Linux folks - anyone have experience with SQUID

[kato2274]

anyone have any experience with configuring squid? I'm working on a linux router using the e-smith SME server package which is quite nice! It has squid already installed, I just need to configure it. I need to set it up so that clients have to be authenticated by the proxy before allowing internet access. I've been searching for a good step by step for configuring squid for a couple of days, but a lot of the stuff seems over my head since I am a linux noob. anyone care to give me a hand?

[gtiseb]

good choice! squid is real good at controlling net access. here's whatI foud doing a quick search on google :

http://linux.oreillynet.com/pub/a/li.../26/squid.html

hope that gets you started.

[InvisiBill]

I'm using squid on an SME right now. =)

You're doing things the hard way though. http://www.pagefault.org/code/e-smith.shtml#proxyauth Check out contribs.org first if you need anything else for the SME...

[kato2274]

Originally posted by InvisiBill
I'm using squid on an SME right now. =)

You're doing things the hard way though. http://www.pagefault.org/code/e-smith.shtml#proxyauth Check out contribs.org first if you need anything else for the SME...

okay, so I should undo my squid config file changes then follow the instructions on the page above right? where do I store users and passwords? any and all help is appreciated.

[InvisiBill]

Originally posted by kato2274
okay, so I should undo my squid config file changes then follow the instructions on the page above right? where do I store users and passwords? any and all help is appreciated.

First off, you should never change files directly. They will be overwritten by the system. http://www.e-smith.org/custom/ describes how you should make changes. It can be a bit weird at first, but it is a nice system. You can add or change bits and pieces, and it's a breeze to totally undo all of your changes and return it to stock when you're trying to figure out what you've screwed up. =)

Just install the RPM and use those commands to make sure the "enable" settings are in the config database. It is designed to be integrated as a part of the SME, therefore it checks against the SME's user list.

FYI, http://contribs.org/contribs/btalcott/ is me. Also, if you haven't yet, the "Update System" contrib allows you to install RPMs right from the Server Manager. There are times when a command line works better, but the web interface is handy when you just need to install one file quickly.

[kato2274]

BEAUTIFUL!!!!!!!!!!

thanks SO MUCH. it's testing fine right now!

the only minor glitch I'm noticing is that when I log on, with a valid user account and pass more times than not, it's kicking out a page can't be displayed then if I refresh, it's fine.

it does the same with invalid logins, but the refresh doesn't work which is good.

any thoughts.

[kato2274]

more time with it, more problems noticed.

1.) it doesn't seem to dial on demand with the authentication enabled. if the modem is already hooked up it will work, if it's not it doesn't dial out when I try to surf from the client. I just get a page can't be displayed. no auth box . . . nothing.

2.) It's got hung twice for no appearent reason. the client just stopped being able to get to the proxy I could ping the SME box, and access share from it set up with Ibay, but could not hit the proxy. when I flipped over to it and attempted to login, it just sat there with a blinking cursor, some process was running and it continued like that until I hard reset it. could this be the authenticate children is set to low?

[InvisiBill]

Sorry, I don't actually use proxyauth myself, and we have broadband too. From other stuff though, I've found that taking too long to enter a password can make the connection time out. Once you refresh it with the credentials already supplied, it can make the connection immediately.

You may be able to contact Damien directly, or get more help on the e-smith.org forums. Damien hangs around there, and is generally pretty good about helping people with his stuff. However, he does pretty good work and it's usually user error that causes problems, FYI.

Are you using 5.6? Do you have the latest update for your version? 5.6 still seems to have a few bugs in it (major revision - switched to 2.4 kernel and iptables), so I've stuck with 5.5. To the end-user, it's basically the same, but built on the proven codebase.

[kato2274]

Originally posted by InvisiBill
Sorry, I don't actually use proxyauth myself, and we have broadband too. From other stuff though, I've found that taking too long to enter a password can make the connection time out. Once you refresh it with the credentials already supplied, it can make the connection immediately.

You may be able to contact Damien directly, or get more help on the e-smith.org forums. Damien hangs around there, and is generally pretty good about helping people with his stuff. However, he does pretty good work and it's usually user error that causes problems, FYI.

Are you using 5.6? Do you have the latest update for your version? 5.6 still seems to have a few bugs in it (major revision - switched to 2.4 kernel and iptables), so I've stuck with 5.5. To the end-user, it's basically the same, but built on the proven codebase.

thanks. I may bump back to 5.5 and give it a go tommorow. If I can get it to work reliably it will be exactly what their users need and will be the crown jewel of the bid I'm preparing. I'll post back