новости /+++ | форум | теги | ]

форумы
правила/FAQ
поиск
регистрация
вход
слежка
RSS


Индекс форумов
Составление сообщения

Исходное сообщение
"squid 2.5.9, проблема с аутентификацией"
Отправлено Dmon, 13-Мрт-07 18:47 
Система debian sarge, squid 2.5.9

squid работает без проблем без аутентификации; пытаюсь сделать basic аутентификацию (пробовал для digest - та же проблема), появляется окно с приглашением ввести пароль, и дальше страница не загружается.
Есть подозрение, что не запускается процесс ncsa_auth (кстати, должен ли он быть в списке процессов при запущенном сквиде?)
Права доступа и пути - правильные (для файла паролей proxy:proxy), ncsa_auth работает в консоли без проблем, из-под пользователя proxy тоже.

Конфиг:
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squid_passwd
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl localnet src 192.168.128.0/24
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563 # https, snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
acl authenticated_users proxy_auth REQUIRED

http_access allow purge localhost
http_access deny purge
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
#
# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS

# Example rule allowing access from your local networks. Adapt
# to list your (internal) IP networks from where browsing should
# be allowed
#acl our_networks src 192.168.1.0/24 192.168.2.0/24
#http_access allow our_network
http_access allow localhost
http_access allow localnet authenticated_users

