PDA

View Full Version : Proxy server authentification ..



remd
2007-11-23, 08:41
Hello,

I installed slimserver 6.5.4 on a ubuntu box (through apt), everything seems to work fine, except that I have a proxy server with authentification (my user has full access, but some other users not..), I tried to enter user:pass@ip:port in the proxy server, but in the slimserver it rejects it, I then entered it in the slimserver.pref file, but it just ignores whats in front of the ip.
I then installed the squeezecenter (dev version, through apt), and by entering user:pass@ip:port it accepts that syntax and creates:
webuser: user
webpassword: pass
webproxy: ip:port
in the conf file, but then when I want to do the setup it can't authentificate on the squeezenetwork, and the logs show that it's not using the authentification settings, so thats why its not working. (btw with the 6.5.4 version I could at least access the slimserver through http on the 9000 port, with the new one it just blocks at the squeezenetwork authentification..)
I guess the user/pass settings although accepted, are not used because they are not implemented in the application .. ?

Has anyone had the same problem and/or found a way to make the squeezebox work through a proxy server with auth ..?

Another question; what port do I need to forward from the firewall to access my squeezebox from outside my network ?
(ok I could RTFM...but I've been doing that for a while now on other issues, so it would be nice if someone got the answer. :P)

Mark Lanctot
2007-11-23, 10:52
No idea regarding the main question but:


Another question; what port do I need to forward from the firewall to access my squeezebox from outside my network ?
(ok I could RTFM...but I've been doing that for a while now on other issues, so it would be nice if someone got the answer. :P)

http://wiki.slimdevices.com/index.cgi?ConnectingRemotely

Short answer: 3483 TCP/UDP and 9000 TCP.

mherger
2007-11-24, 00:33
> I installed slimserver 6.5.4 on a ubuntu box (through apt), everything
> seems to work fine, except that I have a proxy server with
> authentification (my user has full access, but some other users not..),
> I tried to enter user:pass@ip:port in the proxy server, but in the

Proxy authentication is not supported. If you don't have the right to access the net without a proxy, you're probably not allowed to use a SB anyway?

Michael

remd
2007-11-24, 02:15
Thanks for the last post, I figured that it wasnt supported out of the box, although its maybe not common I'm probably not the only one with that configuration out there and I was wondering if/how others dealt with it..
Secondly as I said my user has full access(through squid and dansguardian) and I can use the sb if I want to, no offense but, don't just assume that because there is a proxy it automatically means that it is restricted for everyone .. !

mherger
2007-11-24, 02:25
> Thanks for the last post, but I guess u meant to say proxy with auth is
> not supported, because proxy server IS supported.

Correct.

You should probably describe your use case. There might be workarounds for your situation. Eg. allow your slimserver machine to access the internet through those proxies without credentials, based on the IP address. Tunneling might be another option etc.

Also: SlimServer is not run using your user's credentials, but using its own slimserver user.

Michael

remd
2007-11-24, 02:51
I was adding that to my last post, but you answered in the mean time .. :P
"..
For example in my configuration the kids and guest have restricted access on their computer (the auth wouldnt be needed there), but when they go on other computers (which happens sometimes with their own user..) if I configure to let everything through by ip they would have full access, thats why I need to fiter by user and use authentification.
So far I've always been able to configure applications to go through the proxy server.. I could also create a DMZ specially for the SB, but I would have to get a second Wireless AP, since the one I have is behind the Firewall, dedicate a machine for slimserver (or at least 2 network cards with static routes), etc..
It would be simpler for me, and probably some others, to simply enter a user/pass in the sb conf, rather than alter my network configuration
.."

remd
2008-01-12, 13:06
OK, I tried to enter the user/pass in various places in the code, but none have worked for me :(

I now installed squid on the computer that has the slimserver/squeezecenter, and it is configured to go through the main squid on the firewall and passes along the user/pass information for the http auth(only for the ip of the computer that has squeezecenter :). Updated the Squeezecenter proxy info to use the local proxy instead of the main...and voila ..

