[squid-users] storeAufsOpenDone: (2) No such file or directory
Hi I'm getting following error messages in cache.log --- 2003/02/25 10:16:10| storeAufsOpenDone: (2) No such file or directory 2003/02/25 10:16:10|/cache/0F/6A/000F6A8F 2003/02/25 10:16:16| storeAufsOpenDone: (2) No such file or directory 2003/02/25 10:16:16|/cache/0F/6A/000F6A7A 2003/02/25 10:16:40| storeAufsOpenDone: (2) No such file or directory 2003/02/25 10:16:40|/cache/0F/6A/000F6AAE 2003/02/25 10:16:42| storeAufsOpenDone: (2) No such file or directory 2003/02/25 10:16:42|/cache/0F/6A/000F6AB6 2003/02/25 10:16:43| storeAufsOpenDone: (2) No such file or directory 2003/02/25 10:16:43|/cache/0F/6A/000F6AB9 Using following Version Squid Cache: Version 2.5.STABLE1-20030205 configure options: --prefix=/usr/local/squid --enable-async-io --enable-snmp Can any one explain why I'm getting this and how to fix it Thanks
Re: [squid-users] storeAufsOpenDone: (2) No such file or directory
HBK wrote: Hi I'm getting following error messages in cache.log --- 2003/02/25 10:16:10| storeAufsOpenDone: (2) No such file or directory 2003/02/25 10:16:10|/cache/0F/6A/000F6A8F 2003/02/25 10:16:16| storeAufsOpenDone: (2) No such file or directory 2003/02/25 10:16:16|/cache/0F/6A/000F6A7A 2003/02/25 10:16:40| storeAufsOpenDone: (2) No such file or directory 2003/02/25 10:16:40|/cache/0F/6A/000F6AAE 2003/02/25 10:16:42| storeAufsOpenDone: (2) No such file or directory 2003/02/25 10:16:42|/cache/0F/6A/000F6AB6 2003/02/25 10:16:43| storeAufsOpenDone: (2) No such file or directory 2003/02/25 10:16:43|/cache/0F/6A/000F6AB9 Using following Version Squid Cache: Version 2.5.STABLE1-20030205 configure options: --prefix=/usr/local/squid --enable-async-io --enable-snmp Can any one explain why I'm getting this and how to fix it I am getting those too regularly, (in 2.5S1). It's not a real bug , I think and following discussions in the past more due to the nature of the aio mechanisms ,following subtle issues where a file can be deleted which is needed for opening or reading in another thread. Maybe one could state that aio is not 'cache safe', but the thing is that squid will fetch the object again from the remote webserver. The intend of course being that these messages should be rather infrequent. M. Thanks -- 'Time is a consequence of Matter thus General Relativity is a direct consequence of QM (M.E. Mar 2002)
[squid-users] couple of squid questions
hi all, couple of questions re squid config My squid hardware is based round systems with a 1.8Zenon cpu 4Gbytes of ram and 4 36Gbyte disks for cache storage running RH 8.0 with the 2.4.18-24smp version of the kernel. Each disk has 1 partition set up cachedir ufs 90% of disk space 256 256 what sort of cache_mem setting should I be looking for in the above config. did have aufs set up for a while but seemed to have a number of error messages indicating that particular directories on a cache disk could not be found e.g. cache1/0a/ob ... didn;t seem to have made any difference but I would have excpected a squid -z to have created all the directoroes it required. Should I be aufs? and lastly given that the Zenon processors can support hyper-threading, is there any magical squid config settings that'll make use of this? Using 'top' it looks as if it isn't at the moment. TIA alex
Re: [squid-users] kernel: NET: 567 messages suppressed
Muhammad Junaid wrote: Hi, I am getting following messages in my /var/log/messages. Not continuous but often. kernel: NET: 555 messages suppressed. kernel: NET: 556 messages suppressed. kernel: NET: 546 messages suppressed. kernel: NET: 557 messages suppressed. I have RedHat 7.3 with Kernel 2.4.18 and running squid 2.5 (Transparent). I have Traced back to its source in /usr/src/linux-2.4/net/core/utils.c and found * This enforces a rate limit: not more than one kernel message * every 5secs to make a denial-of-service attack impossible. if (lost) printk(KERN_WARNING NET: %d messages suppressed.\n, lost); return 1; ... Is the kernel taking many concurrent requests as DOS attack and suppressing the requests. Can any one help how this can be resolved? Thanks in advance. Possibly not related to squid. You should examine /var/log/messages carefully , and you will find out which message is being supressed from continous reporting. Check % dmesg Also M. Muhammad Junaid CIS, Pak. -- 'Time is a consequence of Matter thus General Relativity is a direct consequence of QM (M.E. Mar 2002)
[squid-users] ldap authentication?
