Make sure that the linux machines clock is more or less exactly in the
same time as the DC (I think the default maximum difference is 5min for
the authentication to succeed).
Regards,
tuukka
-Mensaje original-
De: Ian Bert Tusil [mailto:[EMAIL PROTECTED]
Enviado el: Thursday, June
Hi,
At 20.32 23/06/2005, [EMAIL PROTECTED] wrote:
Hi,
I have squid-2.5.ESTABLE6-3 installed with NTLM authentication to an active
directory domain. According to the manual, the parameter authenticate_ttl
and the option ttl of external_acl_type define a cache for authentication
requests.
But,
We require our users to use a farm of centralized Squid Proxies to
access the internet. Recently, I added Dansguardian with the AV patch
to the bunch and things seem to run well.
Except for streams, which I found out not to work even when ONLY using
squid.
Example:
With Dansguardian:
I am tiring to blocksome site using my squid proxy 2.5 stables.I configure
the acl and deny them .How can I verify the that file that contain the block
site is been check.Because I am able to access these site and they should be
block .Can some advised.
Dani
got it joined in the domain. thnx roman. now this time, this is weird.
winbind is fine,
i can now check using ntlm_auth too.
have this configuration of my samba:
workgroup = IBCJAPAN
security = ads
netbios name = devian
realm = ibccorp.co.jp
encrypt passwords = yes
password server = DCCIT
idmap
Hi all!
After some time of rying, I found, that I am not able to get User ID into
logs for afterprocessing (we access statistics with SARG), even with custom
log patch installed.. My proxy setup is, that I pass requests from client
directly to parrent proxy and authentification info is passed via
I patched squid-2.5.STABLE10 with icap-2.5.patch. How do I re-create
configure as patch modified configure.in?
Look here:
http://www.squid-cache.org/Doc/FAQ/FAQ.html#toc2.6
Hi, I can't find any instructions on this URL how to re-create configure
after configure.in was patched.
And tell
Damian Forrester wrote:
I am tiring to blocksome site using my squid proxy 2.5 stables.I
configure the acl and deny them .How can I verify the that file that
contain the block site is been check.Because I am able to access these
site and they should be block .Can some advised.
Dani
Hi,
At 15.31 24/06/2005, [EMAIL PROTECTED] wrote:
This behaviour is correct by Microsoft NTLM design. When negotiated,
NTLM authentication cannot be cached:
You are using use_ntlm_negotiate on, so every Challenge/Response
request must be handled from Winbind.
When using use_ntlm_negotiate
Hi,
At 15.31 24/06/2005, [EMAIL PROTECTED] wrote:
I have about 15 AD
domains with domain controllers all over the world and many users that will
use this proxy (today they are using ISA) belong to many of these different
domains.
Sorry, in my previous message, I have missed this detail.
I
Hi,
At 20.32 23/06/2005, [EMAIL PROTECTED] wrote:
Hi,
I have squid-2.5.ESTABLE6-3 installed with NTLM authentication to an
active
directory domain. According to the manual, the parameter authenticate_ttl
and the option ttl of external_acl_type define a cache for authentication
requests.
But,
error 1067: The process terminated unexpectantly.
I managed to get the squid Tom had recommended squid2.5
Stable7-NT installed on my XP professional.
However, it fails to start with the above errors.
what am i missing?
walu.
--- Carinus Carelse [EMAIL PROTECTED] wrote:
I have installed the
Hi there,
anybody has idea how to NOT authenticate users in scenario when squid is using
ntlm_auth + samba 3 in ADS mode against Windows2000 server (auth_param ntlm
program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp) and users have
no passwords set ? I don't want to get access
Hi
I recently tried this, user authentication and group validation, without
problems.
If you use ldap_group helper you give/deny access to internet based on
belonging to a specified group.
Best regards
El mié, 15-06-2005 a las 06:10, ac escribió:
I tried with this guide but it still not work.
Bernhard Erdmann wrote:
I patched squid-2.5.STABLE10 with icap-2.5.patch. How do I re-create
configure as patch modified configure.in?
Look here:
http://www.squid-cache.org/Doc/FAQ/FAQ.html#toc2.6
Hi, I can't find any instructions on this URL how to re-create
configure after
Damian Forrester wrote:
I am tiring to blocksome site using my squid proxy 2.5 stables.I
configure the acl and deny them .How can I verify the that file that
contain the block site is been check.Because I am able to access these
site and they should be block .Can some advised.
check the
We require our users to use a farm of centralized Squid Proxies to
access the internet. Recently, I added Dansguardian with the AV patch
to the bunch and things seem to run well.