I guess you could use squid or any other soft on windows/mac/linux that can pass on the user/pass infos to the main proxy to make squeezecenter work through a proxy with auth ..

remd
2008-01-12, 14:47
hmm.. there are still two things that are not stable or doesnt work, but those are probably squid related:
-The 2 squid servers have to be restarted every ~30min otherwise the local squid can't connect any more. I havent found out why yet. Guess I could have a cron job restart the servers every 30min in the mean time ..
-More of a problem is that I can connect to squeezenetwork and services like mp3tunes and browse my files, but I get an error when I try to stream the file ..
(403 forbidden), havent found out how or why exactly yet....probably somwehere in the squid conf...any clues .. ?
I'll post then answer if/when I find it .. :)

remd
2008-01-13, 02:58
The proxy issue seems to be resolved it had to do with the icp_access ..

Now the streaming I can get 3-4 sec streaming before it stops in squeezecenter, and I don't get the 403 error anymore...but still no streaming yet ..

remd
2008-01-19, 14:14
I can play mp3 streams fine through xmms or any other player. So the child proxy did the trick.
However squeezecenter cannot play any mp3 streams (radio or mp3tunes) although it can access the files.
I don't know yet what the problem can be, has anyone an Idea in which direction to look ??

remd
2008-01-19, 14:20
Might be a problem with local .opml files not going through http proxy.. I'll look into that and post if I can figure out a way to make them go through squid and get the problem solved.. :)

less /etc/log/slimsever/server.log | grep error
"..
[08-01-19 21:15:30.0181] Slim::Networking::Async::HTTP::_http_error (264) Error: [403 Forbidden]
[08-01-19 21:15:32.4301] Slim::Networking::SqueezeNetwork::Players::_player s_error (113) Unable to get players from SN: 403 Forbidden, retrying in 300 seconds
[08-01-19 21:23:29.3547] Slim::Networking::Async::HTTP::_http_error (264) Error: [Cannot request non-HTTP URL file:///var/cache/slimserver/infobrowser.opml]
[08-01-19 21:23:29.6057] Slim::Buttons::XMLBrowser::_cliQuery_error (1756) Error: While retrieving [file:///var/cache/slimserver/infobrowser.opml]: [Cannot request non-HTTP URL file:///var/cache/slimserver/infobrowser.opml]
[08-01-19 21:25:27.7762] Slim::Networking::Async::HTTP::_http_error (264) Error: [403 Forbidden]
[08-01-19 21:25:27.7841] Slim::Networking::Async::HTTP::_http_error (264) Error: [403 Forbidden]
[08-01-19 21:25:27.7852] Slim::Networking::SqueezeNetwork::_init_error (86) Unable to get SqueezeNetwork server time, sync is disabled: 403 Forbidden
[08-01-19 21:25:27.7870] Slim::Networking::SqueezeNetwork::_init_error (96) SqueezeNetwork sync init failed: 403 Forbidden, will retry in 300
[08-01-19 21:25:27.7919] Slim::Networking::Async::HTTP::_http_error (264) Error: [403 Forbidden]
[08-01-19 21:25:55.2985] Slim::Networking::Async::HTTP::_http_error (264) Error: [403 Forbidden]
[08-01-19 21:30:02.3569] Slim::Networking::Async::HTTP::_http_error (264) Error: [403 Forbidden]
[08-01-19 21:30:05.1565] Slim::Networking::Async::HTTP::_http_error (264) Error: [403 Forbidden]
[08-01-19 21:30:27.4024] Slim::Networking::Async::HTTP::_http_error (264) Error: [403 Forbidden]
[08-01-19 21:30:27.4038] Slim::Networking::SqueezeNetwork::_init_error (86) Unable to get SqueezeNetwork server time, sync is disabled: 403 Forbidden
[08-01-19 21:30:27.4059] Slim::Networking::SqueezeNetwork::_init_error (96) SqueezeNetwork sync init failed: 403 Forbidden, will retry in 600
[08-01-19 21:33:54.6734] Slim::Player::Source::errorOpening (1604) Error: While opening current track, so mark it as already played!
[08-01-19 21:33:54.6750] Slim::Player::Source::errorOpening (1604) Backtrace:
frame 1: Slim::Player::Source::errorOpening (/usr/share/perl5/Slim/Player/Squeezebox2.pm line 598)
[08-01-19 21:34:22.8712] Slim::Player::Source::errorOpening (1604) Error: While opening current track, so mark it as already played!
[08-01-19 21:34:22.8727] Slim::Player::Source::errorOpening (1604) Backtrace:
frame 1: Slim::Player::Source::errorOpening (/usr/share/perl5/Slim/Player/Squeezebox2.pm line 598)
[08-01-19 21:34:34.7122] Slim::Player::Source::errorOpening (1604) Error: While opening current track, so mark it as already played!
[08-01-19 21:34:34.7134] Slim::Player::Source::errorOpening (1604) Backtrace:
frame 1: Slim::Player::Source::errorOpening (/usr/share/perl5/Slim/Player/Squeezebox2.pm line 598)
.."

