[squid-users] Unable to resolve internally w/ Squid
I'm running Squid 2.7(stable) on Ubuntu 11.10. I'm having some trouble with internal DNS. For some reason I get the following error: ERROR The requested URL could not be retrieved. Unable to determine IP address from hose name "server name goes here" The DNS returned: Server Failure: The anem server was unable to process this query. I've added dns_nameservers 192.168.100.237 which is my DNS server in the squid.conf. I can resolve externally and get out to the Internet just fine. Am I missing a configuration somewhere?
Re: [squid-users] Active Directory Integrated Squid Proxy Guide
Hi James, Thanks for taking the time to write the following wiki entry. I'm having some trouble with the Kerberos part where I need to install the following package: apt-get install libsasl2-modules-gssapi-mit libsasl2-modules It returns unable to locate package libsasl2-modules-gssapi-mit unable to locate package libsas12-modules I'm attempting to install this all under Squid 2.7 if that makes a difference. Am I doing something wrong when entering that command? On Mon, Jan 9, 2012 at 3:28 AM, James Robertson wrote: >> I was only thinking the central bit about Squid and AD auth integration for >> the above linked page. > > Will do, I have just requested write access and will look at making > some changes when time allows. > >> Of course, a fully separate page can be created as a whole-system config >> example. We have a few of those for various OS. > > I would be happy to create a separate more concise Debian centric > guide, basically a copy of my guide on the squid wiki and perhaps > maintain it from there...
Re: [squid-users] Active Directory Integrated Squid Proxy Guide
Wow! I just feel dumb now. That's my mistake. I copied and pasted and it worked like a charm. Thanks James! Excellent wiki on the topic too, it's very helpful. On Mon, Jan 9, 2012 at 5:43 PM, James Robertson wrote: >> I'm having some trouble with the Kerberos part where I need to install >> the following package: >> apt-get install libsasl2-modules-gssapi-mit libsasl2-modules >> >> It returns >> unable to locate package libsasl2-modules-gssapi-mit >> unable to locate package libsas12-modules > > Are you copying and pasting the command or typing it? > > You have a typo in the output from apt-get "libsas12-modules" (note > the 1 where you should have a lower case "L"), but not in the apt-get > install command?
Re: [squid-users] Active Directory Integrated Squid Proxy Guide
Thanks for responding back James. I'm new to Linux, and new to Squid but I'm very intrigued and would like to learn. So I did a little more digging through the configuration and I came across something. I'm currently running Squid 2.7 (I'm a little afraid to do the upgrade and mess something up, and don't know how yet) but in the config line 'default_keytab_name = /etc/squid3/PROXY.keytab' you list Squid3. Could that be a problem? As for my resolv.conf I simply have both of my internal DNS servers listed. Not quite sure what else to verify. I've also added my Squid box to the unlimited policy on my network to make sure nothing is blocking it. How can I go about troubleshooting this with logs maybe, if possible? On Tue, Jan 10, 2012 at 1:15 PM, James Robertson wrote > Hi Evan, > > You should probably double check your DNS on the proxy (resolv.conf) > and the domain and look for any typo's in that and your kerberos > config. > > The fact that it could not resolve one (or possibly more) of your KDC > addresses could cause you problems later on - especially when msktutil > needs to do --auto-updates. > > Cheers > > On 11 January 2012 07:33, berry guru wrote: >> Hi James, >> >> So I don't mean to be a pest, but I've ran into another issue. I've >> ran the kinit administrator command but I'm getting the following >> error: >> >> kinit: Cannot resolve network address for KDC in realm "COMPANY.LOCAL" >> while getting initial credentials. >> >> I poked around online and I saw a few issues regarding my error, but >> the resolve was making the realm all caps. >> >> >> Cheers, >> >> Evan >> >> >> On Sun, Jan 8, 2012 at 9:58 PM, James Robertson >> wrote: >>> Hi Everyone, >>> >>> I just thought I would share a guide I am working on, it's not quite >>> finished so expect errors, typo's etc. I would love any feedback or >>> critique about it. >>> >>> http://wiki.bitbinary.com/index.php/Active_Directory_Integrated_Squid_Proxy >>> >>> There is probably things that the developers and users will cringe at, >>> if so I would like to know. >>> >>> Thanks for maintaining squid and the for the friendly mailing lists. >>> >>> Kind Regards, >>> >>> James
Re: [squid-users] Active Directory Integrated Squid Proxy Guide
