Squid, Kernels, VMI, Oh My!


So the saga with squid continues. I am now fighting with NTLM authentication. According to the documentation, I should be able to use Samba/Winbind with an authentication helper to authenticate to a Windows Domain. What does that do for us? The cache log will show username rather than IP address, allowing us to do more accurate reporting. Management is very up on the idea. The issue, however, is that the documentation is all over the place. Like previous discussions that aren’t on this blog regarding Linux, one of my greatest gripes with Linux was the fact that there are no definitive guides that apply or cover the issue in depth.

An example: Once you get past the grating fanatics who scream “Just read the man page!”, you realize that the man page doesn’t necessarily document the steps necessary to make it work. For example, the man page documents parameters that do not work with the version I’m using.

The version in question is Squid 2.6-Stable17, which is the required version for the plugin I am attempting to use. In my frustration, I did try building Squid 3.0 Stable 8 from source to verify that that was not the issue, and it is not.

So here it is: The documentation covers getting winbind to see the domain and authenticate – I get “success” results on all the tests. However, when Squid goes to use it, I simply get prompted for authentication (which is #1 bad because it is supposed to be transparent) but even if I fill in the necessary information it does not authenticate properly.

This brings me to my second point about Linux – Kernels. One of the strengths of Linux is the incredible ability to customize it to do what you need to do. When I have nothing else to do and I am bored at home that is a good thing – however – when I am under the gun attempting to finish up some major projects the last thing I want to do is spent 10 hours rebuilding several different versions of the Linux Kernel. Such was the case over the past few days because I wanted to enable VMI support in the Linux Kernel. This meant downloading kernel source, configuring, then making it and installing and whatnot. What another exercise in frustration as far as guides go. The official documentation literally says “just search online”.

There were guides that said “this may be what you need”, others that said “do x” and others that said “x is unneeded”. After several recompiles I got a version that was compatible with vmmemctl (VMware’s Memory manager module) that was VMI enabled. Still, it was a very frustrating experience. After all that, I still don’t have a Squid with all the features we need yet!

Leave a Reply