# And finally deny all other access to this proxy
http_access deny all


2007/03/13 21:38:34| authBasicConfigured: returning configured
2007/03/13 21:38:34| helperOpenServers: Starting 5 'ncsa_auth' processes
2007/03/13 21:38:35| User-Agent logging is disabled.
2007/03/13 21:38:35| Referer logging is disabled.
2007/03/13 21:38:35| Unlinkd pipe opened on FD 19
2007/03/13 21:38:35| Swap maxSize 102400 KB, estimated 7876 objects
2007/03/13 21:38:35| Target number of buckets: 393
2007/03/13 21:38:35| Using 8192 Store buckets
2007/03/13 21:38:35| Max Mem size: 8192 KB
2007/03/13 21:38:35| Max Swap size: 102400 KB
2007/03/13 21:38:35| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec
2007/03/13 21:38:35| Rebuilding storage in /var/spool/squid (CLEAN)
2007/03/13 21:38:35| Using Least Load store dir selection
2007/03/13 21:38:35| Set Current Directory to /var/spool/squid
2007/03/13 21:38:35| Loaded Icons.
2007/03/13 21:38:35| Accepting HTTP connections at 192.168.128.1, port 3128, FD 21.
2007/03/13 21:38:35| Accepting ICP messages at 0.0.0.0, port 3130, FD 22.
2007/03/13 21:38:35| HTCP Disabled.
2007/03/13 21:38:35| WCCP Disabled.
2007/03/13 21:38:35| Ready to serve requests.
2007/03/13 21:38:35| Done reading /var/spool/squid swaplog (0 entries)
2007/03/13 21:38:35| Finished rebuilding storage from disk.
2007/03/13 21:38:35| 0 Entries scanned
2007/03/13 21:38:35| 0 Invalid entries.
2007/03/13 21:38:35| 0 With invalid flags.
2007/03/13 21:38:35| 0 Objects loaded.
2007/03/13 21:38:35| 0 Objects expired.
2007/03/13 21:38:35| 0 Objects cancelled.
2007/03/13 21:38:35| 0 Duplicate URLs purged.
2007/03/13 21:38:35| 0 Swapfile clashes avoided.
2007/03/13 21:38:35| Took 0.4 seconds ( 0.0 objects/sec).
2007/03/13 21:38:35| Beginning Validation Procedure
2007/03/13 21:38:35| Completed Validation Procedure
2007/03/13 21:38:35| Validated 0 Entries
2007/03/13 21:38:35| store_swap_size = 0k
2007/03/13 21:38:36| storeLateRelease: released 0 objects
2007/03/13 21:38:44| aclCheckFast: list: 0x824a4c8
2007/03/13 21:38:44| aclMatchAclList: checking all
2007/03/13 21:38:44| aclMatchAcl: checking 'acl all src 0.0.0.0/0.0.0.0'
2007/03/13 21:38:44| aclMatchIp: '192.168.128.88' found
2007/03/13 21:38:44| aclMatchAclList: returning 1
2007/03/13 21:38:44| aclCheck: checking 'http_access allow purge localhost'
2007/03/13 21:38:44| aclMatchAclList: checking purge
2007/03/13 21:38:44| aclMatchAcl: checking 'acl purge method PURGE'
2007/03/13 21:38:44| aclMatchAclList: no match, returning 0
2007/03/13 21:38:44| aclCheck: checking 'http_access deny purge'
2007/03/13 21:38:44| aclMatchAclList: checking purge
2007/03/13 21:38:44| aclMatchAcl: checking 'acl purge method PURGE'
2007/03/13 21:38:44| aclMatchAclList: no match, returning 0
2007/03/13 21:38:44| aclCheck: checking 'http_access deny !Safe_ports'
2007/03/13 21:38:44| aclMatchAclList: checking !Safe_ports
2007/03/13 21:38:44| aclMatchAcl: checking 'acl Safe_ports port 80 # http'
2007/03/13 21:38:44| aclMatchAclList: no match, returning 0
2007/03/13 21:38:44| aclCheck: checking 'http_access deny CONNECT !SSL_ports'
2007/03/13 21:38:44| aclMatchAclList: checking CONNECT
2007/03/13 21:38:44| aclMatchAcl: checking 'acl CONNECT method CONNECT'
2007/03/13 21:38:44| aclMatchAclList: no match, returning 0
2007/03/13 21:38:44| aclCheck: checking 'http_access allow localhost'
2007/03/13 21:38:44| aclMatchAclList: checking localhost
2007/03/13 21:38:44| aclMatchAcl: checking 'acl localhost src 127.0.0.1/255.255.255.255'
2007/03/13 21:38:44| aclMatchIp: '192.168.128.88' NOT found
2007/03/13 21:38:44| aclMatchAclList: no match, returning 0
2007/03/13 21:38:44| aclCheck: checking 'http_access allow localnet authenticated_users'
2007/03/13 21:38:44| aclMatchAclList: checking localnet
2007/03/13 21:38:44| aclMatchAcl: checking 'acl localnet src 192.168.128.0/24'
2007/03/13 21:38:44| aclMatchIp: '192.168.128.88' found
2007/03/13 21:38:44| aclMatchAclList: checking authenticated_users
2007/03/13 21:38:44| aclMatchAcl: checking 'acl authenticated_users proxy_auth REQUIRED'
2007/03/13 21:38:44| authenticateValidateUser: Validating Auth_user request '(nil)'.
2007/03/13 21:38:44| authenticateValidateUser: Auth_user_request was NULL!
2007/03/13 21:38:44| authenticateAuthenticate: broken auth or no proxy_auth header. Requesting auth header.
2007/03/13 21:38:44| aclMatchAcl: returning 0 sending authentication challenge.
2007/03/13 21:38:44| aclMatchAclList: no match, returning 0
2007/03/13 21:38:44| aclCheck: requiring Proxy Auth header.
2007/03/13 21:38:44| aclCheck: match found, returning 2
2007/03/13 21:38:44| aclCheckCallback: answer=2
2007/03/13 21:38:44| The request GET http://www.nsu.ru/ is DENIED, because it matched 'authenticated_users'
2007/03/13 21:38:44| errorConvert: %U --> 'http://www.nsu.ru/'
2007/03/13 21:38:44| errorConvert: %U --> 'http://www.nsu.ru/'
2007/03/13 21:38:44| errorConvert: %U --> 'http://www.nsu.ru/'
2007/03/13 21:38:44| errorConvert: %w --> 'webmaster'
2007/03/13 21:38:44| errorConvert: %h --> 'my.host.com'
2007/03/13 21:38:44| errorConvert: %T --> 'Tue, 13 Mar 2007 15:38:44 GMT'
2007/03/13 21:38:44| errorConvert: %h --> 'my.host.com'
2007/03/13 21:38:44| errorConvert: %s --> 'squid/2.5.STABLE9'
2007/03/13 21:38:44| errorConvert: %S --> '
<BR clear="all">
<HR noshade size="1px">
<ADDRESS>
Generated Tue, 13 Mar 2007 15:38:44 GMT by my.host.com (squid/2.5.STABLE9)
</ADDRESS>
</BODY></HTML>
'
2007/03/13 21:38:44| authenticateFixHeader: headertype:35 authuser:(nil)