I forgot to mention that I'm running Server 2008 R2 domain controllers. Secondly, when I do a 'locate PROXY.keytab' I can't find it which should be in the squid correctly if I'm not mistaken. On Tue, Jan 10, 2012 at 5:00 PM, berry guru wrote: > Thanks for responding back James. I'm new to Linux, and new to Squid > but I'm very intrigued and would like to learn. So I did a little > more digging through the configuration and I came across something. > I'm currently running Squid 2.7 (I'm a little afraid to do the upgrade > and mess something up, and don't know how yet) but in the config line > 'default_keytab_name = /etc/squid3/PROXY.keytab' you list Squid3. > Could that be a problem? > > As for my resolv.conf I simply have both of my internal DNS servers > listed. Not quite sure what else to verify. I've also added my Squid > box to the unlimited policy on my network to make sure nothing is > blocking it. > > How can I go about troubleshooting this with logs maybe, if possible? > > > On Tue, Jan 10, 2012 at 1:15 PM, James Robertson wrote >> Hi Evan, >> >> You should probably double check your DNS on the proxy (resolv.conf) >> and the domain and look for any typo's in that and your kerberos >> config. >> >> The fact that it could not resolve one (or possibly more) of your KDC >> addresses could cause you problems later on - especially when msktutil >> needs to do --auto-updates. >> >> Cheers >> >> On 11 January 2012 07:33, berry guru wrote: >>> Hi James, >>> >>> So I don't mean to be a pest, but I've ran into another issue. I've >>> ran the kinit administrator command but I'm getting the following >>> error: >>> >>> kinit: Cannot resolve network address for KDC in realm "COMPANY.LOCAL" >>> while getting initial credentials. >>> >>> I poked around online and I saw a few issues regarding my error, but >>> the resolve was making the realm all caps. >>> >>> >>> Cheers, >>> >>> Evan >>> >>> >>> On Sun, Jan 8, 2012 at 9:58 PM, James Robertson >>> wrote: >>>> Hi Everyone, >>>> >>>> I just thought I would share a guide I am working on, it's not quite >>>> finished so expect errors, typo's etc. I would love any feedback or >>>> critique about it. >>>> >>>> http://wiki.bitbinary.com/index.php/Active_Directory_Integrated_Squid_Proxy >>>> >>>> There is probably things that the developers and users will cringe at, >>>> if so I would like to know. >>>> >>>> Thanks for maintaining squid and the for the friendly mailing lists. >>>> >>>> Kind Regards, >>>> >>>> James
[squid-users] Configuring Squid LDAP Authentication
I used the following tutorial online to configure Squid to authenticate with AD, but I still can't get this working. As most have seen, I also used a tutorial written by one of our mailing list members and that didn't work. Are others having this much trouble getting Squid to authenticate with there Active Directory server? So frustrating! Configuring Squid LDAP Authentication The first step is to configure Squid to authenticate usernames/passwords with the Active Directory. You will need to open your Squid configuration file (squid.conf) and make the following changes: Find the auth param section of the config file (TAG: auth_param), and change the auth param basic program line to look like this. (Indented text indicates one line) auth_param basic program /usr/lib/squid/ldap_auth -R -b "dc=vm-domain,dc=papercut,dc=com" -D "cn=Administrator,cn=Users,dc=your,dc=domain,dc=com" -w "password" -f sAMAccountName=%s -h 192.168.1.75 auth_param basic children 5 auth_param basic realm Your Organisation Name auth_param basic credentialsttl 5 minutes These settings tell Squid authenticate names/passwords in the Active Directory. The -b option indicated the LDAP base distinguished name of your domain. E.g. your.domain.com would be dc=your,dc=domain,dc=com The –D option indicates the user that is used to perform the LDAP query. (e.g an Administrator. This example uses the built-in Administrator user, however you can use another user of your choice. The –w option is the password for the user specified in the –D option. For better security you can store the password in a file and use the –W /path/to/password_file syntax instead -h is used to indicate the LDAP server to connect to. E.g. your domain controller. -R is needed to make Squid authenticate against Windows AD The –f option is the LDAP query used to lookup the user. In the above example, sAMAccountName=%s, will match if the user’s Windows logon name matches the username entered when prompted by Squid. You can search any value in the LDAP filter query. You may need to use an LDAP search query tool to help get the syntax correct for the –f search filter. The %s is replaced with what the user enters as their username. Remember to restart Squid to make these changes to come into effect.
