#passwd user
Authentication Token Manipulation Error
#

This error is being produced because you are using shadowed password files and the shadow doesn’t have entry for this user. i.e, passwd file has an entry for this user, but shadow file doesn’t.

In order to resolve this, you can either add the entry manually or recreate the shadow file. You can use pwconv to recreate the shadow file. See the manpage for more details on this.

Example of squid.conf

http_port 10000
hierarchy_stoplist cgi-bin ?

acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY

auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320

acl all src 0.0.0.0/0.0.0.0
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http

acl ncsa_users proxy_auth REQUIRED
http_access deny !Safe_ports
http_access allow ncsa_users
visible_hostname mysite.com
coredump_dir /var/spool/squid

service squid start

Setting proxy for wget:

export http_proxy=http://anton:testinsg@mysite:10000

If you want to make it anonymous add these lines:

forwarded_for off

header_access Allow allow all
header_access Authorization allow all
header_access WWW-Authenticate allow all
header_access Proxy-Authorization allow all
header_access Proxy-Authenticate allow all
header_access Cache-Control allow all
header_access Content-Encoding allow all
header_access Content-Length allow all
header_access Content-Type allow all
header_access Date allow all
header_access Expires allow all
header_access Host allow all
header_access If-Modified-Since allow all
header_access Last-Modified allow all
header_access Location allow all
header_access Pragma allow all
header_access Accept allow all
header_access Accept-Charset allow all
header_access Accept-Encoding allow all
header_access Accept-Language allow all
header_access Content-Language allow all
header_access Mime-Version allow all
header_access Retry-After allow all
header_access Title allow all
header_access Connection allow all
header_access Proxy-Connection allow all
header_access Cookie allow all
header_access Set-Cookie allow all
header_access All deny all

acl ip4 myaclname yourip
tcp_outgoing_address yourip myaclname

Generate acl and tcp_outgoing_address:

for f in {314..372}; do echo “acl ip$((f))” myip aaa.bbb.ccc.$((f-246)) >> “blah1″; done
for f in {314..372}; do echo “tcp_outgoing_address aaa.bbb.ccc.$((f-246))” ip$((f)) >> “blah1″; done