Hi All, I've been searching the archives, web and news groups for 2 days now, trying to figure out what I've done wrong. I've installed Squid 2.5 STABLE 4 on a RH9 Server and can't get external auth working for the life of me. I've tried mysql_auth and ncsa_auth and neither seem to work right.
>From looking at the cache.log file it seems as though the ncsa_auth module is indeed being loaded, but it's either not able to be used, or I've really hosed the acls... I've tested ncsa_auth from the command line and it does work as expected. Any thoughts? Any help will be greatly appreciated, I'm pulling my hair out over this one. Here is the relevant configure, squid.conf and cache.log details: ./configure --enable-ssl --enable-auth=basic --enable-auth-modules=NCSA -- squid.conf -- auth_param basic program /usr/local/squid/bin/ncsa_auth /usr/local/squid/etc/passwd #auth_param basic program /usr/local/squid/bin/mysql_auth auth_param basic children 5 auth_param basic realm SquidProxy auth_param basic credentialsttl 2 hours acl users proxy_auth REQUIRED acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 563 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access deny to_localhost http_access allow users http_access allow all -- cache.log -- 2003/11/26 12:35:39| Starting Squid Cache version 2.5.STABLE4 for i686-pc-linux-gnu... 2003/11/26 12:35:39| Process ID 10326 2003/11/26 12:35:39| With 1024 file descriptors available 2003/11/26 12:35:39| Performing DNS Tests... 2003/11/26 12:35:39| Successful DNS name lookup tests... 2003/11/26 12:35:39| DNS Socket created at 0.0.0.0, port 32770, FD 4 2003/11/26 12:35:39| Adding nameserver 64.255.160.17 from /etc/resolv.conf 2003/11/26 12:35:39| Adding nameserver 64.255.160.18 from /etc/resolv.conf 2003/11/26 12:35:39| helperOpenServers: Starting 5 'mysql_auth' processes 2003/11/26 12:35:39| Unlinkd pipe opened on FD 14 2003/11/26 12:35:39| Swap maxSize 102400 KB, estimated 7876 objects 2003/11/26 12:35:39| Target number of buckets: 393 2003/11/26 12:35:39| Using 8192 Store buckets 2003/11/26 12:35:39| Max Mem size: 8192 KB 2003/11/26 12:35:39| Max Swap size: 102400 KB 2003/11/26 12:35:39| Rebuilding storage in /usr/local/squid/var/cache (CLEAN) 2003/11/26 12:35:39| Using Least Load store dir selection 2003/11/26 12:35:39| Set Current Directory to /usr/local/squid/var/cache 2003/11/26 12:35:39| Loaded Icons. 2003/11/26 12:35:39| Accepting HTTP connections at 0.0.0.0, port 3128, FD 15. 2003/11/26 12:35:39| Accepting ICP messages at 0.0.0.0, port 3130, FD 16. 2003/11/26 12:35:39| WCCP Disabled. 2003/11/26 12:35:39| Ready to serve requests. 2003/11/26 12:35:39| Done scanning /usr/local/squid/var/cache swaplog (0 entries) 2003/11/26 12:35:39| Finished rebuilding storage from disk. 2003/11/26 12:35:39| 0 Entries scanned 2003/11/26 12:35:39| 0 Invalid entries. 2003/11/26 12:35:39| 0 With invalid flags. 2003/11/26 12:35:39| 0 Objects loaded. 2003/11/26 12:35:39| 0 Objects expired. 2003/11/26 12:35:39| 0 Objects cancelled. 