Re: [squid-users] Configuring Squid LDAP Authentication
Thanks for the response Carlos! So I've copied and pasted the part of the configuration I modified. Let me know if I should post all the config. I'm running Squid 2.7 auth_param basic program /usr/lib/squid/ldap_auth -R -b "dc=cyberdyne,dc=local" -D "cn=Administrator,cn=Users,dc=cyberdyne,dc=local" -w "passwordhere" -f sAMAccountName=%s -h 192.168.100.237 auth_param basic children 5 auth_param basic realm CYBERDYNE.LOCAL auth_param basic credentialsttl 5 minutes On Wed, Jan 11, 2012 at 10:35 AM, Carlos Manuel Trepeu Pupo wrote: > With that tutorial from papercut I just configure my LDAP auth and > everything work great, post you .conf and the version of squid. > > On Wed, Jan 11, 2012 at 1:30 PM, berry guru wrote: >> first s
[squid-users] Re: Configuring Squid LDAP Authentication
I wanted to test something, but not quite sure how to do it. I want to see if my Intranet users can authenticate when they go to 'companyname-intranet' and are prompted for a login. When I enable the proxy I'm unable to login to the Intranet, but when I disable the proxy I can login. So I'm thinking its an issue with Squid and I need to add something to Squid to allow authentication. I'm I incorrect in this assessment? If so, how do I go about allowing access to that site. Do I do this via an ACL? On Wed, Jan 11, 2012 at 10:30 AM, berry guru wrote: > I used the following tutorial online to configure Squid to > authenticate with AD, but I still can't get this working. As most > have seen, I also used a tutorial written by one of our mailing list > members and that didn't work. Are others having this much trouble > getting Squid to authenticate with there Active Directory server? So > frustrating! > > Configuring Squid LDAP Authentication > > The first step is to configure Squid to authenticate > usernames/passwords with the Active Directory. You will need to open > your Squid configuration file (squid.conf) and make the following > changes: > > Find the auth param section of the config file (TAG: auth_param), and > change the auth param basic program line to look like this. (Indented > text indicates one line) > > auth_param basic program /usr/lib/squid/ldap_auth -R > -b "dc=vm-domain,dc=papercut,dc=com" > -D "cn=Administrator,cn=Users,dc=your,dc=domain,dc=com" > -w "password" -f sAMAccountName=%s -h 192.168.1.75 > auth_param basic children 5 > auth_param basic realm Your Organisation Name > auth_param basic credentialsttl 5 minutes > > These settings tell Squid authenticate names/passwords in the Active > Directory. > > The -b option indicated the LDAP base distinguished name of your > domain. E.g. your.domain.com would be dc=your,dc=domain,dc=com > The –D option indicates the user that is used to perform the LDAP > query. (e.g an Administrator. This example uses the built-in > Administrator user, however you can use another user of your choice. > The –w option is the password for the user specified in the –D > option. For better security you can store the password in a file and > use the –W /path/to/password_file syntax instead > -h is used to indicate the LDAP server to connect to. E.g. your > domain controller. > -R is needed to make Squid authenticate against Windows AD > The –f option is the LDAP query used to lookup the user. In the > above example, sAMAccountName=%s, will match if the user’s Windows > logon name matches the username entered when prompted by Squid. You > can search any value in the LDAP filter query. You may need to use an > LDAP search query tool to help get the syntax correct for the –f > search filter. > The %s is replaced with what the user enters as their username. > > Remember to restart Squid to make these changes to come into effect.