remd
2008-01-19, 15:05
Although the browser was configured not to pass any local request to the proxy, that option doesnt always work correctly, and it was configured to send all types of protocoles to the proxy.
Reduced that to only http,s,ftp and it seems that the local .opml files doesnt show up in the error log anymore.

I however now still have:

[08-01-19 22:52:46.0000] Slim::Player::Source::errorOpening (1604) Error: While opening current track, so mark it as already played!
[08-01-19 22:52:46.0012] Slim::Player::Source::errorOpening (1604) Backtrace:
frame 1: Slim::Player::Source::errorOpening (/usr/share/perl5/Slim/Player/Squeezebox2.pm line 598)
[08-01-19 22:52:56.0844] Slim::Player::Source::errorOpening (1604) Error: While opening current track, so mark it as already played!
[08-01-19 22:52:56.0862] Slim::Player::Source::errorOpening (1604) Backtrace:
frame 1: Slim::Player::Source::errorOpening (/usr/share/perl5/Slim/Player/Squeezebox2.pm line 598)


There is apparently a problem opening the stream, and this is at line 598 in the "sub failedDirectStream" part of the Squeezebox2.pm file, so I'm wondering if it tries to stream directly without using the proxy info ? (The local one without the auth, which should then be supported!)

I would need some help on this as I'm not a perl expert ! :P

remd
2008-01-25, 15:23
Haven't changed much other than reserv an ip for the squeezebox and add it in squids acls. (Question: does the squeezebox try to stream through the proxy info given in squeezecenter, or directly to the default gateway .. ?)
Herunder the last error log. It must be close, because browsing mp3tunes or shoutcast goes fine, it just can't play the stream. Has anyone an idea which direction to look .. ?

tail -f /var/log/slimserver/server.log
frame 0: Slim::Utils::Log::logBacktrace (/usr/share/perl5/Slim/Player/Source.pm line 1604)
frame 1: Slim::Player::Source::errorOpening (/usr/share/perl5/Slim/Player/Squeezebox2.pm line 598)
frame 2: Slim::Player::Squeezebox2::failedDirectStream (/usr/share/perl5/Slim/Networking/Slimproto.pm line 517)
frame 3: Slim::Networking::Slimproto::_disco_handler (/usr/share/perl5/Slim/Networking/Slimproto.pm line 338)
frame 4: Slim::Networking::Slimproto::client_readable (/usr/share/perl5/Slim/Networking/Select.pm line 243)
frame 5: (eval) (/usr/share/perl5/Slim/Networking/Select.pm line 243)
frame 6: Slim::Networking::Select::select (/usr/sbin/slimserver line 500)
frame 7: main::idle (/usr/sbin/slimserver line 450)
frame 8: main::main (/usr/sbin/slimserver line 1000)

[08-01-25 23:09:08.5104] Slim::Player::Source::errorOpening (1604) Error: While opening current track, so mark it as already played!
[08-01-25 23:09:08.5116] Slim::Player::Source::errorOpening (1604) Backtrace:

frame 0: Slim::Utils::Log::logBacktrace (/usr/share/perl5/Slim/Player/Source.pm line 1604)
frame 1: Slim::Player::Source::errorOpening (/usr/share/perl5/Slim/Player/Squeezebox2.pm line 598)
frame 2: Slim::Player::Squeezebox2::failedDirectStream (/usr/share/perl5/Slim/Networking/Slimproto.pm line 517)
frame 3: Slim::Networking::Slimproto::_disco_handler (/usr/share/perl5/Slim/Networking/Slimproto.pm line 338)
frame 4: Slim::Networking::Slimproto::client_readable (/usr/share/perl5/Slim/Networking/Select.pm line 243)
frame 5: (eval) (/usr/share/perl5/Slim/Networking/Select.pm line 243)
frame 6: Slim::Networking::Select::select (/usr/sbin/slimserver line 500)
frame 7: main::idle (/usr/sbin/slimserver line 450)
frame 8: main::main (/usr/sbin/slimserver line 1000)