2003/11/26 12:35:39| 0 Duplicate URLs purged. 2003/11/26 12:35:39| 0 Swapfile clashes avoided. 2003/11/26 12:35:39| Took 0.1 seconds ( 0.0 objects/sec). 2003/11/26 12:35:39| Beginning Validation Procedure 2003/11/26 12:35:39| Completed Validation Procedure 2003/11/26 12:35:39| Validated 0 Entries 2003/11/26 12:35:39| store_swap_size = 0k 2003/11/26 12:35:40| storeLateRelease: released 0 objects 2003/11/27 09:26:18| aclCheckFast: list: 0x8213400 2003/11/27 09:26:18| aclMatchAclList: checking all 2003/11/27 09:26:18| aclMatchAcl: checking 'acl all src 0/0' 2003/11/27 09:26:18| aclMatchIp: '68.144.72.187' found 2003/11/27 09:26:18| aclMatchAclList: returning 1 2003/11/27 09:26:18| aclCheck: checking 'http_access allow manager localhost' 2003/11/27 09:26:18| aclMatchAclList: checking manager 2003/11/27 09:26:18| aclMatchAcl: checking 'acl manager proto cache_object' 2003/11/27 09:26:18| aclMatchAclList: no match, returning 0 2003/11/27 09:26:18| aclCheck: checking 'http_access deny manager' 2003/11/27 09:26:18| aclMatchAclList: checking manager 2003/11/27 09:26:18| aclMatchAcl: checking 'acl manager proto cache_object' 2003/11/27 09:26:18| aclMatchAclList: no match, returning 0 2003/11/27 09:26:18| aclCheck: checking 'http_access deny !Safe_ports' 2003/11/27 09:26:18| aclMatchAclList: checking !Safe_ports 2003/11/27 09:26:18| aclMatchAcl: checking 'acl Safe_ports port 80 # http' 2003/11/27 09:26:18| aclMatchAclList: no match, returning 0 2003/11/27 09:26:18| aclCheck: checking 'http_access deny CONNECT !SSL_ports' 2003/11/27 09:26:18| aclMatchAclList: checking CONNECT 2003/11/27 09:26:18| aclMatchAcl: checking 'acl CONNECT method CONNECT' 2003/11/27 09:26:18| aclMatchAclList: no match, returning 0 2003/11/27 09:26:18| aclCheck: checking 'http_access deny to_localhost' 2003/11/27 09:26:18| aclMatchAclList: checking to_localhost 2003/11/27 09:26:18| aclMatchAcl: checking 'acl to_localhost dst 127.0.0.0/8' 2003/11/27 09:26:18| aclMatchAcl: Can't yet compare 'to_localhost' ACL for 'www.google.ca' 2003/11/27 09:26:18| aclMatchAclList: no match, returning 0 2003/11/27 09:26:18| aclCheck: checking 'http_access deny to_localhost' 2003/11/27 09:26:18| aclMatchAclList: checking to_localhost 2003/11/27 09:26:18| aclMatchAcl: checking 'acl to_localhost dst 127.0.0.0/8' 2003/11/27 09:26:18| aclMatchIp: '216.239.41.99' NOT found 2003/11/27 09:26:18| aclMatchAclList: no match, returning 0 2003/11/27 09:26:18| aclCheck: checking 'http_access allow users' 2003/11/27 09:26:18| aclMatchAclList: checking users 2003/11/27 09:26:18| aclMatchAcl: checking 'acl users proxy_auth REQUIRED' 2003/11/27 09:26:18| authenticateAuthenticate: broken auth or no proxy_auth header. Requesting auth header. 2003/11/27 09:26:18| aclMatchAcl: returning 0 sending authentication challenge. 2003/11/27 09:26:18| aclMatchAclList: no match, returning 0 2003/11/27 09:26:18| aclCheck: requiring Proxy Auth header. 