erro na autenticação ncsa_auth (Ubuntu 13.04 - Squid3 [RESOLVIDO]

ojferracini
(usa Debian)

Enviado em 26/11/2013 - 14:24h

Boa tarde.

Estou com seguinte problema na versão 13.04 Ubuntu 13.04 - squid3

Mesmo testando na linha de comando /usr/lib/squid3/ncsa_auth /etc/squid3/passwd

Informo usuário e já me retorna o seguinte erro:

ERR.

Alguem pode me ajudar?

Na versão 12.04 não acontece, pode ser que tenha que atualizar algo?

Desde já grato.

Buckminster
(usa Debian)

Enviado em 26/11/2013 - 16:41h

Posta aqui o erro completo.
Se puder posta o squid.conf também.

ojferracini
(usa Debian)

Enviado em 27/11/2013 - 09:52h

Opa valeu por me atender.

Bem o erro é somente este mesmo ERR.
E fica pedindo várias vezes para o usuário se autenticar.
Segue abaixo o squid.con que peguei em uma dica.

## PORTA ##
http_port 3128

## ESQUEMA AUTENTICACAO ##
auth_param basic program /usr/lib/squid3/ncsa_auth /etc/squid3/passwd
auth_param basic children 5
auth_param basic realm | Grupo secserver2
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
visible_hostname s3cserver2
cache_mgr igordiascarvalho@gmail.com
error_directory /usr/share/squid3/errors/Portuguese
hierarchy_stoplist cgi-bin ?
cache_mem 256 MB
maximum_object_size_in_memory 64 KB
maximum_object_size 100 MB
cache_dir ufs /var/spool/squid3 2040 16 256

refresh_pattern ^ftp: 360 20% 10080
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320

access_log /var/log/squid3/access.log

acl localhost src 127.0.0.1/32
acl localnet src 192.168.0.0/24

#############################################
## PAGINA DE ERRO EM PORTUGUES
error_directory /usr/share/squid3/errors/pt-br
#############################################

#############################################
# BLOQUEIO MSN
acl libmsnmessenger url_regex -i gateway.dll
acl msn dstdomain loginnet.passport.com
acl msn1 req_mime_type -i ^application/x-msn-messenger$
acl msn2 dstdomain messenger.hotmail.com
acl msn3 dstdomain gateway.messenger.hotmail.com
# ACL BLOQUEIO MSN
http_access deny msn
http_access deny msn1
http_access deny msn2
http_access deny msn3
http_access deny libmsnmessenger
#############################################

############################################
# BLOQUEIO GOOGLE TALK GMAIL
acl url_gtalk url_regex -i “/etc/squid3/listas/url_gtalk”
http_access deny url_gtalk all
##############################################

##############################################
# LIBERANDO GTALK
#acl ip_gtalk_liberado src “/etc/squid/regras/ip_gtalk_liberado.txt”
#http_access allow ip_gtalk_liberado url_gtalk

#BLOQUEIO DE PESQUISA POR PALAVRAS
acl bloqueio_por_palavras url_regex -i “/etc/squid3/listas/palavras”
http_access deny bloqueio_por_palavras

#BLOQUEIO DE PESQUISA POR PALAVRAS
acl bloqueio_por_palavras url_regex -i “/etc/squid3/listas/palavras”
http_access deny bloqueio_por_palavras

#BLOQUEIO DE EXTENSOES VIA BROWSER

acl bloqueio_extensoes url_regex -i “/etc/squid3/listas/extensoes”
http_access deny bloqueio_extensoes
#############################################

## ESQUEMA DE CONTROLE POR GRUPOS DE USUARIOS

## Acesso total
acl acesso_livre proxy_auth “/etc/squid3/listas/usr_livre”
http_access allow acesso_livre

## Acesso restrito
acl acesso_restrito proxy_auth “/etc/squid3/listas/usr_restrito”
acl url_bloqueado url_regex -i “/etc/squid3/listas/url_bloqueado”
http_access deny url_bloqueado
http_access allow acesso_restrito !url_bloqueado

## Acesso somente a sites liberados
acl acesso_bloqueado proxy_auth “/etc/squid3/listas/usr_bloqueado”
acl url_liberado url_regex -i “/etc/squid3/listas/url_liberado”

http_access allow url_liberado
http_access deny acesso_bloqueado !url_liberado

#http_access allow usuarios acesso_livre
#http_access allow usuarios acesso_restrito
#http_access allow usuarios acesso_bloqueado

## AUTENTICACAO ##
acl usuarios proxy_auth REQUIRED
http_access allow usuarios

acl purge method PURGE
http_access allow purge localhost
http_access deny purge

acl Safe_ports port 21 # ftp
acl Safe_ports port 70 # gopher
acl Safe_ports port 80 # http
acl Safe_ports port 210 # wais
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 443 # https
acl Safe_ports port 488 # gss-http
acl Safe_ports port 563 # mntps
acl Safe_ports port 591 # filemaker
acl Safe_ports port 633 # cups
acl Safe_ports port 777 # multiling http
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # swat
acl Safe_ports port 1025-65535 # unregistered ports
http_access deny !Safe_ports

acl connect method CONNECT
acl ssl_ports port 443 # https
acl ssl_ports port 563 # mntps
acl ssl_ports port 873 # rsync
http_access deny connect !SSL_ports
#####################################################################

Buckminster
(usa Debian)

Enviado em 27/11/2013 - 23:41h

Retire o | do seguinte comando

auth_param basic realm | Grupo secserver2

deixe assim

auth_param basic realm Grupo secserver2

Salve e reinicie o Squid e teste.

