Topic: User authentication for the squid proxy in e-smith 4.1.1

[Hoay Fern]

Hi,

I am Hoay Fern and i have questions in User authentication for the squid proxy in e-smith 4.1.1

i have follow the steps below:

1)Download the file you choose - either pam_auth of ncsa_auth - I suggest pam_auth

2)extract

tar -zxvf pam_auth.tar.gz

3)put file in place and set correct permissions
mkdir /usr/local/squid/bin
mv pam_auth /usr/local/squid/bin
chown root /usr/local/squid/bin/pam_auth
chmod u+s /usr/local/squid/bin/pam_auth

my problem1)
when i type the command :
mkdir /usr/local/squid/bin
the error : no such directory /usr/local/squid/bin , so i try to cd /usr/local and found that i dont have squid directory
after that i try to type command:

mkdir /usr/local/squid
mkdir/usr/local/squid/bin

is it by defult we should have the directory /usr/local.squid ?


4)add a squid config file for pam
pico /etc/pam.d/squid
add these two lines
auth    required        /lib/security/pam_unix.so
account required        /lib/security/pam_unix.so

or for ncsa_auth
cp /stc/shadow /usr/etc/passwd

5)add a template to e-smith for the squid.conf file

mkdir /etc/e-smith/templates-custom/etc/squid/squid.conf
pico /etc/e-smith/templates-custom/etc/squid/squid.conf/90AuthAdd
add these lines

authenticate_program /usr/local/squid/bin/pam_auth
authenticate_children 5
acl pwdprotect proxy_auth REQUIRED
http_access allow pwdprotect

or for ncsa_auth
authenticate_program usr/local/squid/bin/ncsa_auth /usr/etc/passwd
authenticate_children 5
acl pwdprotect proxy_auth REQUIRED
http_access allow pwdprotect localhost

6)copy the original template-begin
 cp /etc/e-smith/templates/etc/squid/squid.conf/template-begin /etc/e-smith/templates-custom/etc/squid/squid.conf/template-begin

edit the access rules to remove the allow localhost
pico /etc/e-smith/templates-custom/etc/squid/squid.conf/template-begin

at approx line 1079 you will find http_access allow localhost comment it by puttting a # in front of the line
expand the template and restart squid

7)/sbin/e-smith/signal-event network-create

[Simeon]

Point 2) change to tar-xvf pam_auth.tar.gz

Change mkdir statements to mkdir -p

Point 6) Also comment out the line on 1080 too

Point 7) Expand the template by /sbin/e-smith/expand-template /etc/squid/squid.conf


these changes worked for me.
hope it helps you.

[Hoay Fern]

hi,

i receive ur reply but i have some questions to ask you .

yestreday i was trying to follow the steps by steps but i found that after i do the step 7)/sbin/e-smith/signal-event network-create , then i go to client side to try to access internet.

i cant access it.

is it because i puttting a # in front of the line 1079
http_access allow localhost then i cant access to internet but after i delete the # in front of the line 1079 , i can access to internet.

May I know what is the line for ?

 my question:

1) in your
 Point 6) Also comment out the line on 1080 too

may I know what is the line 1080 for ? I mean any words that i can recognize in Line 1080 ?

question 2:
Point 7) Expand the template by /sbin/e-smith/expand template /etc/squid/squid.conf

is it mean that i have to replace the command : /sbin/e-smith/signal-event network-create
to : sbin/e-smith/expand template /etc/squid/squid.conf


May I know what is the differences between both command ?

please assists

i wish to try again after i really understand everything

another question is :

if i set user sutentication in accessign proxy server, will it affected the icq or yahoo messager or msn messager setting because we need it in order to communicate with others collegues all over the world.

one more questions is what is the port number for SOCKS 4 or SOCKS 5 ?

last time when we use Wingate from Deerfield, the default port for the SOCKS 5 is 1080, but i dunno what is the port number for SOCKS 5 or SOCKS4 in E-Smith.

pls assists

thanks for ur help

hoay fern

[Tim Litwiller]

Socks always uses port 1080, that is part of the socks specs. But e-smith doesn't provide and socks proxy.

[Hoay Fern]

hi,

u mean E-Smith doesnt provide SOCKS proxy ?


hoay fern

[Hoay Fern]

hi,

u mean E-Smith doesnt provide SOCKS proxy ?


hoay fern

[Simeon]

i'm no expert all i know is that i did what i told you and it works for me every time.

