RE: [suse-linux-uk-schools] Squid + VNC - Lots of Questions
On the bright side, it gets the technician to load Linux over W2K, which is a hell of an improvement... (assuming it's a recent version - 7.2 is pretty old like a 2.2 kernel I think). SSH is a very good way of remotely administering the box - have you tried this? I'm missing something here though - use MAC addresses for what? The upgrade problem is probably that the SuSE install will still be there and the new one is not in the path, or later in the path so is not being started. Have you tried stopping the squid service then running the newly installed one from its install directory? Cheers Chris -----Original Message----- From: adrian.wells To: suse-linux-uk-schools@suse.com Sent: 4/9/03 1:56 PM Subject: [suse-linux-uk-schools] Squid + VNC - Lots of Questions We are using Squid/2.3.STABLE4-hno.CVS on SuSE 7.2 pro KDE2 desktop, with RM as our upstream proxy. This works very well. but... We want to do the following 1) upgrade Squid AND use MAC addresses. We've downloaded the latest stable release and followed all the instructions ( ./configure --enable-arp-acl etc.) all (appears) to work fine but arp does not work and Squid reports that is still 2.3 ! If it's an easier option, is it possible to configure the release that came with SuSE to work with MAC addresses? - If so, how? 2) We also want to move our Proxy server to a remote location and decided that VNC would be good for administration. We got the dreaded grey screen (certain that is has worked without problems in earlier versions of SuSE) anyway we have poured over the net and have finally managed to open a session but nothing runs without crashing. We have also tried downloading RPMs of VNC and like squid they do not appear to install. We've spent ages looking at the net regarding both of these problems but without joy. James, my technician is almost in tears and has decided to install LINUX over his beloved WIN2000 server at home so that he can get to the bottom of this! I'm sure that we're missing an obvious step or two, any ideas as to which obvious box we haven't ticked? Thanks Adrian Wells -- To unsubscribe, e-mail: suse-linux-uk-schools-unsubscribe@suse.com For additional commands, e-mail: suse-linux-uk-schools-help@suse.com
On the bright side, it gets the technician to load Linux over W2K, which is a hell of an improvement... (assuming it's a recent version - 7.2 is pretty old like a 2.2 kernel I think).
I would mention redhat but that might be consider impolite, another option is to do a suse upgrade from the latest cd or network install
SSH is a very good way of remotely administering the box - have you tried this?
Or the squid web based proxy admin stuff, having said that you realise that your MAC based security system will break as soon as you have to go via a router to get to the proxy due to the nature of ethernet and ip networking
I'm missing something here though - use MAC addresses for what?
Security, only let your machines (that you know via their ethernet (Media Access Control) access stuff, it lets you tie a machine to an access assuming you have well behaved users who don't know about the "ifconfig eth0 hw ether <so:me:ot:he:r a:dd:es:s>" command
The upgrade problem is probably that the SuSE install will still be there and the new one is not in the path, or later in the path so is not being started. Have you tried stopping the squid service then running the newly installed one from its install directory?
I suspect that the suse init scripts (/etc/rc.d/init.d/squid I belive) will be running the old verion of squid that is in /usr/sbin/squid, there are various options but the cleanest of them is a full upgrade to the latest version of suse and then rebuild the squid rpm with your custom configure flags (that I can talk you though) -- Tim Fletcher - Technical Adviser Manchester LEA .~. tim@night-shade.org.uk /V\ L I N U X tim@parrswood.manchester.sch.uk // \\ >Don't fear the penguin< irc: Night-Shade on Quakenet /( )\ ^^-^^ Do not meddle in the affairs of dragons, for you are crunchy and taste good with ketchup.
On the bright side, it gets the technician to load Linux over W2K, which is a hell of an improvement... (assuming it's a recent version - 7.2 is
----- Original Message ----- From: Chris Puttick <chris@centralmanclc.com> pretty
old like a 2.2 kernel I think). :-)
SSH is a very good way of remotely administering the box - have you tried this? No
I'm missing something here though - use MAC addresses for what? By using mac addresses we can allow access via known machines only. This prevents users spoofing their laptops with known friendly IPs.
The upgrade problem is probably that the SuSE install will still be there and the new one is not in the path, or later in the path so is not being started. Have you tried stopping the squid service then running the newly installed one from its install directory? We've uninstalled squid via yast, but yast doesn't allow one to select the build type - is there a build configuration file somewhere that can be tweaked?