E execute squid -k parse para verificar se a sintaxe do squid.conf está correta.

Vou dar uma olhada com mais calma, mas por enquanto faça o que indiquei acima.

ojferracini
(usa Debian)

Enviado em 29/11/2013 - 14:20h

Boa tarde.

Fiz como você orientou e nada.
Pede sempre a autenticação uma pacada de vezes até finalizar reportando que preciso estar autenticado.

sds

Buckminster
(usa Debian)

Enviado em 29/11/2013 - 21:22h

Fiz umas modificações. Teste o squid.conf abaixo. Caso não funcionar, veremos os logs para ver o que pode estar errado:

## PORTA ##
http_port 3128

## ESQUEMA AUTENTICACAO ##
auth_param basic program /usr/lib/squid3/ncsa_auth /etc/squid3/passwd
auth_param basic children 5
auth_param basic realm Grupo secserver2
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
acl usuarios proxy_auth REQUIRED
visible_hostname s3cserver2
cache_mgr igordiascarvalho@gmail.com
error_directory /usr/share/squid3/errors/Portuguese
hierarchy_stoplist cgi-bin ?
cache_mem 256 MB
maximum_object_size_in_memory 64 KB
maximum_object_size 100 MB
cache_dir ufs /var/spool/squid3 2040 16 256

refresh_pattern ^ftp: 360 20% 10080
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320

access_log /var/log/squid3/access.log

acl localhost src 127.0.0.1/32
acl localnet src 192.168.0.0/24

#############################################
## PAGINA DE ERRO EM PORTUGUES
error_directory /usr/share/squid3/errors/pt-br
#############################################

#############################################
# BLOQUEIO MSN
acl libmsnmessenger url_regex -i gateway.dll
acl msn dstdomain loginnet.passport.com
acl msn1 req_mime_type -i ^application/x-msn-messenger$
acl msn2 dstdomain messenger.hotmail.com
acl msn3 dstdomain gateway.messenger.hotmail.com
# ACL BLOQUEIO MSN
http_access deny msn
http_access deny msn1
http_access deny msn2
http_access deny msn3
http_access deny libmsnmessenger
#############################################

############################################
# BLOQUEIO GOOGLE TALK GMAIL
acl url_gtalk url_regex -i “/etc/squid3/listas/url_gtalk”
http_access deny url_gtalk all
##############################################

##############################################
# LIBERANDO GTALK
#acl ip_gtalk_liberado src “/etc/squid/regras/ip_gtalk_liberado.txt”
#http_access allow ip_gtalk_liberado url_gtalk

#BLOQUEIO DE PESQUISA POR PALAVRAS
acl bloqueio_por_palavras url_regex -i “/etc/squid3/listas/palavras”
http_access deny bloqueio_por_palavras

#BLOQUEIO DE PESQUISA POR PALAVRAS
acl bloqueio_por_palavras url_regex -i “/etc/squid3/listas/palavras”
http_access deny bloqueio_por_palavras

#BLOQUEIO DE EXTENSOES VIA BROWSER

acl bloqueio_extensoes url_regex -i “/etc/squid3/listas/extensoes”
http_access deny bloqueio_extensoes
#############################################

## ESQUEMA DE CONTROLE POR GRUPOS DE USUARIOS

## Acesso total
acl acesso_livre proxy_auth “/etc/squid3/listas/usr_livre”
http_access allow acesso_livre

## Acesso restrito
acl acesso_restrito proxy_auth “/etc/squid3/listas/usr_restrito”
acl url_bloqueado url_regex -i “/etc/squid3/listas/url_bloqueado”
http_access deny url_bloqueado
http_access allow acesso_restrito !url_bloqueado

## Acesso somente a sites liberados
acl acesso_bloqueado proxy_auth “/etc/squid3/listas/usr_bloqueado”
acl url_liberado url_regex -i “/etc/squid3/listas/url_liberado”

acl Safe_ports port 21 # ftp
acl Safe_ports port 70 # gopher
acl Safe_ports port 80 # http
acl Safe_ports port 210 # wais
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 443 # https
acl Safe_ports port 488 # gss-http
acl Safe_ports port 563 # mntps
acl Safe_ports port 591 # filemaker
acl Safe_ports port 633 # cups
acl Safe_ports port 777 # multiling http
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # swat
acl Safe_ports port 1025-65535 # unregistered ports
http_access deny !Safe_ports

acl connect method CONNECT
acl ssl_ports port 443 # https
acl ssl_ports port 563 # mntps
acl ssl_ports port 873 # rsync
http_access deny connect !SSL_ports

acl purge method PURGE
http_access allow purge localhost
http_access deny purge

http_access allow url_liberado
http_access deny acesso_bloqueado !url_liberado

http_access allow acesso_livre
# http_access allow acesso_restrito
# http_access deny acesso_bloqueado

http_access allow usuarios
http_access allow localhost
http_access allow localnet
http_access deny all
#####################################################################