[08-01-25 23:09:18.5662] Slim::Player::Source::errorOpening (1604) Error: While opening current track, so mark it as already played!
[08-01-25 23:09:18.5674] Slim::Player::Source::errorOpening (1604) Backtrace:

frame 0: Slim::Utils::Log::logBacktrace (/usr/share/perl5/Slim/Player/Source.pm line 1604)
frame 1: Slim::Player::Source::errorOpening (/usr/share/perl5/Slim/Player/Squeezebox2.pm line 598)
frame 2: Slim::Player::Squeezebox2::failedDirectStream (/usr/share/perl5/Slim/Networking/Slimproto.pm line 517)
frame 3: Slim::Networking::Slimproto::_disco_handler (/usr/share/perl5/Slim/Networking/Slimproto.pm line 338)
frame 4: Slim::Networking::Slimproto::client_readable (/usr/share/perl5/Slim/Networking/Select.pm line 243)
frame 5: (eval) (/usr/share/perl5/Slim/Networking/Select.pm line 243)
frame 6: Slim::Networking::Select::select (/usr/sbin/slimserver line 500)
frame 7: main::idle (/usr/sbin/slimserver line 450)
frame 8: main::main (/usr/sbin/slimserver line 1000)

[08-01-25 23:09:28.6262] Slim::Player::Source::errorOpening (1604) Error: While opening current track, so mark it as already played!
[08-01-25 23:09:28.6275] Slim::Player::Source::errorOpening (1604) Backtrace:

frame 0: Slim::Utils::Log::logBacktrace (/usr/share/perl5/Slim/Player/Source.pm line 1604)
frame 1: Slim::Player::Source::errorOpening (/usr/share/perl5/Slim/Player/Squeezebox2.pm line 598)
frame 2: Slim::Player::Squeezebox2::failedDirectStream (/usr/share/perl5/Slim/Networking/Slimproto.pm line 517)
frame 3: Slim::Networking::Slimproto::_disco_handler (/usr/share/perl5/Slim/Networking/Slimproto.pm line 338)
frame 4: Slim::Networking::Slimproto::client_readable (/usr/share/perl5/Slim/Networking/Select.pm line 243)
frame 5: (eval) (/usr/share/perl5/Slim/Networking/Select.pm line 243)
frame 6: Slim::Networking::Select::select (/usr/sbin/slimserver line 500)
frame 7: main::idle (/usr/sbin/slimserver line 450)
frame 8: main::main (/usr/sbin/slimserver line 1000)

[08-01-25 23:09:38.6991] Slim::Player::Source::errorOpening (1604) Error: While opening current track, so mark it as already played!
[08-01-25 23:09:38.7005] Slim::Player::Source::errorOpening (1604) Backtrace:

frame 0: Slim::Utils::Log::logBacktrace (/usr/share/perl5/Slim/Player/Source.pm line 1604)
frame 1: Slim::Player::Source::errorOpening (/usr/share/perl5/Slim/Player/Squeezebox2.pm line 598)
frame 2: Slim::Player::Squeezebox2::failedDirectStream (/usr/share/perl5/Slim/Networking/Slimproto.pm line 517)
frame 3: Slim::Networking::Slimproto::_disco_handler (/usr/share/perl5/Slim/Networking/Slimproto.pm line 338)
frame 4: Slim::Networking::Slimproto::client_readable (/usr/share/perl5/Slim/Networking/Select.pm line 243)
frame 5: (eval) (/usr/share/perl5/Slim/Networking/Select.pm line 243)
frame 6: Slim::Networking::Select::select (/usr/sbin/slimserver line 500)
frame 7: main::idle (/usr/sbin/slimserver line 450)
frame 8: main::main (/usr/sbin/slimserver line 1000)

