RE: [squid-users] Problem compiling Squid 3.1.18 on Ubuntu 10.04 LTS - store.cc
Hi Amos, Is there a beta testing process where we can be notified before a release is planned - so we can do some pre-release testing on these patches? Thanks and regards, Justin -Original Message- From: kzl [mailto:kwan...@rocketmail.com] Sent: Thursday, December 08, 2011 2:11 PM To: Amos Jeffries; squid-users@squid-cache.org Subject: Re: [squid-users] Problem compiling Squid 3.1.18 on Ubuntu 10.04 LTS - store.cc So it need to change two file. Thanks. cheers, KZ - Original Message - From: Amos Jeffries squ...@treenet.co.nz To: squid-users@squid-cache.org Cc: Sent: Thursday, December 8, 2011 2:04 PM Subject: Re: [squid-users] Problem compiling Squid 3.1.18 on Ubuntu 10.04 LTS - store.cc On 8/12/2011 6:33 p.m., kzl wrote: Hi Amos, As refer to http://bugs.squid-cache.org/show_bug.cgi?id=3440 , how to change StoreEntry::deferProducer not to be const? I'd tried just remove const word in the line, it shows: store.cc:372: error: prototype for `void StoreEntry::deferProducer(RefCountAsyncCall)' does not match any in class `StoreEntry' Store.h:194: error: candidate is: void StoreEntry::deferProducer(const RefCountAsyncCall) *** Error code 1 cheers, kz This is the patch that went on top of 3.1.18: http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10415.patch Amos This message and the information contained herein is proprietary and confidential and subject to the Amdocs policy statement, you may review at http://www.amdocs.com/email_disclaimer.asp
[squid-users] Delay pool and ICAP problem
Hi, I'm testing Delay pools with 3.2.0.13-20111206-r11454 delay_pools 1 delay_class 1 1 delay_parameters 1 1572864/1572864 delay_access 1 allow all !CONNECT Delay pools works fine But when I added ICAP, there are many suspending ICAP service for too many failures in cache.log #ICAP### icap_enable on icap_service s1 respmod_precache bypass=on icap://x.x.x.x:1025/av/respmod adaptation_service_set service1 s1 adaptation_access service1 deny ICAP_BYPASS adaptation_access service1 allow all icap_preview_enable off icap_send_client_ip on icap_service_failure_limit 50 icap_connect_timeout 30 seconds icap_io_timeout 120 seconds icap_service_revival_delay 10 ## I tried something like acl ICAP port 1025 delay_access 1 allow all !CONNECT !ICAP Without success Does anyone have any suggestions on how to fix
Re: [squid-users] Kerberos auth and users in another AD domain
On Thu, Dec 08, 2011 at 09:14:51PM +0100, Emmanuel Lacour wrote: As negotiate is proposed and IE support it, it always try to authenticate with negotiate and so it fails every time. this is by design since XP SP2: http://support.microsoft.com/kb/891559 I did not found any workaround. here is a setup that I tested, which allow evry kind of auth, exept from an IE client not in the AD domain: auth_param negotiate program /usr/lib/squid3/negotiate_kerb_auth -d -s GSS_C_NO_NAME auth_param negotiate children 5 auth_param negotiate keep_alive off auth_param ntlm program /usr/bin/ntlm_auth --diagnostics --helper-protocol=squid-2.5-ntlmssp --domain=TEST auth_param ntlm children 5 auth_param ntlm keep_alive off auth_param basic program /usr/lib/squid3/squid_ldap_auth -R -b dc=test,dc=local -D cn=Administrator,cn=Users,dc=test,dc=local -w x -f sAMAccountName=%s -h win-hlbivo4bbdl.test.local -d auth_param basic casesensitive off auth_param basic children 5 auth_param basic realm Proxy TEST NB: setting a default domain for ntlm allow users to just use the login, without domain\ before NB: keep_alive off, as written in the docs helps at least FF to not prompt multiple time for auth
Re: [squid-users] Problem compiling Squid 3.1.18 on Ubuntu 10.04 LTS - store.cc
On 9/12/2011 9:19 p.m., Justin Lawler wrote: Hi Amos, Is there a beta testing process where we can be notified before a release is planned - so we can do some pre-release testing on these patches? Thanks and regards, Justin Notifications are processed through bugzilla. With applied to squid-X updates going out to everyone subscribed to the relevant bug. At that time or shortly after the patch is available on the changesets page. For changes and fixes without specific bugs there is no explicit notifications, usually just feedback to the discussion thread which brought it to our attention for fixing. Pre-release snapshots of everything (tarballs, checkpoints, dailies, nightlies, bundles, whatever you call them) are released for testing on a daily basis provided they build on a test machine. Those who want to beta-test everything on an ongoing basis usually rsync the sources or follow the series bzr branch then create bug reports of issues found there. The reports prevent me thinking the state is stable enough to tag the snapshot revision for release and creates a point for notifications back to the tester when fixed. HTH AYJ
