Hi All.
In our environment (squid-3.0.STABLE13 + CentOS + ntlm + kerberos + win 2k3
ADS), new msn messenger was not working. So we forced the users to use msn
messenger version 8.1 which was working.
But from today morning onwards, we found that, for all the users when they try
to login to
Hi,
Through our squid proxy, for few users if they tried to login through skype,
after taking long delay (say 10 minutes) they are able to login to Skype (but i
didnt do any specific settings for that). On the other hand many of the users
are not able to log in.
How can i safely allow skype
working. In the client side i tested with
a. ubuntu 9.04 box and with firefox 3.0, (here a java
window is prompting
for user/pass and once i given the req info, then it
says Error Details
in that Java window in dailyfx.com)
b. with win XP and firefox and IE (both just given
Error
-
http_access deny !AuthorizedUsers
... performs authentication. Which was your problem with
Java...
order is important!
So does it mean, i need to put them as the following;
### For JAVA
acl Java browser Java/1.4 Java/1.5 Java/1.6
acl testnet src 192.168.7.0/24
acl testnet src
-
http_access deny !AuthorizedUsers
... performs authentication. Which was your problem
with
Java...
order is important!
So does it mean, i need to put them as the following;
### For JAVA
acl Java browser Java/1.4 Java/1.5 Java/1.6
acl testnet src 192.168.7.0/24
acl
Truth Seeker(?) might try that though.
Am I to understand that Java is just really bad at
NTLM auth, so much so
that people just whitelist it for unauthenticated
access?
Yes.
Personally I recommend adding other ACL such as sources
which are allowed
to use Java in this way. To reduce
acl Java browser Java/1.4 Java/1.5 Java/1.6
acl localnet src 192.168.0.1/24
http_access allow localnet Java
But for me even with the above said acl's its not working. In the client side i
tested with
a. ubuntu 9.04 box and with firefox 3.0, (here a java window is prompting for
Really thanks for your effort... i was not able to get back to you, just bcoz
there were so many unexpected issues on the proxy...
Now your resolution didnt worked for me...
I didnt even got the
http://balancer.netdania.com/StreamingServer/StreamingServer? in my access.log
rather i could
Hi all...
I have squid-3.0.STABLE13-1.el5 on CentOS 5.3 which is authenticating with 2003
AD (kerb + winbind) and have different acls (group based) in place.
The problem is, java is not working for our users. Previously they all were
using ISA, and java was working for them.
in the following
Any help is really appreciated!!!
Try being case-sensitive in the group names. The ones you
configured Squid with do not match the ones you detailed as
example. Assuming both were correct they may be mis-matched
because 'S' is not 's' etc.
It was my mistake in the mail. all
Hi Techies,
I am on my way to migrate ISA Proxy Server to Squid Proxy Server, without any
downtime. I was able to setup a simple squid server, with Samba, Winbind,
Kerberos, to just authenticate users based on the ADS information, and allow
access to all authenticated users, and denies for
Dear Markus,
One more finding... when i issued the command klist.. i feel like something is
wrong. pls look below;
[r...@linuxproxy ~]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: HTTP/linuxproxy.panasonic@panasonic.com
Valid starting ExpiresService
Dear Markus,
please look in to the following informations;
[r...@linuxproxy ~]# kinit -k -t HTTP.keytab HTTP/linuxproxy.panasonic.com
kinit(v5): No such file or directory while getting initial credentials
[r...@linuxproxy ~]# kinit -k -t HTTP.keytab HTTP/linuxproxy
kinit(v5): Client not found
variable ?
Can you do a successful kinit -k squid.keytab
HTTP/hostname ?
Can you add a -d to squid_kerb_auth and send me the output
?
Did you use the fqdn in IE to point to squid ?
Regards
Markus
Truth Seeker truth_seeker_3...@yahoo.com
wrote in message news:177962.48305
Dear Pro's
I am trying to configure a squid proxy in Windows 2003 Active Directory
Environment. I need to make the migration from MS ISA Proxy to Squid 3.0
Stable13 on CentOS 5.2
My primary goal is;
1. authenticate users without asking username/password (i mean like how a
normal windows
Jeffries squ...@treenet.co.nz wrote:
From: Amos Jeffries squ...@treenet.co.nz
Subject: Re: [squid-users] Squid + Kerberos + Active Directory
To: Truth Seeker truth_seeker_3...@yahoo.com
Cc: Squid maillist squid-users@squid-cache.org
Date: Tuesday, June 2, 2009, 2:53 PM
Truth Seeker wrote:
Dear
, Yanier Salazar Sanchez
yanier.sala...@eleccav.une.minbas.cu wrote:
From: Yanier Salazar Sanchez yanier.sala...@eleccav.une.minbas.cu
Subject: RE: [squid-users] MAC + IP Combined ACL - WIll it work???
To: 'Truth Seeker' truth_seeker_3...@yahoo.com
Date: Monday, May 25, 2009, 6:42 PM
(Acl
Dear Pro's,
I am implementing a squid proxy based on MAC address based authetication with
squid 3.0 Stable + CentOS 5.2. I would like to know whether i could configure
in such a way that squid will allow access only if both the MAC address and IP
address pair matches.