1) in your
Point 6) Also comment out the line on 1080 too

line 1080 is the line below line 1079!
if you use pico to edit the file then press ctrl C it tells you the line number your on.  comment out both lines by putting a # at the start of each line.

question 2:
Point 7) Expand the template by /sbin/e-smith/expand template /etc/squid/squid.conf

is it mean that i have to replace the command : /sbin/e-smith/signal-event network-create
to : sbin/e-smith/expand template /etc/squid/squid.conf

no.  expand the template using the line i gave and then do the network create too.

the expand template command takes the template from the custom templates directory on your server and expands it into where linux would expect to find that config file.



you have set your client's browser to use the proxy with port 3128 ??


another question is :

if i set user sutentication in accessign proxy server, will it affected the icq or yahoo messager or msn messager setting because we need it in order to communicate with others collegues all over the world.

icq works fine with me.



good luck.
btw, i'm using 4.1.2

[Hoay Fern]

hi,

actually i fnd out that i am using E-Smith 4.1.2 also.

by make 2 changes Point 6) Also comment out the line on 1080 and add the command Point 7) Expand the template by /sbin/e-smith/expand template /etc/squid/squid.conf
it works for u ?

for the expand template command:

i need both command :

sbin/e-smith/expand template /etc/squid/squid.conf
/sbin/e-smith/signal-event network-create

may i know whcih command should i use first ?

pls assists

thanks for ur reply

hoay fern

[Hoay Fern]

hi,

i have make some changes :

Point 6) Also comment out the line on 1080 too
Point 7) Expand the template by /sbin/e-smith/expand template /etc/squid/squid.conf


i follow your steps exactly but after i finished last part and i go to client side try to launch Internet

in the IE 5.0 in the proxy server i set
use a proxy server
Address : 192.168.168.X
Port:3128

when i launch the IE 5.0 , the login dialog box comes out:

Enter network Password

Please type your username and Password
Firewal:192.168.168.170
Realm Squid proxy-caching web server
Username: i enter the user account that i created in E-Smith Manager
password: i enter the user account password that i created in E-Smith Manager

then i click OK

After that THE PAGE CANNOT BE DISPLAYED comes out, even i click Refresh also cannot access to any website, may I know is it because the username and password wrong or any setting wrong ?

After that, i try go to
pico /etc/e-smith/templates-custom/etc/squid/squid.conf/template-begin
and uncomment the line 1079 and ling 1080
line 1079: http_access allow
Line 1080 http_access deny

then i go to IE again and type any address, and i can access to internet.

May I know what have i done wrong ?

Is it because the username and password wrong ? If username and password wrong, what error message it will comes out ?

How can i view the log file see whether what have i done wrong ?

please assist because i ahve try few times still the same prob.

i dunno what have i done wrong

please assists

thanks

hoay fern

[Hoay Fern]

hi,

May I know how the user autentication for Squid works ?

I mean how the Squid proxy server authorize the user ? from where it get the username and password to authorize when user try to logon to internet ?


i am using the pam_auth rather than ncsa_auth.

i follow your steps exactly but after i finished last part and i go to client side try to launch Internet
 
in the IE 5.0 in the proxy server i set
use a proxy server
Address : 192.168.168.X
Port:3128
 
when i launch the IE 5.0 , the login dialog box comes out:
 
Enter network Password
 
Please type your username and Password
Firewal:192.168.168.170
Realm Squid proxy-caching web server
Username: i enter the user account that i created in E-Smith Manager
password: i enter the user account password that i created in E-Smith Manager
 
then i click OK
 
After that THE PAGE CANNOT BE DISPLAYED comes out, even i click Refresh also cannot access to any website, may I know is it because the username and password wrong or any setting wrong ?
 
After that, i try go to
pico /etc/e-smith/templates-custom/etc/squid/squid.conf/template-begin
and uncomment the line 1079 and ling 1080
line 1079: http_access allow
Line 1080 http_access deny
 
then i go to IE again and type any address, and i can access to internet.
 
May I know what have i done wrong ?
 
Is it because the username and password wrong ? If username and password wrong, what error message it will comes out ?
 
How can i view the log file see whether what have i done wrong ?
 
please assist because i have try few times still the same prob.
 
i dunno what have i done wrong
 
please assists
 
thanks
 
hoay fern

[Hoay Fern]

hi,

if we setup user autentication for Squid, it will use the user account that we created in E-Smith Manager ?

let said we wish to create different users that allowed to access the Squid proxy server, how can we do it ?

pls assist

hoay fern