Re: [squid-users] Prevent squid from adding headers
On 9/12/2011 8:05 p.m., Jan van Riebeeck wrote: Hi list, I'm using squid proxy in a debugging context. So I've configured it to not cache anything. However, squid still adds headers to all my requests and responses. I'd like to see the response *exactly* as it came from the web server, and I'd like the web server to receive my request exactly as I sent it. This means I want squid not to add Via, X-Cache and X-Cache-Lookup headers. Answers I've read to this problem boil down to using header_access to strip out a header. However, if a response comes back with a via header from the loadbalancer at the server side, then I want to see it... So I don't want to ban the header, I just want squid to be absolutely silent. Is that possible without modifying the source? With Squid-3.2 we have added debug level 11,2 with display of the transaction details about exactly what is going over the network. You will need the very latest daily 3.2 snapshot at present for highest stability with the feature available. Amos
[squid-users] Re: Kerberos auth and users in another AD domain
Did you try my negotiate wrapper ? It is part of squid 3.2, but right now only works with 3.1 ( I have an open bug for 3.2) Markus Emmanuel Lacour elac...@easter-eggs.com wrote in message news:20111209110446.gc11...@easter-eggs.com... On Thu, Dec 08, 2011 at 09:14:51PM +0100, Emmanuel Lacour wrote: As negotiate is proposed and IE support it, it always try to authenticate with negotiate and so it fails every time. this is by design since XP SP2: http://support.microsoft.com/kb/891559 I did not found any workaround. here is a setup that I tested, which allow evry kind of auth, exept from an IE client not in the AD domain: auth_param negotiate program /usr/lib/squid3/negotiate_kerb_auth -d -s GSS_C_NO_NAME auth_param negotiate children 5 auth_param negotiate keep_alive off auth_param ntlm program /usr/bin/ntlm_auth --diagnostics --helper-protocol=squid-2.5-ntlmssp --domain=TEST auth_param ntlm children 5 auth_param ntlm keep_alive off auth_param basic program /usr/lib/squid3/squid_ldap_auth -R -b dc=test,dc=local -D cn=Administrator,cn=Users,dc=test,dc=local -w x -f sAMAccountName=%s -h win-hlbivo4bbdl.test.local -d auth_param basic casesensitive off auth_param basic children 5 auth_param basic realm Proxy TEST NB: setting a default domain for ntlm allow users to just use the login, without domain\ before NB: keep_alive off, as written in the docs helps at least FF to not prompt multiple time for auth
Re: [squid-users] Re: Kerberos auth and users in another AD domain
On Fri, Dec 09, 2011 at 06:31:07PM -, Markus Moeller wrote: Did you try my negotiate wrapper ? It is part of squid 3.2, but right now only works with 3.1 ( I have an open bug for 3.2) looks interesting, I'm going to grab it from last 3.2 sources and compile it for 3.1. I'll let you know if it fixes one/all of my authentications problems ;)
Re: [squid-users] Re: Kerberos auth and users in another AD domain
On Fri, Dec 09, 2011 at 06:31:07PM -, Markus Moeller wrote: Did you try my negotiate wrapper ? It is part of squid 3.2, but right now only works with 3.1 ( I have an open bug for 3.2) Can you give me hints on how to build it for 3.1 ?
[squid-users] Re: Re: Kerberos auth and users in another AD domain
Try my version on sourceforge https://downloads.sourceforge.net/project/squidkerbauth/negotiate_wrapper/negotiate_wrapper-1.0.1/negotiate_wrapper-1.0.1.tar.gz?r=https%3A%2F%2Fsourceforge.net%2Fprojects%2Fsquidkerbauth%2Fts=1323468064use_mirror=switch Emmanuel Lacour elac...@easter-eggs.com wrote in message news:20111209203605.gf11...@easter-eggs.com... On Fri, Dec 09, 2011 at 06:31:07PM -, Markus Moeller wrote: Did you try my negotiate wrapper ? It is part of squid 3.2, but right now only works with 3.1 ( I have an open bug for 3.2) Can you give me hints on how to build it for 3.1 ?
[squid-users] Re: Re: Kerberos auth and users in another AD domain
BTW you can also compile 3.2 and just copy the binary. It works as standalone helper. Markus Moeller hua...@moeller.plus.com wrote in message news:jbu0gi$d5d$1...@dough.gmane.org... Try my version on sourceforge https://downloads.sourceforge.net/project/squidkerbauth/negotiate_wrapper/negotiate_wrapper-1.0.1/negotiate_wrapper-1.0.1.tar.gz?r=https%3A%2F%2Fsourceforge.net%2Fprojects%2Fsquidkerbauth%2Fts=1323468064use_mirror=switch Emmanuel Lacour elac...@easter-eggs.com wrote in message news:20111209203605.gf11...@easter-eggs.com... On Fri, Dec 09, 2011 at 06:31:07PM -, Markus Moeller wrote: Did you try my negotiate wrapper ? It is part of squid 3.2, but right now only works with 3.1 ( I have an open bug for 3.2) Can you give me hints on how to build it for 3.1 ?