For example; if user
***---***--***
--- On Mon, 5/25/09, Amos Jeffries squ...@treenet.co.nz wrote:
From: Amos Jeffries squ...@treenet.co.nz
Subject: Re: [squid-users] MAC + IP Combined ACL - WIll it work???
To: Truth Seeker truth_seeker_3...@yahoo.com
Cc: Squid
Hello,
in my squid.conf (squid 3.0 + CentOS 5.2) i had enabled the debugging with the
following values.
debug_options ALL,1 33,2 28,9
and the following is about the acl declaration (just the default with very few
changes)
[r...@igate ~]# egrep '^acl|^http_access' /etc/squid/squid.conf
acl
Dear Techies,
I configured squid server with MAC authentication in a CentOS 5.2 + squid 3.0
installation. I enabled debug_options ALL,1 33,2 28,9 in the squid.conf...
Now in cache.log i can see so...o.o oo many ERROR messages as
the following...
HOW CAN I RESOLVE THIS
that people with no understanding of technologies want
to evaluate technical professionals based on their own lack of knowledge
***---***--***
--- On Mon, 3/30/09, Truth Seeker truth_seeker_3...@yahoo.com wrote:
From: Truth Seeker truth_seeker_3
To: squid-users@squid-cache.org
Date: Monday, March 30, 2009, 11:55 AM
-Inline Attachment Follows-
Hello,
please configure your mailer to wrap lines below 80
characters per line.
72 to 75 is usually OK.
Thank you.
On 27.03.09 23:40, Truth Seeker wrote:
I have an acl which
Hi all,
AS i had placed download restrcition for different groups, one of my user who
is limited to download max of 2MB per object is not able to download files from
our own external server, which is accessed through the proxy. As many of the
files on that server is of 20, 25MB etc.
So i
Dear Techies,
In my proxy server, i have different types of rules in place for different kind
of user groups. all of the custom denial is provided with custom ERR pages and
the default ERR pages are also there to serve for other default service deinal
situation, like cache restart, dns error
Hi Techies,
I have an acl which blocks download of file with harmful extension's. like
.exe, .bat, .com, etc. This rule is working fine. the following is the details
of it;
### Blocking of Dangerous extensions to certain groups
acl dangerous_extension urlpath_regex -i
***---***--***
--- On Sat, 3/28/09, Marcus Kool marcus.k...@urlfilterdb.com wrote:
From: Marcus Kool marcus.k...@urlfilterdb.com
Subject: Re: [squid-users] .com extension blocking causing blocking of
redirecting URL's
To: Truth Seeker truth_seeker_3...@yahoo.com
Cc: Squid maillist
blocking causing blocking of
redirecting URL's
To: Truth Seeker truth_seeker_3...@yahoo.com
Cc: Squid maillist squid-users@squid-cache.org
Date: Saturday, March 28, 2009, 6:42 PM
Truth Seeker wrote:
Dear Marcus,
Thanks for your reply... But its not working for me.
The thing is my acl
:
From: Shekharsahab14 shekharsaha...@gmail.com
Subject: Re: [squid-users] .com extension blocking causing blocking of
redirecting URL's
To: Luis Daniel Lucio Quiroz luis.daniel..lu...@gmail.com
Cc: squid-users@squid-cache.org squid-users@squid-cache.org, Truth
Seeker truth_seeker_3
)
To: Truth Seeker truth_seeker_3...@yahoo.com
Cc: Amos Jeffries squ...@treenet.co.nz
Date: Wednesday, March 25, 2009, 11:03 PM
-
--
---
Always try to find truth!!!
***---***--***
Its always nice to know that people
wrote:
From: Amos Jeffries squ...@treenet.co.nz
Subject: Re: [squid-users] https site denial only loads a part of the
defined error message
To: Truth Seeker truth_seeker_3...@yahoo.com
Cc: Squid maillist squid-users@squid-cache.org
Date: Wednesday, March 25, 2009, 10:26 PM
In my squid.conf, i am trying to grant access ONLY to a set of predefined sites
for a group of users (those who are member of limitedsurfers). They are not
allowed to access any other thing from the Internet. The following is the acl
which i created
All my other rules are working
For certain groups, we are giving access to public mail servers like
gmail/yahoo etc based on time only. When they are trying to access any http
mail site, they are getting the complete error message which i defined, but
when they are accessing any https:// mail site, they are getting the
Dear Techies,
From the error message, i came to know that, %U calls the entire URL to
display in the error messages. I would like to call the following things to
the Error messages. how could i do that;
1. URL path (that is after the domain name in a URL)
2. URL domain name (jut the content
Dear Squid Techies,
I have declared 5 reply_body_max_size for different groups, restricting them on
different limit, say 100MB, 75MB, 2MB, 2MB, 1MB accordingly.
I would like to give all these groups different error messages based on which
group of users is trying to download more. Right now,
35 matches
Mail list logo