Hi, I'm rather new to linux, but I've got to administrate the computers in our school. I use for the firewall: firewall on CD from SUSE - there is the squid.conf. The users are with ldap on the openexchange Server. Till now (with an old linux-Server) I used nsca_auth for the authentication but there were users and squid at the _same_ computer . Now I don't how to manage the authentication with the two computers (firewall on CD ond openexchange). All things I found was explained for _one_ Computer. Can someone help, or got some hints? If you need some other infos from me - I'll post them. Kind regards Dieter
Re: [squid-users] storeAufsOpenDone: (2) No such file or directory
On Tuesday 25 February 2003 09.27, Marc Elsen wrote: It's not a real bug , I think and following discussions in the past more due to the nature of the aio mechanisms ,following subtle issues where a file can be deleted which is needed for opening or reading in another thread. Corect. Maybe one could state that aio is not 'cache safe', but the thing is that squid will fetch the object again from the remote webserver. The aufs cache is safe. It is only that Squid may at times of high load fail to keep some of it's cached objects without knowing the object have vanished from the cache. The same thing can happen for any of the cache_dir types but is slightly more noticeable with aufs. The intend of course being that these messages should be rather infrequent. True. Regards Henrik
Re: [squid-users] couple of squid questions
On Tuesday 25 February 2003 09.40, Alex Sharaz wrote: hi all, couple of questions re squid config My squid hardware is based round systems with a 1.8Zenon cpu 4Gbytes of ram and 4 36Gbyte disks for cache storage running RH 8.0 with the 2.4.18-24smp version of the kernel. If possible with your motherboard you may want to consider using a non-SMP kernel for increased system performance, but you probably need to compile your own to support large quantities of memory. There is a quite high performance penalty paid when enabling SMP in the kernel, and the benefits of SMP is mainly seen if the application(s) can really use more than one CPU. Squid is not at all good at using more than one CPU. Each disk has 1 partition set up cachedir ufs 90% of disk space 256 256 You need more than 256 L1 directories for such large cache directories.. L1 = at least cache_size(in kb) / L2 / L2 / 8 * 2 what sort of cache_mem setting should I be looking for in the above config. Not too large. Even if your server have 4GB individual applications is still limited by the 32bit pointer architecture of the Xeon processor to about 1.5GB each in the best conditions.. See the Squid FAQ on memory usage for how to calculate how much memory Squid will use for your cache directories. Then use no more than 50% of what is left of the maximum process size for cache_mem. Should I be aufs? Quite likely. If you get unexpected errors please report these errors, exacly as they are given. given that the Zenon processors can support hyper-threading, is there any magical squid config settings that'll make use of this? No. Squid is essentially a single threaded application. Regards Henrik
[squid-users] Supporting video streaming
Hi, I would like to know can proxy services on squid support video streaming??? If yes, what are the format that it can support and what configuration is required on the squid server. Thank you. _ Tired of spam? Get advanced junk mail protection with MSN 8. http://join.msn.com/?page=features/junkmail
FW: [squid-users] Proxy authentication - PXY1
Hi All, A long time ago I asked the question about forcing a user to receive a policy page that they must accept on before they are prompted to authenticate. At that time I was using a SUSE installed Squid2.4 STABLE7 version. I have now taken the Squid 2.5 STABLE1 copy from the squid-cache.org website. Bearing in mind I am new to Linux/Squid what is it I have to do to make an external_acl_type to filter out requests without authentication. Would this helper be yet another executable I would have to develop (I am not a C person either) or could it be a script. Can you just spell out a little more the order of the acls in the squid.conf file and what each piece of the puzzle would do. I have seen the new auth_param directive and the external_acl_type but am unsure of how deep I have to go to make this a flier. I would appreciate any reply in layman's language given my experience of Linux is 5 weeks and of squid 3 weeks. Is what you are saying is that I will be