Re: [squid-users] Problems with ldap authentication

On 8/12/2015 4:00 p.m., Marcio Demetrio Bacci wrote: > I have changed my authentication block as below, but is not working. > > The proxy user is a Read Only Domain Controller member. The password is > correct. > > Samba4, krb5-user and winbindd are installed and work perfectly. Do I need >

Re: [squid-users] squid auth

On 8/12/2015 7:44 p.m., Alex Samad wrote: > Hi > > Currently using 3.1 (from centos 6) > I have setup squid to auth against MS AD > > I have > # ### > # Negotiate > # ### > > # http://wiki.squid-cache.org/Features/Authentication > #

Re: [squid-users] squid reverse proxy infront of exchange 2010

On 8/12/2015 7:35 p.m., Alex Samad wrote: > Hi > > Any suggestions on how to debug this... I wouldn't mind rolling > forward to 3.5 again > Some ideas inline. The main ones are: * re-enable cache.log. It is not optional. * try an upgrade to 3.5.12. There were some regressions in the .10/.11

Re: [squid-users] Problems with ldap authentication

On Tue, Dec 8, 2015 at 6:14 PM, Marcio Demetrio Bacci wrote: > Hi > > In the Squid Server, I want only basic authentication. > > The command: > > /usr/lib/squid3/basic_ldap_auth \ >-b cn=users,dc=empresa,dc=com,dc=br \ >-D cn=proxy,cn=users,dc=empresa,dc=com,dc=br

Re: [squid-users] squid auth

Hi So what your saying is I should install the mskutil and let it manage the squid krb keytab file. Could you possible help with the changed to the squid.conf file do I leave as is and just add kerberos first ? On 8 December 2015 at 20:03, Amos Jeffries wrote: > On

Re: [squid-users] squid auth

Hi, The issue appears if you use the same AD account for samba and the kerberos keytab creation. As samba will reset the password of the AD account and thereby invalidate the extracted keytab. Markus "Alex Samad" wrote in message

Re: [squid-users] squid auth

Hi Alex, Yes I talk about the AD computer account password. Markus "Alex Samad" wrote in message news:CAJ+Q1PVw1rrSvMUjzqbp_QNUAVwN=r7rqrg0lt94hv3v3o9...@mail.gmail.com... so when I do kinit I should use a different account to the samba one. I'm lost sorry. when I attach with winbind,

[squid-users] ssl-bump splice on unsupported ciphers

Hi All, I've read a few articles that indicate squid-3.5 and below doesn't support ssl-bump'ing ECDHE ciphers. Is this correct? If so, is it possible to create/structure acl and ssl-bump rules to splice on unsupported ciphers? I've looked through the available ACL options and doesn't seem

Re: [squid-users] squid auth

so when I do kinit I should use a different account to the samba one. I'm lost sorry. when I attach with winbind, I kinit with my personal admin account and also do a net ads join -U . the password on the doesn't / hasn't changed. are you talking about the computer account password ? if so,

Re: [squid-users] Problems with ldap authentication

Hi, I changed the parameter, but I received the following error: basic_ldap_auth: WARNING, LDAP search error 'Operations error' ERR Success The command line used: /usr/lib/squid3/basic_ldap_auth \ -b dc=empresa,dc=com,dc=br \ -D cn=proxy,cn=users,dc=empresa,dc=com,dc=br -w test_12345 \

Re: [squid-users] ssl-bump splice on unsupported ciphers

On 9/12/2015 1:59 p.m., Michael Hendrie wrote: > Hi All, > > I've read a few articles that indicate squid-3.5 and below doesn't support > ssl-bump'ing ECDHE ciphers. > > Is this correct? That is correct. > If so, is it possible to create/structure acl and ssl-bump rules to splice on >

Re: [squid-users] Slow Squid

Hey Patrick, Can you use some paste for the conf?(maybe http://fpaste.org/) it is really unclear. I am almost sure you are using the windows version so what version are you using? where did you got it from? Basically in some cases it is expected from the proxy to slow down the connection

Re: [squid-users] Slow Squid

On 9/12/2015 1:50 p.m., Patrick Flaherty wrote: > Hi, > > > > My Squid Server is much slower to go through than direct access to the > internet. I would expect it to be slower but not dramatically slower. Any > tips to speed it up? It's only used to access 8 whitelisted domains. I am > not