2003/11/27 09:26:18| aclCheck: match found, returning 2 2003/11/27 09:26:18| aclCheckCallback: answer=2 2003/11/27 09:26:18| The request GET http://www.google.ca/ is DENIED, because it matched 'users' 2003/11/27 09:26:18| aclCheckFast: list: 0x8211c18 2003/11/27 09:26:18| aclMatchAclList: checking all 2003/11/27 09:26:18| aclMatchAcl: checking 'acl all src 0/0' 2003/11/27 09:26:18| aclMatchIp: '68.144.72.187' found 2003/11/27 09:26:18| aclMatchAclList: returning 1 2003/11/27 09:26:18| aclCheckFast: list: 0x8212b90 2003/11/27 09:26:18| aclMatchAclList: checking all 2003/11/27 09:26:18| aclMatchAcl: checking 'acl all src 0/0' 2003/11/27 09:26:18| aclMatchIp: '68.144.72.187' found 2003/11/27 09:26:18| aclMatchAclList: returning 1 2003/11/27 09:26:18| aclCheckFast: list: 0x8212718 2003/11/27 09:26:18| aclMatchAclList: checking all 2003/11/27 09:26:18| aclMatchAcl: checking 'acl all src 0/0' 2003/11/27 09:26:18| aclMatchIp: '68.144.72.187' found 2003/11/27 09:26:18| aclMatchAclList: returning 1 2003/11/27 09:26:18| aclCheckFast: list: 0x8212cf0 2003/11/27 09:26:18| aclMatchAclList: checking all 2003/11/27 09:26:18| aclMatchAcl: checking 'acl all src 0/0' 2003/11/27 09:26:18| aclMatchIp: '68.144.72.187' found 2003/11/27 09:26:18| aclMatchAclList: returning 1 2003/11/27 09:26:18| aclCheckFast: list: 0x8211ae0 2003/11/27 09:26:18| aclMatchAclList: checking all 2003/11/27 09:26:18| aclMatchAcl: checking 'acl all src 0/0' 2003/11/27 09:26:18| aclMatchIp: '68.144.72.187' found 2003/11/27 09:26:18| aclMatchAclList: returning 1 2003/11/27 09:26:18| aclCheckFast: list: 0x8213090 2003/11/27 09:26:18| aclMatchAclList: checking all 2003/11/27 09:26:18| aclMatchAcl: checking 'acl all src 0/0' 2003/11/27 09:26:18| aclMatchIp: '68.144.72.187' found 2003/11/27 09:26:18| aclMatchAclList: returning 1 2003/11/27 09:26:18| aclCheckFast: list: 0x82136c0 2003/11/27 09:26:18| aclMatchAclList: checking all 2003/11/27 09:26:18| aclMatchAcl: checking 'acl all src 0/0' 2003/11/27 09:26:18| aclMatchIp: '68.144.72.187' found 2003/11/27 09:26:18| aclMatchAclList: returning 1 2003/11/27 09:26:18| aclCheckFast: list: 0x82121c0 2003/11/27 09:26:18| aclMatchAclList: checking all 2003/11/27 09:26:18| aclMatchAcl: checking 'acl all src 0/0' 2003/11/27 09:26:18| aclMatchIp: '68.144.72.187' found 2003/11/27 09:26:18| aclMatchAclList: returning 1 2003/11/27 09:26:18| aclCheckFast: list: 0x8213560 2003/11/27 09:26:18| aclMatchAclList: checking all 2003/11/27 09:26:18| aclMatchAcl: checking 'acl all src 0/0' 2003/11/27 09:26:18| aclMatchIp: '68.144.72.187' found 2003/11/27 09:26:18| aclMatchAclList: returning 1 2003/11/27 09:26:18| aclCheckFast: list: 0x8212220 2003/11/27 09:26:18| aclMatchAclList: checking all 2003/11/27 09:26:18| aclMatchAcl: checking 'acl all src 0/0' 2003/11/27 09:26:18| aclMatchIp: '68.144.72.187' found 2003/11/27 09:26:18| aclMatchAclList: returning 1 2003/11/27 09:26:18| aclCheckFast: list: 0x820e528 2003/11/27 09:26:18| aclMatchAclList: checking all 2003/11/27 09:26:18| aclMatchAcl: checking 'acl all src 0/0' 2003/11/27 09:26:18| aclMatchIp: '68.144.72.187' found 2003/11/27 09:26:18| aclMatchAclList: returning 1
