Hello,
we are trying to get reverse proxy work for Windows SBS 2008. Active-Sync and
OWA works fine on SBS.
I've exported the certificate from SBS as .pfx and converted it to .pem format.
The Domain name remote.sci.de is not public; instead we use the public
IP-Address.
Any idea?
Cosar
Hi
I have updated my squid version 3.0 STABLE25. But its caching for the bad
response i.e. TCP_NEGATIVE_HIT/204 or TCP_NEGATIVE_HIT/400 but not caching
for sttaus code 200 i.e.TCP_MISS/200.
Following
http://wiki.squid-cache.org/ConfigExamples/Reverse/BasicAccelerator online
guide I have
On 19/01/11 21:41, Hakan Cosar wrote:
Hello,
we are trying to get reverse proxy work for Windows SBS 2008. Active-Sync and
OWA works fine on SBS.
I've exported the certificate from SBS as .pfx and converted it to .pem format.
The Domain name remote.sci.de is not public; instead we use the
On 20/01/11 00:33, diginger wrote:
Hi
I have updated my squid version 3.0 STABLE25. But its caching for the bad
response i.e. TCP_NEGATIVE_HIT/204 or TCP_NEGATIVE_HIT/400 but not caching
for sttaus code 200 i.e.TCP_MISS/200.
Following
Hello,
I'm trying to set up squid to auth against AD.
AD is on 2008 server (but functionality level of 2003).
Kerberos works fine, from linux machine (debian) kinit and klist and
kutil are all right. I also have created krb5.keytab and for my proxy
user I have:
ktutil: rkt /etc/krb5.keytab
tis 2011-01-18 klockan 08:41 -0800 skrev diginger:
Please tell me what http headers required in response for squid caching to
work.
At least one of
Last-Modified: datetime
Cache-Control: max-age=seconds
Expires: datetime
and no other headers which forbids caching.
On 20/01/11 01:12, Rafal Zawierta wrote:
Hello,
I'm trying to set up squid to auth against AD.
AD is on 2008 server (but functionality level of 2003).
Kerberos works fine, from linux machine (debian) kinit and klist and
kutil are all right. I also have created krb5.keytab and for my proxy
user
ons 2011-01-19 klockan 13:12 +0100 skrev Rafal Zawierta:
authenticateNegotiateHandleReply: Error validating user via Negotiate.
Error returned 'BH received type 1 NTLM token'
That the client selected to use NTLM, not Kerberos. The squid_kerb_auth
helper only supports Kerberos. To support NTLM
tor 2011-01-20 klockan 01:26 +1300 skrev Amos Jeffries:
As you can see the browser is sending an NTLM handshake instead of the
Kerberos token. The current Squid auth system does not support
Negotiate/NTLM only Negotiate/Kerberos but has no way to tell IE8 that.
Technically Squid do not care
Ok, I'll try to focus on client side.
Now I've installed XP SP3 with IE8 and FF3.6 and there is the same problem.
* Check that IE is configured to use Kerberos by reference.
How to check it?
In addition:
When I start IE on XP machine, with Wireshark I get:
KRB Error:
Hello,
I have gone through refrences you provided and following that I have updated
squid version too but still no luck. now even I have made squid and
originserver port to be same.
Here is my full squid.conf
http_port 80 accel defaultsite=xxx.xx.xxx.118
cache_peer xxx.xx.xxx.118 parent 80
Update.
Fortrunately I was able to reinstall my proxy machine and now it works fine.
Steps on Ubuntu 10.04 are almost the same as:
http://wiki.squid-cache.org/ConfigExamples/Authenticate/Kerberos
But please be sure to carry on pathnames - they are a little bit
different on Ubuntu.
Regards
On 20/01/11 03:37, diginger wrote:
Hello,
I have gone through refrences you provided and following that I have updated
squid version too but still no luck. now even I have made squid and
originserver port to be same.
Aha, think about this...
acl our_sites dst xxx.xx.xxx.118
On 20/01/11 03:51, Rafal Zawierta wrote:
Update.
Fortrunately I was able to reinstall my proxy machine and now it works fine.
Steps on Ubuntu 10.04 are almost the same as:
http://wiki.squid-cache.org/ConfigExamples/Authenticate/Kerberos
But please be sure to carry on pathnames - they are a
Hi,
After observing this, I have been going through RFC 2616, the squid
documentation, mailing list archives and various google results.
It's still not completely clear to me: why is squid adding a
Cache-Control with max-age defined in cases where the original client
request does not contain
Hi,
I'm trying to build a transparent proxy using squid 3.1.10, iptables 1.4.10,
and a custom kernel based on the standard kernel for ubuntu server 10.04
LTS, but using 2.6.37 source with the following additional kernel configs:
NF_CONNTRACK=m
NETFILTER_TPROXY=m
NETFILTER_XT_MATCH_SOCKET=m
Hi all,
It appears that after about 2 months of up time I has a pair of squid servers
stop servicing SSL at the same time. Both are running CentOS 5.5 fully updated.
Version: 3.0.STABLE25-1.el5 (from the rpmforge repository)
Servers are default CentOS 5.5 install with no packages or package
For squid_kerb_ldap to work the AD entry must have a userprincipalname
attribute set to one of the keytab entry names e.g.
HTTP/ubuntu.pfsee@pfsee.net
. This is one of the differences of msktutil with --upn to net ads join.
Markus
- Original Message -
From: Rafal Zawierta
I'm wondering if anybody knows what might be causing this. I've
confirmed this problem in linux builds of Squid 3.0, 3.1.1, 3.1.10 and
3.2.0.4.
Using firefox (or probably any browser - it also happens in a webkit
based browser under development) clear the browser's disk cache and try
to load or
On 20/01/11 13:31, Max Feil wrote:
I'm wondering if anybody knows what might be causing this. I've
confirmed this problem in linux builds of Squid 3.0, 3.1.1, 3.1.10 and
3.2.0.4.
Using firefox (or probably any browser - it also happens in a webkit
based browser under development) clear the
On 20/01/11 12:01, Rafal Zawierta wrote:
Hello,
Is it possible to show with squid only new user (and only for the
first time he access Web) some kind of welcome page with rules, which
he must accept to enter the Web?
Users are authorized by AD and squid_kerb_auth.
Regards
R.
What you
On 20/01/11 08:29, John Craws wrote:
Hi,
After observing this, I have been going through RFC 2616, the squid
documentation, mailing list archives and various google results.
It's still not completely clear to me: why is squid adding a
Cache-Control with max-age defined in cases where the
On 20/01/11 10:07, mbruell wrote:
Hi,
I'm trying to build a transparent proxy using squid 3.1.10, iptables 1.4.10,
and a custom kernel based on the standard kernel for ubuntu server 10.04
LTS, but using 2.6.37 source with the following additional kernel configs:
NF_CONNTRACK=m
Thanks. I am looking at the squid access.log and the delay is caused by
a GET which for some reason does not result in a response from the
server. Either there is no response or Squid is missing the response.
After a 120 second time-out the page continues loading, but the end
result may be
24 matches
Mail list logo