[squid-users] Re: Configuring Squid LDAP Authentication
I came across this configuration online, but it still doesn't work. I really thought I would of had it on this one, but still not go. acl lan src 192.168.1.0/25 acl Intranet dstdomain intranet.int acl lan-intranet dst 192.168.2.2 http_access allow lan http_access allow Intranet http_access allow lan-intranet On Wed, Jan 11, 2012 at 11:37 AM, berry guru wrote: > I wanted to test something, but not quite sure how to do it. I want > to see if my Intranet users can authenticate when they go to > 'companyname-intranet' and are prompted for a login. When I enable > the proxy I'm unable to login to the Intranet, but when I disable the > proxy I can login. So I'm thinking its an issue with Squid and I need > to add something to Squid to allow authentication. I'm I incorrect in > this assessment? If so, how do I go about allowing access to that > site. Do I do this via an ACL? > > On Wed, Jan 11, 2012 at 10:30 AM, berry guru wrote: >> I used the following tutorial online to configure Squid to >> authenticate with AD, but I still can't get this working. As most >> have seen, I also used a tutorial written by one of our mailing list >> members and that didn't work. Are others having this much trouble >> getting Squid to authenticate with there Active Directory server? So >> frustrating! >> >> Configuring Squid LDAP Authentication >> >> The first step is to configure Squid to authenticate >> usernames/passwords with the Active Directory. You will need to open >> your Squid configuration file (squid.conf) and make the following >> changes: >> >> Find the auth param section of the config file (TAG: auth_param), and >> change the auth param basic program line to look like this. (Indented >> text indicates one line) >> >> auth_param basic program /usr/lib/squid/ldap_auth -R >> -b "dc=vm-domain,dc=papercut,dc=com" >> -D "cn=Administrator,cn=Users,dc=your,dc=domain,dc=com" >> -w "password" -f sAMAccountName=%s -h 192.168.1.75 >> auth_param basic children 5 >> auth_param basic realm Your Organisation Name >> auth_param basic credentialsttl 5 minutes >> >> These settings tell Squid authenticate names/passwords in the Active >> Directory. >> >> The -b option indicated the LDAP base distinguished name of your >> domain. E.g. your.domain.com would be dc=your,dc=domain,dc=com >> The –D option indicates the user that is used to perform the LDAP >> query. (e.g an Administrator. This example uses the built-in >> Administrator user, however you can use another user of your choice. >> The –w option is the password for the user specified in the –D >> option. For better security you can store the password in a file and >> use the –W /path/to/password_file syntax instead >> -h is used to indicate the LDAP server to connect to. E.g. your >> domain controller. >> -R is needed to make Squid authenticate against Windows AD >> The –f option is the LDAP query used to lookup the user. In the >> above example, sAMAccountName=%s, will match if the user’s Windows >> logon name matches the username entered when prompted by Squid. You >> can search any value in the LDAP filter query. You may need to use an >> LDAP search query tool to help get the syntax correct for the –f >> search filter. >> The %s is replaced with what the user enters as their username. >> >> Remember to restart Squid to make these changes to come into effect.