2007/03/13 21:38:44| authenticateFixErrorHeader: Sending type:35 header: 'Basic realm="Squid proxy-caching web server"'
2007/03/13 21:38:48| aclCheck: checking 'http_access allow purge localhost'
2007/03/13 21:38:48| aclMatchAclList: checking purge
2007/03/13 21:38:48| aclMatchAcl: checking 'acl purge method PURGE'
2007/03/13 21:38:48| aclMatchAclList: no match, returning 0
2007/03/13 21:38:48| aclCheck: checking 'http_access deny purge'
2007/03/13 21:38:48| aclMatchAclList: checking purge
2007/03/13 21:38:48| aclMatchAcl: checking 'acl purge method PURGE'
2007/03/13 21:38:48| aclMatchAclList: no match, returning 0
2007/03/13 21:38:48| aclCheck: checking 'http_access deny !Safe_ports'
2007/03/13 21:38:48| aclMatchAclList: checking !Safe_ports
2007/03/13 21:38:48| aclMatchAcl: checking 'acl Safe_ports port 80 # http'
2007/03/13 21:38:48| aclMatchAclList: no match, returning 0
2007/03/13 21:38:48| aclCheck: checking 'http_access deny CONNECT !SSL_ports'
2007/03/13 21:38:48| aclMatchAclList: checking CONNECT
2007/03/13 21:38:48| aclMatchAcl: checking 'acl CONNECT method CONNECT'
2007/03/13 21:38:48| aclMatchAclList: no match, returning 0
2007/03/13 21:38:48| aclCheck: checking 'http_access allow localhost'
2007/03/13 21:38:48| aclMatchAclList: checking localhost
2007/03/13 21:38:48| aclMatchAcl: checking 'acl localhost src 127.0.0.1/255.255.255.255'
2007/03/13 21:38:48| aclMatchIp: '192.168.128.88' NOT found
2007/03/13 21:38:48| aclMatchAclList: no match, returning 0
2007/03/13 21:38:48| aclCheck: checking 'http_access allow localnet authenticated_users'
2007/03/13 21:38:48| aclMatchAclList: checking localnet
2007/03/13 21:38:48| aclMatchAcl: checking 'acl localnet src 192.168.128.0/24'
2007/03/13 21:38:48| aclMatchIp: '192.168.128.88' found
2007/03/13 21:38:48| aclMatchAclList: checking authenticated_users
2007/03/13 21:38:48| aclMatchAcl: checking 'acl authenticated_users proxy_auth REQUIRED'
2007/03/13 21:38:48| authenticateAuthenticate: header Basic d3d3OjEyMw==.
2007/03/13 21:38:48| authenticateAuthenticate: This is a new checklist test on FD:20
2007/03/13 21:38:48| authenticateAuthenticate: no connection authentication type
2007/03/13 21:38:48| authenticateAuthUserRequestLock auth_user request '0x844d1e8'.
2007/03/13 21:38:48| authenticateAuthUserRequestLock auth_user request '0x844d1e8' now at '1'.
2007/03/13 21:38:48| authenticateDecodeAuth: header = 'Basic d3d3OjEyMw=='
2007/03/13 21:38:48| authenticateBasicDecodeAuth: cleartext = 'www:123'
2007/03/13 21:38:48| authBasicAuthUserFindUsername: Looking for user 'www'
2007/03/13 21:38:48| authBasicDecodeAuth: Creating new user 'www'
2007/03/13 21:38:48| authenticateAuthUserLock auth_user '0x8451318'.
2007/03/13 21:38:48| authenticateAuthUserLock auth_user '0x8451318' now at '1'.
2007/03/13 21:38:48| authenticateAuthUserLock auth_user '0x8451318'.
2007/03/13 21:38:48| authenticateAuthUserLock auth_user '0x8451318' now at '2'.
2007/03/13 21:38:48| authenticateValidateUser: Validating Auth_user request '0x844d1e8'.
2007/03/13 21:38:48| authenticateValidateUser: Validated Auth_user request '0x844d1e8'.
2007/03/13 21:38:48| authenticateValidateUser: Validating Auth_user request '0x844d1e8'.
2007/03/13 21:38:48| authenticateValidateUser: Validated Auth_user request '0x844d1e8'.
2007/03/13 21:38:48| User not authenticated or credentials need rechecking.
2007/03/13 21:38:48| authenticateValidateUser: Validating Auth_user request '0x844d1e8'.
2007/03/13 21:38:48| authenticateValidateUser: Validated Auth_user request '0x844d1e8'.
2007/03/13 21:38:48| User not authenticated or credentials need rechecking.
2007/03/13 21:38:48| aclMatchAcl: returning 0 sending credentials to helper.
2007/03/13 21:38:48| aclMatchAclList: no match, returning 0
2007/03/13 21:38:48| aclCheck: checking password via authenticator
2007/03/13 21:38:48| authenticateValidateUser: Validating Auth_user request '0x844d1e8'.
2007/03/13 21:38:48| authenticateValidateUser: Validated Auth_user request '0x844d1e8'.
2007/03/13 21:38:48| authenticateStart: auth_user_request '0x844d1e8'
2007/03/13 21:38:48| authenticateStart: 'www:123'
2007/03/13 21:38:48| authenticateAuthUserRequestLock auth_user request '0x844d1e8'.
2007/03/13 21:38:48| authenticateAuthUserRequestLock auth_user request '0x844d1e8' now at '2'.
2007/03/13 21:38:48| helperDispatch: Request sent to basicauthenticator #1, 8 bytes
2007/03/13 21:38:48| helperSubmit: www 123

после этой строчки ничего не происходит, если нажать стоп в браузере, добавляются еще 2 строки:
2007/03/13 21:45:50| authenticateAuthUserRequestUnlock auth_user request '0x844d1e8'.
2007/03/13 21:45:50| authenticateAuthUserRequestUnlock auth_user_request '0x844d1e8' now at '1'.

 

Ваше сообщение
Имя*:
EMail:
Для отправки новых сообщений в текущей нити на email укажите знак ! перед адресом, например, !user@host.ru (!! - не показывать email).
Более тонкая настройка отправки ответов производится в профиле зарегистрированного участника форума.
Заголовок*:
Сообщение*:
  Введите код, изображенный на картинке: КОД
 
При общении не допускается: неуважительное отношение к собеседнику, хамство, унизительное обращение, ненормативная лексика, переход на личности, агрессивное поведение, обесценивание собеседника, провоцирование флейма голословными и заведомо ложными заявлениями. Не отвечайте на сообщения, явно нарушающие правила - удаляются не только сами нарушения, но и все ответы на них. Лог модерирования.



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей 		Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру