#5340 Squid Proxy Server issue with basic authentication

[Cristian Garcia]

Problem:
"Apply configuration" and "Stop/Start service" crashes after configuring basic auth

System configuration:
Ubuntu Server 18.04
Webmin 1.940
Squid Proxy Server 3.5

Description:
After installing Squid and configuring basic authentication with Webmin on Ubuntu, both apply configuration and stop/start service procedures crash.

Checking /etc/webmin/squid.conf file, two acl lines...

auth_param basic program /etc/webmin/squid/squid-auth.pl /etc/webmin/squid/users
cache_effective_group proxy

... are positioned to the end of the file, but they should be over previous acl lines

acl SSL_ports port 443 
...

Changing these two lines manually to the top makes everything runs smoothly.

However, it would be better if webmin could do this without manual changes.

(Thanks to Julio León)

[Ilia]

Try:

auth_param digest program /usr/lib/squid/digest_file_auth -c "/etc/webmin/squid/users"
auth_param digest realm PasswordProtected
auth_param digest children 4

Note: htdigest tools is used to create and update password for digest authentication of HTTP users.

Example:

htdigest users realm username

[Cristian Garcia]

Thanks for the response Ilia. But, at the end of my message, I gave a solution to the issue.

However, my message concerns about a problem with the webmin user interface. Because the fact is that anyone who wants to create proxy authentication (only with the Webmin graphical interface, that is, without using the command line) will get this error. In my case, since 2014 my students work with webmin installing several services, and this is the first year I got this error.

So something has changed from the Webmin previous versions and I wonder if someone could change Webmin source code (putting those two lines at the top when the configuration in Webmin is done, and not at the end) in order to fix this bug.

Thanks a lot!

[Jamie Cameron]

Do you get any error message in the Squid log file when those lines are in the wrong place?

[Cristian Garcia]

Hi Jamie,

After start/stop service (or clicking on apply configuration) I get these messages:

Job for squid.service failed because the control process exited with error code.
See "systemctl status squid.service" and "journalctl -xe" for details.

And the systemctl status squid.service returns these lines:

● squid.service - LSB: Squid HTTP Proxy version 3.x
   Loaded: loaded (/etc/init.d/squid; generated)
   Active: active (exited) (Result: exit-code) since Fri 2020-01-03 21:58:59 CET; 16min ago
     Docs: man:systemd-sysv-generator(8)
  Process: 6849 ExecReload=/etc/init.d/squid reload (code=exited, status=3)

ene 03 21:58:59 servidor systemd[1]: Started LSB: Squid HTTP Proxy version 3.x.
ene 03 21:58:59 servidor squid[2785]: Squid Parent: will start 1 kids
ene 03 21:58:59 servidor squid[2785]: Squid Parent: (squid-1) process 2790 started
ene 03 22:09:17 servidor squid[2785]: Squid Parent: (squid-1) process 2790 exited with status 0
ene 03 22:10:56 servidor systemd[1]: Reloading LSB: Squid HTTP Proxy version 3.x.
ene 03 22:10:56 servidor squid[6862]: ERROR: Invalid ACL: acl Usuarios proxy_auth REQUIRED
ene 03 22:10:56 servidor squid[6870]: ERROR: Invalid ACL: acl Usuarios proxy_auth REQUIRED
ene 03 22:10:56 servidor squid[6849]:  * FATAL: ERROR: Invalid ACL: acl Usuarios proxy_auth REQUIRED
ene 03 22:10:56 servidor systemd[1]: squid.service: Control process exited, code=exited status=3
ene 03 22:10:56 servidor systemd[1]: Reload failed for LSB: Squid HTTP Proxy version 3.x.

Would you need some more information to know where is the problem?

Thank you!

[Jamie Cameron]

Got it -the next Webmin release will ensure that the auth_param line is added in the right place.

[Cristian Garcia]

Perfect. ¡Thank you!