Re: [squid-users] Re: Configuring Squid LDAP Authentication
That is an awesome command to know! I definitely need to remember that command. Here is my cleaned up configuration - auth_param basic program /usr/lib/squid/ldap_auth -R -b "dc=cyberdyne,dc=local" -D "cn=Administrator,cn=users,dc=cyberdyne,dc=local" -w "passwordhere" -f sAMAccountName=%s -h 192.168.100.237 auth_param basic children 5 auth_param basic realm CYBERDYNE.LOCAL auth_param basic credentialsttl 5 minutes acl all src all acl manager proto cache_object acl localhost src 127.0.0.1/32 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 acl purge method PURGE acl CONNECT method CONNECT acl intranet dstdomain cyberdyne-intranet acl lan-intranet dst 192.168.100.222 http_access allow intranet acl block_websites dstdomain .facebook.com .myspace.com .twitter.com .hulu.com http_access deny block_websites http_access allow manager localhost http_access deny manager http_access allow purge localhost http_access deny purge http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localnet http_access allow localhost http_access allow all icp_access allow localnet icp_access deny all http_port 3128 hierarchy_stoplist cgi-bin ? access_log /var/log/squid/access.log squid debug_options ALL,0,1,34,78 TAG: log_fqdn on refresh_pattern ^ftp: 144020% 10080 refresh_pattern ^gopher:14400% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880 refresh_pattern . 0 20% 4320 acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9] upgrade_http0.9 deny shoutcast acl apache rep_header Server ^Apache broken_vary_encoding allow apache extension_methods REPORT MERGE MKACTIVITY CHECKOUT visible_hostname Squid dns_defnames on TAG: dns_nameservers hosts_file /etc/hosts coredump_dir /var/spool/squid On Wed, Jan 11, 2012 at 5:25 PM, James Robertson wrote: >> My configuration shown below - > > To make it easier to view, can you please run this command to remove > the spaces and comments. > > grep -v -e '^$' -e '#' /etc/squid/squid.conf
[squid-users] Squid Config with AD Intranet Example
Hi everybody, Would anybody be willing to post up there configuration where they have allowed access to there company Intranet and have AD users authenticated? Of course, remove relevant data that shouldn't be shown online. I'm just interested in seeing an example, because I can't get my configuration working correctly.
Re: [squid-users] Squid Config with AD Intranet Example
It actually doesn't require going through Squid. I never really thought I could bypass it. My plan was to utilize WCCP in my Squid implementation, would this create a problem? So would I configure Squid to ignore the intranet address when a user on the proxy types it in? I'm thinking this is what needs to be done since I'm going to be using WCCP per user port on the switch. On Sat, Jan 14, 2012 at 3:25 PM, James Robertson wrote: >> Would anybody be willing to post up there configuration where they >> have allowed access to there company Intranet and have AD users >> authenticated? Of course, remove relevant data that shouldn't be >> shown online. I'm just interested in seeing an example, because I >> can't get my configuration working correctly. > > Is it mandatory that your intranet go via squid instead of direct? > > If so does your Intranet use Integrated Windows Authentication? This > thread may be useful > http://www.squid-cache.org/mail-archive/squid-users/201201/0189.html
[squid-users] Squid Install w/ 3.1 and not 2.7
I'm wondering how to install the latest version of Squid ...version 3.1 on Ubuntu server using apt-get. When I run the command 'sudo apt-get install squid' its going out and grabbing version 2.7.STABLE9. How do you get the latest version? What tells apt-get to go out and grab the 2.7 version and not the 3.1 version?
Re: [squid-users] Squid Install w/ 3.1 and not 2.7
Dang! I was putting in the squid-3 for some odd reason. Thanks Will! On Wed, Jan 25, 2012 at 11:00 AM, Will Roberts wrote: > sudo apt-get install squid3 > > (at least on Debian) > > --Will > > On Wed, Jan 25, 2012 at 1:57 PM, berry guru wrote: >> I'm wondering how to install the latest version of Squid ...version >> 3.1 on Ubuntu server using apt-get. When I run the command 'sudo >> apt-get install squid' its going out and grabbing version 2.7.STABLE9. >> How do you get the latest version? What tells apt-get to go out and >> grab the 2.7 version and not the 3.1 version?