Except for streams, which I found out not to work even when ONLY using
squid.
Example:
With Dansguardian:
On Fri, 24 Jun 2005, kdv wrote:
I don't know c++ at all but I created this patch fo 2.5stable10 (included as
diff file) it seems to be working :).
It implements some more anonimity not for user but for cache server (one can
disable showing squid's signature).
It's not ready yet (I learned
On Tue, 14 Jun 2005, Adam Clark wrote:
Squid is setup to forward any request to the IWSS then IWSS makes squid
do the final Request, so squid - IWSS - squid. We require to be like
this so accounting and error Pages are handled correctly.
This all works very nicely but has a side effect of
On Tue, 14 Jun 2005 [EMAIL PROTECTED] wrote:
I'm using squid2.5STABLE4. And I'm using upper proxy server above squid server.
Browser - squid - upper proxy - Web Server(Internet)
When I fail to access, I get error messages in browser.
In error message URL is described like below.
On Tue, 14 Jun 2005, zottmann wrote:
Now, the browsers are getting one 407 error, sending an authentication
package, getting another 407 error, sending a different authenticatino
package, and then they are successfully authenticated. It seems to me that
Squid is asking for ntlm v2, and was
On Thu, 16 Jun 2005, Festivus wrote:
Ive got ntlm_auth working without any problems at my site for PCs that
are a part of the same domain. Obviously PCs that arent part of the
domain prompt the user for their username, password and domain. (This is
actually the majority of our clients atm)
On Sat, 11 Jun 2005, Sebastian Edward wrote:
Hi everyone,
Previously, I was using Squid 2.5 Stable 5, which have been upgraded
to Squid 2.5 Stable 10 recently. Since then, I noticed that there are
many cache lost messages being captured by the router that we are
using (Cisco 7507). The load
We have 2 disks mirrored using raid0 and the 3rd disk separate as we're not
concerned if we lose
the cache. We are only using 11gb of the 3rd disk which has proved ample for
our purposes (approx. 70% being used at present).
Hi,
How did you
On Tue, 14 Jun 2005, SSCR Network Admin wrote:
I have gathered some info regarding my squid performace using mrtg. Will
someone give their professional comments and suggestions based on the
results i have to further increase the performance?
Easier to discuss based on what you have done on
On Thu, 16 Jun 2005, L E O N wrote:
Hi just to report a broken link at squid web site.
If you click at 2.5 link then at Daily snapshot then try to access ChangeLog,
this link is broken.
Fixed.
Also reminds me that I need to update the ChangeLog with the recent
changes to 2.5. It currently
On Thu, 16 Jun 2005 [EMAIL PROTECTED] wrote:
ok maybe I'm not in the group 10013 but I'm in the 10001
(d-ch\\SurfeursWebCH-T) why it dosen test this one ?
wbinfo_group.pl only looks into the first group specified.
It is supposed to look into all the specified groups like the other group
On Fri, 17 Jun 2005, Rodrigo A B Freire wrote:
Anyone here has tested/benchmarked Squid linked against Google's tcmalloc
library?
TCmalloc's details at
http://goog-perftools.sourceforge.net/doc/tcmalloc.html
Henrik, any comment?
I don't expect it to make any difference. The
On Mon, 20 Jun 2005, Lloyd Parkes wrote:
I've got my squid 2.5 STABLE10 configured to run with an effective user
of 'squid' for all the normal reasons. This only seems to half work.
Only one of the two squid processes runs as 'squid' the parent still
runs as 'root'
This is the way it
On Mon, 20 Jun 2005, Wennie V. Lagmay wrote:
Anybody who knows how does --enable-arp-acl and
--enable-external-acl-helpers works or can you please redirect me to a
link.
What about them?
The first sets the USE_ARP_ACL define when Squid is compiler.
The second selects which external acl
On Mon, 20 Jun 2005, Ian Bert Tusil wrote:
have anyone met this error?
[EMAIL PROTECTED]:/etc/samba # /usr/lib/squid/wb_auth -d
/wb_auth[9209](wb_basic_auth.c:183): basic winbindd auth helper build
May 29 2005, 22:30:48 starting up...
Which Samba version?
