[Freeipa-users] squid problems when upgrading to 6.4

Wed Mar 13 21:45:32 UTC 2013

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 03/13/2013 09:20 PM, Natxo Asenjo wrote:
> hi,
>
> following the howto
>
http://freeipa.org/page/Squid_Integration_with_FreeIPA_using_Single_Sign_On
> I had setup squid.
>
> Tonight running the updates the changes to the init script
>
http://freeipa.org/page/Squid_Integration_with_FreeIPA_using_Single_Sign_On#Change_the_.2Fetc.2Finit.d.2Fsquid_startup_script_to_read_in_the_keytab_on_service_start.
> were gone and so the internet was not working. Not nice.
>
> The howto should specify that the config must come in
> /etc/sysconfig/squid instead. Then the upgrade has no nasty
> consequences. So /etc/sysconfig/squid should look like this:
>
> # default squid options
> SQUID_OPTS=""
>
> # Time to wait for Squid to shut down when asked. Should not be necessary
> # most of the time.
> SQUID_SHUTDOWN_TIMEOUT=100
>
> # default squid conf file
> SQUID_CONF="/etc/squid/squid.conf"
>
> # kerberos stuff
> KRB5_KTNAME=/etc/squid/krb5.keytab
> export KRB5_KTNAME

Hi Natxo

I've just deployed a RHEL 6.4 proxy and the guide is still accurate and
works.. however I agree a config file would be a better place for the
options. Both work at the end of the day.

I'm more curious as to why your squid init script was replaced instead
of the usual scenario of having the new file saved as .rpmsave.
>
>
> By the way, I came accross http://squidkerbauth.sourceforge.net/
> squid_kerb_ldap to allow/block stuff in the proxy depending on ldap
> group membership. I have not tested it yet, but will post it if(when)
> I get it working.
You can also check out SquidGuard, which is available in EPEL.

I've written an article for Active Directory, however it is just as easy
to use it with IPA.
https://www.dalemacartney.com/2012/07/06/web-proxy-filtering-with-squidguard-using-active-directory-group-memberships/

>
>
> --
> Groeten,
> natxo
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJRQPN6AAoJEAJsWS61tB+qG8kQAJU3bKwnzwWoiD5jhl0CM6jq
3n2GnbRLY8AIO3wuSKeyaLi1IHq/DcpLME85bcR/6JqM2PaqcDs0J1swhF8Z8436
5UWqVsnsdWKP/oamY4XAI7E+gZHE0eggNPgq8a7rYX/97epmPpZTBSfGDEYkJEMZ
tJx3DrATvvmJ97c6XzASgbjd8D459a7MBilxyUf5+w4yexlqmxcxyb3dezgZ+mgT
MHP7Ex7i7+2sWsBQb2E72CeqoLrwsgTgMT8Ywl5E5m5w2atstUTGCKUSt7uem+o1
xeD4z2hUp6GEzy+IeHf/Ro/dvzax7t0+Ya32doWXozKvYMU6qk6fmqQWjw07EJME
oo4FIAy3b5tjDCrvve/JRYTsbOXdLYEMZx6fRb65gbplbgxK/R0Yp6V5BQHgesqF
3nCLQv8iBAzeokPg0VOysKOkfhHvRqX+q1hB0FgDMIRCgzpqPdOAb4I6SeInttah
hKoPfnp6njGmOTlCqKccLq5RyZMTbvxlJ2hcNoYVwGpftUkY4I0dsUAXDoQ8UDyk
xQ/QsDMO+3oMX+4yynJm3/I3AQltOMXZUliJDz99fcyRbLI3pV0eJybumrLuHdxA
7+/CokuFHAcchjWS19BGuOn3a6NWXTG2qmisZgaoVc8k3Uwi2PLp4puJQBtlY5o0
6Np35uYyfdcWZC3jIhTg
=5DAX
-----END PGP SIGNATURE-----