Re: [squid-users] Squid Install w/ 3.1 and not 2.7
Will I run into issues now having them both installed? To be sure, I went into the /etc directory and ran 'rm -rf squid'. Will this suffice? I'm afraid I'll have problems having both Squid installations on this server. On Wed, Jan 25, 2012 at 11:01 AM, berry guru wrote: > Dang! I was putting in the squid-3 for some odd reason. Thanks Will! > > > On Wed, Jan 25, 2012 at 11:00 AM, Will Roberts wrote: >> sudo apt-get install squid3 >> >> (at least on Debian) >> >> --Will >> >> On Wed, Jan 25, 2012 at 1:57 PM, berry guru wrote: >>> I'm wondering how to install the latest version of Squid ...version >>> 3.1 on Ubuntu server using apt-get. When I run the command 'sudo >>> apt-get install squid' its going out and grabbing version 2.7.STABLE9. >>> How do you get the latest version? What tells apt-get to go out and >>> grab the 2.7 version and not the 3.1 version?
[squid-users] Squid Cache Directory - Webmin
I installed Webmin to configure Squid3 and was wondering how do I go about initializing the squid cache directory. Under the Squid Proxy Server it states "Your Squid cache directory /var/spool/squid3 has not been initialized. This must be done before Squid can be run." I entered both a username I typically use and root, but they both return the error "Cannot write to directory /etc/squid3" I'm thinking this is an issue with permissions to that directory. I'm not exactly sure on how to edit those permissions. Am I correct in that assumption?
[squid-users] Re: Squid Cache Directory - Webmin
I thought I had it, I found something in Chp5 of the Squid Definitive book talking about initializing cache directories. I ran the squid -z command and got back the following details after is took: aclParseAccessLine: squid.conf line 846: http_access permit all aclParseAccessLine: expecting 'allow' or 'deny', got 'permit'. Create Swap Directories On Wed, Feb 15, 2012 at 9:50 AM, berry guru wrote: > I installed Webmin to configure Squid3 and was wondering how do I go > about initializing the squid cache directory. > > Under the Squid Proxy Server it states "Your Squid cache directory > /var/spool/squid3 has not been initialized. This must be done before > Squid can be run." I entered both a username I typically use and > root, but they both return the error "Cannot write to directory > /etc/squid3" > > I'm thinking this is an issue with permissions to that directory. I'm > not exactly sure on how to edit those permissions. Am I correct in > that assumption?
Re: [squid-users] Re: Squid Cache Directory - Webmin
I was afraid you were going to say that Sebastian, but at the same time it makes sense. I'm going to restore my squid.conf from a backup and see where I stand. Thanks for the direction. Cheers, On Wed, Feb 15, 2012 at 10:58 AM, Sebastian Muniz wrote: > On 2/15/2012 3:07 PM, berry guru wrote: >> >> I thought I had it, I found something in Chp5 of the Squid Definitive >> book talking about initializing cache directories. I ran the squid -z >> command and got back the following details after is took: >> >> aclParseAccessLine: squid.conf line 846: http_access permit all >> aclParseAccessLine: expecting 'allow' or 'deny', got 'permit'. >> Create Swap Directories >> > Hello Berry, > If you have manually modified the squid.conf file I would suggest to reset > to defaults and start again. > My experience with webmin is that you use it OR (exclusive OR) you do it > manually. Manually modifying conf files tends to confuse webmin. > In this case the error is correct, you are missing allow or deny in the line > Check http://www.squid-cache.org/Doc/config/http_access/ > > Regards. > Sebastian
Re: [squid-users] Re: Squid Cache Directory - Webmin