able to detect if the HTTP header contains a username/password combination and then redierect through deny_info to a policy page, or is that too simplistic. Any help greatfully received. Cheers Dave O. -Original Message- From: Henrik Nordstrom [mailto:[EMAIL PROTECTED] Sent: 06 February 2003 08:47 To: Robert Collins Cc: David O'Sullivan; '[EMAIL PROTECTED]' Subject: Re: [squid-users] Proxy authentication - PXY1 Robert Collins wrote: Requests without authentication are redirected to the policy page, with the original page in a cookie/form submission. The policy page sets a cookie POLICY ACCEPTED when the user accepts the policy. The policy web server *must* be accessed via squid. When a request to the policy webserver, with a policy accepted cookie, is seen, authentication is triggered, and the user redirected back to the originally requested page. Yes, this looks like it might be done. external_acl_type can be used to filter out requests without proxy authentication, or a extension acl can be written within Squid to do the same. deny_info url capability of Squid-3 (also available as a patch to Squid-2.5) can then be used to redirect the request to the policy page. The same scheme can also be used to IP based session timers, having an external_acl_type acting as a filter on which requests may need to be sent to the policy page, and the cookie as the definite filter on which users have accepted the policy or not. Regards Henrik This e-mail and its attachments are confidential and intended solely for the addressee. If you are not the intended addressee, you must not disclose, forward, copy or take any action in respect of this email or any attachments. If you have received this e-mail in error, please delete it and notify the sender. While ADM and Optecon have taken every reasonable precaution to minimise this risk, we cannot accept liability for any damage, which you may sustain as a result of software viruses. You should carry out your own virus checks before opening the attachment.
[squid-users] Nightly Snapshots? (was: RE: [squid-users] Restricting Authenticated Users)
Awesome! Thanks for the general direction pointing. =) One more question before I dive into researching LDAP. I have seen it mentioned in other posts here, but what exactly is the nightly snapshots? Is it a development release or something? I didn't really see anything about it when I was going through the documentation I could find on it, and figure I might as well inquire about it. Thanks again for getting me pointed in the right direction! Regards, Scott Wrosch desk 248.333.7700 x227 email [EMAIL PROTECTED] -Original Message- From: Henrik Nordstrom [mailto:[EMAIL PROTECTED] Sent: Monday, February 24, 2003 4:04 PM To: Scott Wrosch Cc: [EMAIL PROTECTED] Subject: Re: [squid-users] Restricting Authenticated Users Piece of cake ;-) If your domain is an AD domain then I would recommend ditching msntauth and go for LDAP instead, or if you prefer using Windows NT domain techology to use winbind integration via Samba (see the Squid FAQ for details). Squid-2.5 has well evolved support for group based acl controls using various types of backend user databases such as Window NT Domain, LDAP (including MSAD and most more/less standard LDAP directories) and many others with simple scripting. For instructions on how to set up Samba/winbind for Squid see the Suqid FAQ. For instructions on how to set up LDAP authentication see the LDAP authentication and group tools shipped with current Squid-2.5 nightly snapshots (what will become 2.5.STABLE2 in a not too distant future). There is also several posts in the squid-users archives for the last few months discussing the same topic. If using LDAP then I strongly recommend experimenting a little with ldapsearch to get familiar to the LDAP structure of MS AD before looking into the details of howto configure the Squid LDAP authentication/group integration. The Squid LDAP tools is generic LDAP tools and some of the parameters to these can only be understood if there is some understanding of the MS ActiveDirectory LDAP structure.. Regards Henrik Scott Wrosch wrote: What we have is a proxy that is set up to authenticate to the Windows 2000 domain using msntauth. That works fabulously. What my original plan to do was to set it up so that the domains that the customer service people need access to, they could get to it unrestricted. Then, they would have to be authenticated in order to access anything beyond that. And, using msntauth, they wouldn't be allowed to. However, I