[08-01-25 23:09:48.7631] Slim::Player::Source::errorOpening (1604) Error: While opening current track, so mark it as already played!
[08-01-25 23:09:48.7646] Slim::Player::Source::errorOpening (1604) Backtrace:

frame 0: Slim::Utils::Log::logBacktrace (/usr/share/perl5/Slim/Player/Source.pm line 1604)
frame 1: Slim::Player::Source::errorOpening (/usr/share/perl5/Slim/Player/Squeezebox2.pm line 598)
frame 2: Slim::Player::Squeezebox2::failedDirectStream (/usr/share/perl5/Slim/Networking/Slimproto.pm line 517)
frame 3: Slim::Networking::Slimproto::_disco_handler (/usr/share/perl5/Slim/Networking/Slimproto.pm line 338)
frame 4: Slim::Networking::Slimproto::client_readable (/usr/share/perl5/Slim/Networking/Select.pm line 243)
frame 5: (eval) (/usr/share/perl5/Slim/Networking/Select.pm line 243)
frame 6: Slim::Networking::Select::select (/usr/sbin/slimserver line 500)
frame 7: main::idle (/usr/sbin/slimserver line 450)
frame 8: main::main (/usr/sbin/slimserver line 1000)

[08-01-25 23:09:58.8228] Slim::Player::Source::errorOpening (1604) Error: While opening current track, so mark it as already played!
[08-01-25 23:09:58.8241] Slim::Player::Source::errorOpening (1604) Backtrace:

frame 0: Slim::Utils::Log::logBacktrace (/usr/share/perl5/Slim/Player/Source.pm line 1604)
frame 1: Slim::Player::Source::errorOpening (/usr/share/perl5/Slim/Player/Squeezebox2.pm line 598)
frame 2: Slim::Player::Squeezebox2::failedDirectStream (/usr/share/perl5/Slim/Networking/Slimproto.pm line 517)
frame 3: Slim::Networking::Slimproto::_disco_handler (/usr/share/perl5/Slim/Networking/Slimproto.pm line 338)
frame 4: Slim::Networking::Slimproto::client_readable (/usr/share/perl5/Slim/Networking/Select.pm line 243)
frame 5: (eval) (/usr/share/perl5/Slim/Networking/Select.pm line 243)
frame 6: Slim::Networking::Select::select (/usr/sbin/slimserver line 500)
frame 7: main::idle (/usr/sbin/slimserver line 450)
frame 8: main::main (/usr/sbin/slimserver line 1000)

remd
2008-01-26, 15:29
Tried to update to squeezecenter (apt-get install) (instead of apt-get upgrade slimserver), but ran into other problems:

[08-01-26 23:12:12.9273] Slim::Networking::Async::connect (121) Warning: Can't call method "set" on an undefined value at /usr/share/perl5/Slim/Networking/Async.pm line 121.
2008-01-26 23:12:16 SqueezeCenter died. Restarting.
(kept restarting..)

so, now back to slimserver 7, and to the same point where I can browse the files, or radios, but no streaming .. (from squeezecenter, because other players like xmms it's ok ..)

remd
2008-01-26, 15:43
I have a question here:
I'm not sure of this, but it is as if the squeezecenter can access the radios, mp3tunes etc, because it has the proxy info (without the auth, so this is working as expected...), but it looks like the squeezebox then connects to the stream to play it...directly ??
(without going through the squeezcenter ..?), and not only that, but that the proxy information (the one without auth, that should be supported) doesnt seem to be passed on to the player, the request is then sent directly to the default gateway .. ?
..and therefore cannot play the streams..?