Is Samba winbindd configured and
On Mon, 20 Jun 2005, gregmcc wrote:
I am having problems applying the icap patch to stable10 using:
patch -p1 ../patchfile
I get the below error:
linux:~/software/squid-2.5.STABLE10 # patch -p1 ./icap-2.5.patch
patching file acconfig.h
patching file configure.in
Hunk #1 succeeded at 464
On Thu, 9 Jun 2005 [EMAIL PROTECTED] wrote:
Here's the squid.conf ...
external_acl_type negative_ttl=3 %SRC /usr/local/scripts/squid-
session
acl session external session
http_access deny !session
deny_info BANNER session
http_access allow all
You may want to use a
On Tue, 21 Jun 2005, Frank Wagner wrote:
to make that clear again. i must have authentication on the ftp proxy.
an i found out, that no proxy in the unix world supports parent ftp proxies
and user authentication. ftp-proxy supports user authentication but no
parent proxies.
Not entirely true.
On Tue, 21 Jun 2005, Roman Rathler wrote:
We are running Squid (squid-2.5.STABLE6-3.4E.9) on Centos 4.1. When
accessing some web-pages the Squid restarts itself. I can reproduce this
problem on different machines (PIII, P4, SMP) but cannot really find
anything that helps me in the logs. Here
On Thu, 23 Jun 2005, Kinkie wrote:
To pass on credentials to the upstream proxy you can use the
login=PASS configuration option in squid 3.0, not sure about squid
2.5.
This was introduced for the 2.5. release, and documented both in
squid.conf and the release notes.
In 2.4 ore earlier
On Wed, 22 Jun 2005, Matus UHLAR - fantomas wrote:
when 3.0 comes out, it should come with HTTP/1.1 support.
No, this hasn't been on the agenda for 3.0.
HTTP/1.1 is planned for at earliest Squid-3.1.
Squid-3.0 was originally planned to match Squid-2.5 in features, but
over time gained some
On Wed, 22 Jun 2005, Frank Wagner wrote:
is it possbile to configure
cache_peer_access
with one host but on different ports?
Sort of.
In squid-2.5 the host name field in the cache_peer lines must be different
for cache_peer_access to work. So if the parent has different aliases or
if you
On Thu, 23 Jun 2005, Matt Haught wrote:
to /etc/devfs.conf and everything works. I should have known from that
log. I wonder why it worked with the old version
It didn't, you just didn't notice that often.. (only on HTTP/1.0 requests
without Host header)
Regards
Henrik
On Thu, 23 Jun 2005, Bernhard Erdmann wrote:
I patched squid-2.5.STABLE10 with icap-2.5.patch. How do I re-create
configure as patch modified configure.in?
bootstrap.sh
pay attention to the version numbers required..
Regards
Henrik
On Thu, 23 Jun 2005, [EMAIL PROTECTED] wrote:
I have squid-2.5.ESTABLE6-3 installed with NTLM authentication to an active
directory domain. According to the manual, the parameter authenticate_ttl
and the option ttl of external_acl_type define a cache for authentication
requests.
On Fri, 24 Jun 2005 [EMAIL PROTECTED] wrote:
Hi all!
After some time of rying, I found, that I am not able to get User ID into
logs for afterprocessing (we access statistics with SARG), even with custom
log patch installed.. My proxy setup is, that I pass requests from client
directly to
On Wed, 22 Jun 2005, Lasse [iso-8859-1] Mørk wrote:
Hmm. Seems like yafc works fine, while flashxp truncates the files !
Why ?
What does access.log say?
If these clients abuses the CONNECT method then the following may apply:
Dear friends,
Just wondering if it is possible to skip proxy for all intranet
addresses? And only allow proxy if clients are accessing external
addresses?
Thanks for taking time reading my mail,
--
Yong Bong Fong (Ah Fong)
Rookie System Engineer
MIS Department
Shin Yang Group of Companies
Hi,
I've just installed Squid-2.5.9 for the first time.
Configured as needed, but can't find how to set the Daily-Monthly Limit for
appropriate user. And how to set Different connection speeds to Internet for
different users?
Hello kanat,
Saturday, June 25, 2005, 8:24:29, kanat wrote:
Hi,
I've just installed Squid-2.5.9 for the first time.
Configured as needed, but can't find how to set the Daily-Monthly Limit for
appropriate user. And how to set Different connection speeds to Internet for
different users?
As
On 6/24/05, Yong Bong Fong [EMAIL PROTECTED] wrote:
Just wondering if it is possible to skip proxy for all intranet
addresses? And only allow proxy if clients are accessing external
addresses?
This is a Frequently Asked Question. Maybe there's somewhere online
in which Questions that are
47 matches
Mail list logo