have had a monkey wrench thrown into those plans, which would have been simple and worked well. What now needs to be done is each user needs to be put into specific groups. Those specific groups then have varying access needs to specific sites. This could then entail multiple users being in multiple groups. It's a huge monkey wrench because we have 30+ customer service people, most of them would be required to be in different groups. Now, with that being said, I know ACLs would definitely be involved. But, what I'm wondering is if there is any simple way to do this. I live by KISS (Keep It Simple, Stupid), and to me, things just got extraordinarily un-simple. So, I'm looking for any hints, tips, suggestions, advice, etc etc etc... This isn't something that I'm particularly thrilled about, but I don't make the decisions. I've been going through the squid.conf file trying to figure out possible ways of doing this, but nothing is just coming out, slapping me in the face, and saying this is the way to do it! Thanks in advance for any assistance anyone can offer! Regards, Scott Wrosch desk 248.333.7700 x227 email [EMAIL PROTECTED] Our greatest glory is not in never falling but in rising every time we fall. -- Confucius
Re: [squid-users] Nightly Snapshots? (was: RE: [squid-users]Restricting Authenticated Users)
tis 2003-02-25 klockan 14.31 skrev Scott Wrosch: Awesome! Thanks for the general direction pointing. =) One more question before I dive into researching LDAP. I have seen it mentioned in other posts here, but what exactly is the nightly snapshots? Is it a development release or something? I didn't really see anything about it when I was going through the documentation I could find on it, and figure I might as well inquire about it. The nightly snapshots can be found from http://www.squid-cache.org/Versions/v2/2.5/. These contains a nightly snapshot of the latest version of the Squid-2.5.STABLE source code taken each night. From time to time official STABLE releases is made. The current STABLE release is 2.5.STABLE1, and the next will be 2.5.STABLE2 (which by the way is way overdue, apologies to everyone). The nightly STABLE snapshots is best described as prereleases of what will be the next bugfix release of the current STABLE version of Squid. These snapshots may now have received as much testing as the latest official STABLE release, but at the same time the nightly snapshots contains all known bugfixes (http://www.squid-cache.org/Versions/v2/2.5/bugs/) and is thus most often more stable than the latest official STABLE release without any patches.. In your specific case the LDAP group support has been significantly updated since 2.5.STABLE1 as it was quickly found that the very simplistic view of groups of the original LDAP group helper is not sufficient in most setups.. Regards Henrik -- Henrik Nordstrom [EMAIL PROTECTED] MARA Systems AB, Sweden
[squid-users] Wccp+squid2.5+linux
Hi, I know that its now an old issue as how to configure Wccp v1 with squid. I myslef has done this many times in the past. But this time i am getting some strange issues. Here is my problem. 1: squid-2.5.STABLE1 2: Linux RedHat 6.0 3: IP_GRE.C path for this Linux Kernel, 4: IPCHANS redirect www --- 3128 (both GRE0 and ETH0) 5: Cisco Router with 12.x IOS Linux Kernel is recompiled with patched GRE code. I have my gre0 up, and i can see my webcache in router. TCPDUMP also reports that i am getting GRE packets. IPCHAINS -L -v shows that i am receiving packets both on gre0 and eth0 interface and they are being redirected. But some or other how users are unable to brows when ever i start wccp in router. I am not sure but i believe there is some thing wrong with my squid conf as once ipchains shows that packets are coming in and being redirected it should work. I have tried the same thing on BSD box and same results. I know i am missing some thing here. Any help to correct me here will be highly appreciated. Regards Ahsan Saleem Khan
[squid-users] Problems Compiling SQUID
Hello: Fist of all, I apologize by my english. Now, I have a question to do to them. I have installed RedHat 7.3 with Squid 2.4.STABLE7-4 and need to use in squid, a ACL based on MAC address. Reading on like obtaining this, I find that I must compile the squid`s source code with the option --enable-arp-acl, which I could do without problems. But when I want to install new the binary ones, I have not been able to update binary the already existing ones in my system, reason by which I cannot use the new functionality. That steps I must follow to obtain this? Thank you. Miguel Yanelli Miguel Adrián Yanelli Epson Argentina S.A. Departamento de Sistemas 4346-0300 int. 4323 4346-0323 (Directo) [EMAIL PROTECTED]