Can someone help me with this .. ?



frame 0: Slim::Utils::Log::logBacktrace (/usr/share/perl5/Slim/Player/Source.pm line 1604)
frame 1: Slim::Player::Source::errorOpening (/usr/share/perl5/Slim/Player/Squeezebox2.pm line 598)
frame 2: Slim::Player::Squeezebox2::failedDirectStream (/usr/share/perl5/Slim/Networking/Slimproto.pm line 517)

remd
2008-01-26, 16:08
I saw from the squid that passes on the user/pass info that a connection is tried to be made when trying to play the stream on port 3000 of squeezenetwork.com (I added that port in the acl safe_ports of the main proxy so it can pass), and now I see it in the main proxy but I get a TCP_MISS/200 error. I'll see what that is about ..

child proxy logs:
1201387520.545 RELEASE -1 FFFFFFFF A7A2FFD757E6E17BAA679E730291AACE 200 1201387482 -1 -1 text/x-json -1/119 GET http://www.squeezenetwork.com:3000/api/v1/players

main parent proxy log:
1201387219.352 656 127.0.0.1 TCP_MISS/200 422 GET http://www.squeezenetwork.com:3000/api/v1/players "user" DIRECT/207.7.156.10 text/x-json

remd
2008-01-26, 16:33
This confirms that a working workaround for proxies with auth is to install a child proxy on the computer or same network that passes on the user/pass info.
It would however be easier if a user/pass option can be added along with the proxy info !

In my case what helped unblock the last hurdle was probably 2 things; I alowed port 3000 to go through the main proxy/fw (btw nice new interface for squeezenetwork :), and in the squeezebox menu I chose beta squeezenetwork, and then it started to work ..!
(I also added the child proxy info in the squeezenetwork.com beta site, dunno how much that helped since it should have got that info from the squeezecenter ..)

Hope this can help others with the same conf! :)

remd
2008-01-26, 17:01
ok, squeezenetwork beta seems to work, although only with services like mp3tunes, not with shoutcast for ex ..

but with squeezecenter there is still the same problem ..
browsing ok, but no streaming ..

Wonder if it has anything to do with the main proyx/fw blocking, but then why would other players work fine going though the child proxy going to the same streams .. ?

run out of ideas for the moment..but probably be back ! :P

mherger
2008-01-26, 22:55
> This confirms that a working workaround for proxies with auth is to
> install a child proxy on the computer or same network that passes on
> the user/pass info.

Please disable direct streaming in Settings/Players/Audio/Last option in that long list. SC will then figure as this local proxy.

--

Michael

remd
2008-01-27, 14:19
Thanks for the tip !
mp3tunes works now...but not radios, like shoutcast ..

main parent squid log:
1201466923.388 0 192.168.x.x UDP_MISS/000 171 ICP_QUERY http://content.mp3tunes.com/storage/lockerplay/"numbers"?sid="numbers"&partner_token="token" - NONE/- -
1201466940.107 0 192.168.x.x UDP_MISS/000 53 ICP_QUERY http://shoutcast.omroep.nl:8104/ - NONE/- -
1201466942.438 18849 127.0.0.1 TCP_MISS/200 1943313 GET http://content.mp3tunes.com/storage/lockerplay/"numbers"? "user" DIRECT/130.94.91.39 audio/mp3
1201466942.494 0 192.168.x.x UDP_MISS/000 53 ICP_QUERY http://shoutcast.omroep.nl:8104/ - NONE/- -

It shows that for mp3tunes, a "icp_query" is followed by a "Get" and then plays the stream, wheras for shoutcast (or any link) there is no "Get" passing after the "icp_query" ..
Dunno why for the moment ..

(The "miss" just means that it missed the cache mem ..)

This is the main parent squid log when I play a stream with xmms (this works):
1201467706.366 60148 127.0.0.1 TCP_MISS/200 1208453 GET http://205.188.215.230:8002/ "user" DIRECT/205.188.215.230 -
1201467707.801 0 192.168.x.x UDP_MISS/000 49 ICP_QUERY http://205.188.215.230:8002/ - NONE/-

remd
2008-03-17, 15:50
After rebooting the computers that have the proxies and the squeezecenter, the streaming from the Internet works now !

Just a few urls mainly from shoutcast at the moment don't (even if I get the right url behind the .pls file. Might have something to do with some tcp ports not going through..), but 90% of the streams, mp3 tunes etc all work! :)

remd
2008-09-05, 04:08
Could everyone that would like proxy authentication to be available in SqueezeCenter vote for this bug plse: 6277
http://bugs.slimdevices.com/show_bug.cgi?id=6277