----- Original Message ----- From: Tim Fletcher <tim@parrswood.manchester.sch.uk>
I would mention redhat but that might be consider impolite, another option is to do a suse upgrade from the latest cd or network install Yes lots of references to Red Hat & Squid - What are your reasons?
Or the squid web based proxy admin stuff, having said that you realise that your MAC based security system will break as soon as you have to go via a router to get to the proxy due to the nature of ethernet and ip networking The proxy, LAN and admin will all be this side of the router - would this still be a problem?
I suspect that the suse init scripts (/etc/rc.d/init.d/squid I belive) will be running the old verion of squid that is in /usr/sbin/squid, there are various options but the cleanest of them is a full upgrade to the latest version of suse and then rebuild the squid rpm with your custom configure flags (that I can talk you though) Ha, I think that this answers my question above - yes please
Adrian
SSH is a very good way of remotely administering the box - have you tried this? No
Well worth looking at, secure and simple
I'm missing something here though - use MAC addresses for what? By using mac addresses we can allow access via known machines only. This prevents users spoofing their laptops with known friendly IPs.
It's really easy to spoof a mac address unless you lock the switch ports down, depends how knowledgable your users are but assuming I knew about it or could spot it then it's about a 5 second trick to spoof
I would mention redhat but that might be consider impolite, another option is to do a suse upgrade from the latest cd or network install Yes lots of references to Red Hat & Squid - What are your reasons?
I use redhat on about 400 machines, including a large number of servers and this is what I know in depth and as this is a suse run list and I haven't been on the list long I am trying to avoid treading on too many toes in the first few hours on the list :).
Or the squid web based proxy admin stuff, having said that you realise that your MAC based security system will break as soon as you have to go via a router to get to the proxy due to the nature of ethernet and ip networking The proxy, LAN and admin will all be this side of the router - would this still be a problem?
That works fine, basically the clients and the proxy need be on the same broadcast domain
I suspect that the suse init scripts (/etc/rc.d/init.d/squid I belive) will be running the old verion of squid that is in /usr/sbin/squid, there are various options but the cleanest of them is a full upgrade to the latest version of suse and then rebuild the squid rpm with your custom configure flags (that I can talk you though) Ha, I think that this answers my question above - yes please
Right I'm not sure how much you know about rpm's and compiling and stuff ask me about anything I skip over and ignore anything that is clealry obvious: 1. Get the source rpm (squid-somthing.src.rpm) 2. Install it (rpm -ivh squid-somthing.src.rpm) 3. Find the spec file (I think it will be in /usr/src/suse/SPECS but if a suse person can confirm) 4. Edit the .spec file with a text editor and edit the %configure directive to include the flags you need to pass to ./configure 5. Edit the version number at the top so you know what the rpm is 6. Rebuild the rpm with the command: rpmbuild -ba <specfilename.spec> 7. Wait for the rebuild, you will need to make sure that you have the relivent compilers and libaries installed, I'm not sure exactly what squid needs to build 8. Upgrade the rpm in the normal way (rpm -Uvh <rpm name>) -- Tim Fletcher - Technical Adviser Manchester LEA .~. tim@night-shade.org.uk /V\ L I N U X tim@parrswood.manchester.sch.uk // \\ >Don't fear the penguin< irc: Night-Shade on Quakenet /( )\ ^^-^^ "I love the way Microsoft follows standards. In much the same manner that fish follow migrating caribou." Paul Tomblin
----- Original Message ----- From: Tim Fletcher <tim@parrswood.manchester.sch.uk> To: adrian.wells <adrian.wells@sidcot.org.uk> Cc: Chris Puttick <chris@centralmanclc.com>; <suse-linux-uk-schools@suse.com> Sent: Wednesday, April 09, 2003 6:10 PM Subject: Re: [suse-linux-uk-schools] Squid + VNC - Lots of Questions <SNIP>
Right I'm not sure how much you know about rpm's and compiling and stuff ask me about anything I skip over and ignore anything that is clealry obvious:
1. Get the source rpm (squid-somthing.src.rpm) 2. Install it (rpm -ivh squid-somthing.src.rpm) 3. Find the spec file (I think it will be in /usr/src/suse/SPECS but if a suse person can confirm) 4. Edit the .spec file with a text editor and edit the %configure directive to include the flags you need to pass to ./configure 5. Edit the version number at the top so you know what the rpm is 6. Rebuild the rpm with the command: rpmbuild -ba <specfilename.spec> 7. Wait for the rebuild, you will need to make sure that you have the relivent compilers and libaries installed, I'm not sure exactly what squid needs to build 8. Upgrade the rpm in the normal way (rpm -Uvh <rpm name>)
</SMIP> Tim, Thanks for this. I've found SPECS but none for squid (nor on the dvd). so this path is closed. However, we keep our dvd in the drive and noted that during the make process the dvd drive light come on! We're now further down the road having removed the dvd and found our installation in /usr/local/squid but it refuses to build the cache in /usr/local/squid/var/cache The logs directory existed but would not open! I deleted logs and then could not open var. I deleted var, rebooted and created var logs & cache/00 I still get the following errors linux:~ # /usr/local/squid/sbin/squid -z 2003/04/10 12:35:50| Creating Swap Directories FATAL: Failed to make swap directory /usr/local/squid/var/cache/00/00: (13) Permission denied Squid Cache (Version 2.5.STABLE2): Terminated abnormally. CPU Usage: 0.000 seconds = 0.000 user + 0.000 sys Maximum Resident Size: 0 KB Page faults with physical i/o: 10 Do I need to set a permission somewhere? Could I move squid to the original location of 2.3 as SuSE appears to put squid in a different location to other flavours - why? Adrian
Thanks for this. I've found SPECS but none for squid (nor on the dvd). so this path is closed. However, we keep our dvd in the drive and noted that during the make process the dvd drive light come on!