Re: [squid-users] Problems Compiling SQUID
[EMAIL PROTECTED] wrote: Hello: Fist of all, I apologize by my english. Now, I have a question to do to them. I have installed RedHat 7.3 with Squid 2.4.STABLE7-4 and need to use in squid, a ACL based on MAC address. Reading on like obtaining this, I find that I must compile the squid`s source code with the option --enable-arp-acl, which I could do without problems. You mean using, 'configure' using the option mentioned above, right ? But when I want to install new the binary ones, I have not been able to update binary the already existing ones in my system, reason by which I cannot use the new functionality. 'make install' ; (after make) may not want to overwrite existing binaries. M. That steps I must follow to obtain this? Thank you. Miguel Yanelli Miguel Adrián Yanelli Epson Argentina S.A. Departamento de Sistemas 4346-0300 int. 4323 4346-0323 (Directo) [EMAIL PROTECTED] -- 'Time is a consequence of Matter thus General Relativity is a direct consequence of QM (M.E. Mar 2002)
Re: [squid-users] Wccp+squid2.5+linux
if you are redirecting port 80 packets then you are running squid as a transparent cache. check is your proxy working fine as a transparent cache I mean to say entrys like that httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on and one thing more what sh ip wccp webcache displaying mean to say can router getting cache or not yet I'm running wccp on FreeBSD and Red Hat Linux 7.1 it's going fine but I have patched kernel with module not as gre tunnel but my FreeBSD 4.7 running with GRE tunnle... if you find something more let me know Best Regs, Masood Ahmad Shah System Administrator Fibre Net Tel: +92-42-6677024 Mobile: +92-300-4277367 http://www.fibre.net.pk --- [EMAIL PROTECTED] wrote: Hi, I know that its now an old issue as how to configure Wccp v1 with squid. I myslef has done this many times in the past. But this time i am getting some strange issues. Here is my problem. 1: squid-2.5.STABLE1 2: Linux RedHat 6.0 3: IP_GRE.C path for this Linux Kernel, 4: IPCHANS redirect www --- 3128 (both GRE0 and ETH0) 5: Cisco Router with 12.x IOS Linux Kernel is recompiled with patched GRE code. I have my gre0 up, and i can see my webcache in router. TCPDUMP also reports that i am getting GRE packets. IPCHAINS -L -v shows that i am receiving packets both on gre0 and eth0 interface and they are being redirected. But some or other how users are unable to brows when ever i start wccp in router. I am not sure but i believe there is some thing wrong with my squid conf as once ipchains shows that packets are coming in and being redirected it should work. I have tried the same thing on BSD box and same results. I know i am missing some thing here. Any help to correct me here will be highly appreciated. Regards Ahsan Saleem Khan __ Do you Yahoo!? Yahoo! Tax Center - forms, calculators, tips, more http://taxes.yahoo.com/
[squid-users] Zero Sized Reply Errors
I am getting a more frequent amount of zero-sized reply errors with squid. Some examples are the sites http://southernsecurity.org and http://www.tusdnet.k12.ca.us. If I look in the access.log the lising looks like this: 1046183214.075 2613 65.69.103.75 TCP_MISS/503 3399 GET http://www.tusdnet.k12.ca.us/ - DIRECT/204.102.255.4 - Each time I get the error, it says TCP_MISS/503. Upon doing a little research it seems that a 503 error is from the proxy or cache. I have attempted to create a no caching acl for the domains, but I still get the error. Is there any insight I can get besides the FAQ (which didnt help)? Any assistance you can provide is greatly appreciated. Brad Technical Support S4F, Inc. 918.524.1010 [EMAIL PROTECTED] ** We are proud to introduce the S4F FilterCube hardware filtering solution. Call our sales dept. today for details. **
Re: [squid-users] Problems Compiling SQUID
... ... Yes, I using ./configure --enable-arp-acl...Then make install (after make), but this install new binaries into new directory (by default /usr/local/squid) and not overwrite existing binaries, therefore, new funcionality (acl arp) is not available on my sytstem. ... Note that configure can accept more then one option, which must be given on the same command line. So if a --prefix option is or was being used, this must be kept in the configure command, together with the new option. M.