I reverted back to the default squid configuration and I'm still getting the same error. I restarted Squid, but still no go. Supposedly the squid -z should of done it for me. Any thoughts? On Wed, Feb 15, 2012 at 11:25 AM, berry guru wrote: > I was afraid you were going to say that Sebastian, but at the same > time it makes sense. I'm going to restore my squid.conf from a backup > and see where I stand. Thanks for the direction. > > Cheers, > > On Wed, Feb 15, 2012 at 10:58 AM, Sebastian Muniz > wrote: >> On 2/15/2012 3:07 PM, berry guru wrote: >>> >>> I thought I had it, I found something in Chp5 of the Squid Definitive >>> book talking about initializing cache directories. I ran the squid -z >>> command and got back the following details after is took: >>> >>> aclParseAccessLine: squid.conf line 846: http_access permit all >>> aclParseAccessLine: expecting 'allow' or 'deny', got 'permit'. >>> Create Swap Directories >>> >> Hello Berry, >> If you have manually modified the squid.conf file I would suggest to reset >> to defaults and start again. >> My experience with webmin is that you use it OR (exclusive OR) you do it >> manually. Manually modifying conf files tends to confuse webmin. >> In this case the error is correct, you are missing allow or deny in the line >> Check http://www.squid-cache.org/Doc/config/http_access/ >> >> Regards. >> Sebastian
Re: [squid-users] Re: Squid Cache Directory - Webmin
My mistake, I should have specified that I'm ran it with squid3. The "squid -k parse" gave me some good info WARNING: Cannot write log file: /var/log/squid3/cache.log /var/log/squid3/cache.log: Permission denied messages will be sent to 'stderr'. So it looks like I need to change permissions to that directory, and give it the appropriate write permissions. On Wed, Feb 15, 2012 at 2:14 PM, Amos Jeffries wrote: > On 16.02.2012 11:05, berry guru wrote: >> >> I reverted back to the default squid configuration and I'm still >> getting the same error. I restarted Squid, but still no go. >> >> Supposedly the squid -z should of done it for me. >> >> Any thoughts? >> > > > Run "squid -k parse". That will show you any other issues in the config. > > Also, you said you installed "squid3". On Debian and child systems that is a > different package and binary. You need to run "squid3 -z" etc in that case. > > Amos
Re: [squid-users] Re: Squid Cache Directory - Webmin
If I were to run chmod ugo+rwx *file* where file would be cache.log am I going to break something. Is this the appropriate approach? On Wed, Feb 15, 2012 at 2:23 PM, berry guru wrote: > My mistake, I should have specified that I'm ran it with squid3. > > The "squid -k parse" gave me some good info > > WARNING: Cannot write log file: /var/log/squid3/cache.log > /var/log/squid3/cache.log: Permission denied > messages will be sent to 'stderr'. > > So it looks like I need to change permissions to that directory, and > give it the appropriate write permissions. > > > On Wed, Feb 15, 2012 at 2:14 PM, Amos Jeffries wrote: >> On 16.02.2012 11:05, berry guru wrote: >>> >>> I reverted back to the default squid configuration and I'm still >>> getting the same error. I restarted Squid, but still no go. >>> >>> Supposedly the squid -z should of done it for me. >>> >>> Any thoughts? >>> >> >> >> Run "squid -k parse". That will show you any other issues in the config. >> >> Also, you said you installed "squid3". On Debian and child systems that is a >> different package and binary. You need to run "squid3 -z" etc in that case. >> >> Amos
Re: [squid-users] Re: Squid Cache Directory - Webmin
Do logs get rotated because they reach a certain size or threshold? I found something that is kind of confusing me, the owner of cache.log is the user 'proxy' which I never created, so this must be a default user from squid. I ran ls -l /var/log/squid3/cache.log and found that -rw-r- 1 proxy proxy 38762 2012-02-15 14:03 /var/log/squid3/cache.log So it looks like the permissions need to be assigned to the user proxy, but I don't have that info. I'm pretty sure this will fix the Webmin info, but my I'm wondering how users are giving permissions to Webmin for the cache.log directory. On Wed, Feb 15, 2012 at 2:53 PM, Amos Jeffries wrote: > On 16.02.2012 11:31, berry guru wrote: >> >> If I were to run chmod ugo+rwx *file* where file would be cache.log am >> I going to break something. Is this the appropriate approach? > > > It is incomplete. When the log gets rotated things die again. > > The Squid details are in a folder called .../squid3/ so that you can assign > that folder the appropriate read/write and owner/group permissions and leave > its parent /var/log with root-only or similar access. > > PS. I should have said re-run -k parse when you think you have resolved the > issues. Sometimes a major problem causes early abortand later problems > remain hidden. > > Amos >