You need to install the source rpm, the latest version from suse is to be found here (this is from 8.0): ftp://fr2.rpmfind.net/linux/SuSE-Linux/suse/i386/update/8.0/zq1/squid-2.4.STABLE6-9.src.rpm the 7.2 squid source rpm is here: ftp://fr2.rpmfind.net/linux/SuSE-Linux/suse/i386/7.2/suse/zq1/squid.spm These are rpms containing the source code, and patches that the distro people put on the source code (like changing paths or pam auth stuff) and also the instructions releating to how to compile the software (the .spec file) You need to install that (rpm -Uvh) and then edit the spec file and then rebuild and install the new rpm
We're now further down the road having removed the dvd and found our installation in /usr/local/squid but it refuses to build the cache in /usr/local/squid/var/cache The logs directory existed but would not open! I deleted logs and then could not open var. I deleted var, rebooted and created var logs & cache/00 I still get the following errors
linux:~ # /usr/local/squid/sbin/squid -z 2003/04/10 12:35:50| Creating Swap Directories FATAL: Failed to make swap directory /usr/local/squid/var/cache/00/00: (13) Permission denied Squid Cache (Version 2.5.STABLE2): Terminated abnormally. CPU Usage: 0.000 seconds = 0.000 user + 0.000 sys Maximum Resident Size: 0 KB Page faults with physical i/o: 10
Do I need to set a permission somewhere?
Yes you need to run: mkdir -p /usr/local/squid/var/cache chown squid /usr/local/squid/var/cache
Could I move squid to the original location of 2.3 as SuSE appears to put squid in a different location to other flavours - why?
Most compile from source packages are set by default to use /usr/local as this prevents them interfering with system stuff (rooted in /) the configure options that suse (and others like redhat and debian) pass to the squid compile process alter where the files live to be in /var,/usr/sbin and /etc so that it fits in the with the rest of the of the system. -- Tim Fletcher - Technical Adviser Manchester LEA .~. tim@night-shade.org.uk /V\ L I N U X tim@parrswood.manchester.sch.uk // \\ >Don't fear the penguin< irc: Night-Shade on Quakenet /( )\ ^^-^^ "A computer lets you make more mistakes faster than any invention in human history - with the possible exceptions of handguns and tequila." -Mitch Ratliffe, Technology Review April, 1992
Hi again Tim,
You need to install the source rpm, the latest version from suse is to be found here (this is from 8.0):
ftp://fr2.rpmfind.net/linux/SuSE-Linux/suse/i386/update/8.0/zq1/squid-2.4.ST ABLE6-9.src.rpm
the 7.2 squid source rpm is here: ftp://fr2.rpmfind.net/linux/SuSE-Linux/suse/i386/7.2/suse/zq1/squid.spm
We had a look around the SuSE site initially but couldn't find the above. We considered a full upgrade, but the site kept dropping us, we then opted to do the auto patch upgrades, and managed about 60% in 4 days! The only mirror that we could connect to for any length of time was the SuSE default. :-( However, after writing yesterday I changed the permissions on the squid folder and all works, including the arp entries. It now reports As time is galloping on, we'll play with VNC again at a later date. Many thanks for all of your help :-) Adrian and a less tearful James
participants (3)
-
adrian.wells -
Chris Puttick -
Tim Fletcher