Re: [squid-users] Zero Sized Reply Errors
Brad Holman wrote: I am getting a more frequent amount of zero-sized reply errors with squid. Some examples are the sites http://southernsecurity.org and http://www.tusdnet.k12.ca.us. If I look in the access.log the lising looks like this: 1046183214.075 2613 65.69.103.75 TCP_MISS/503 3399 GET http://www.tusdnet.k12.ca.us/ - DIRECT/204.102.255.4 - Each time I get the error, it says TCP_MISS/503. Upon doing a little research it seems that a 503 error is from the proxy or cache. I have attempted to create a no caching acl for the domains, but I still get the error. Is there any insight I can get besides the FAQ (which didnt help)? Which version of squid are you using ? On which platform/os/version ? Are you using transp. proxying ? M. Any assistance you can provide is greatly appreciated. Brad Technical Support S4F, Inc. 918.524.1010 [EMAIL PROTECTED] ** We are proud to introduce the S4F FilterCube hardware filtering solution. Call our sales dept. today for details. ** -- 'Time is a consequence of Matter thus General Relativity is a direct consequence of QM (M.E. Mar 2002)
Re: [squid-users] Transparent proxy to a given page
tis 2003-02-25 klockan 16.12 skrev Fabien Salvi: I suppose the response to the client *must* use the real destination server IP for IP source address to not be dropped by it ? So, I suppose I must use NAT in iptables to do this ? Is this possible ? Yes. In squid, I thought there was a mecanism to change the IP source address of the reply. Is this the reallity ? This is done automatically by the TCP/IP kernel when you configure the host to redirect port 80 to Squid (via NAT). Without it the TCP would not at all operate in transparent interception mode, and Squid is an application ontop of TCP. The same TCP/IP redirect methods can be used to redirect the traffic to ANY TCP/IP application on the host, or even on a remote server if you prefer. It is just a variant of NAT. The only specific support required in the application is if the application is interested in knowing the originally intended destination (which is not the case in your case). -- Henrik Nordstrom [EMAIL PROTECTED] MARA Systems AB, Sweden
Re: [squid-users] Wccp squid2.5 linux
Masood, I have these setup already in squid.conf. Regards Ahsan Khan if you are redirecting port 80 packets then you are running squid as a transparent cache. check is your proxy working fine as a transparent cache I mean to say entrys like that httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on and one thing more what sh ip wccp webcache displaying mean to say can router getting cache or not yet I'm running wccp on FreeBSD and Red Hat Linux 7.1 it's going fine but I have patched kernel with module not as gre tunnel but my FreeBSD 4.7 running with GRE tunnle... if you find something more let me know Best Regs, Masood Ahmad Shah System Administrator Fibre Net Tel: +92-42-6677024 Mobile: +92-300-4277367 http://www.fibre.net.pk --- [EMAIL PROTECTED] wrote: Hi, I know that its now an old issue as how to configure Wccp v1 with squid. I myslef has done this many times in the past. But this time i am getting some strange issues. Here is my problem. 1: squid-2.5.STABLE1 2: Linux RedHat 6.0 3: IP_GRE.C path for this Linux Kernel, 4: IPCHANS redirect www --- 3128 (both GRE0 and ETH0) 5: Cisco Router with 12.x IOS Linux Kernel is recompiled with patched GRE code. I have my gre0 up, and i can see my webcache in router. TCPDUMP also reports that i am getting GRE packets. IPCHAINS -L -v shows that i am receiving packets both on gre0 and eth0 interface and they are being redirected. But some or other how users are unable to brows when ever i start wccp in router. I am not sure but i believe there is some thing wrong with my squid conf as once ipchains shows that packets are coming in and being redirected it should work. I have tried the same thing on BSD box and same results. I know i am missing some thing here. Any help to correct me here will be highly appreciated. Regards Ahsan Saleem Khan __ Do you Yahoo!? Yahoo! Tax Center - forms, calculators, tips, more http://taxes.yahoo.com/
Re: [squid-users] Wccp squid2.5 linux
ohhh how r u sir. sir can u check please on thing more # wccp_version 4 for wccpv1 it should be 4 ... and what about sh ip wccp in router :) sir can u load wccp module I think it will work can be problem in gre . Best Regs, Masood Ahmad Shah System Administrator Fibre Net Tel: +92-42-6677024 Mobile: +92-300-4277367 http://www.fibre.net.pk --- [EMAIL PROTECTED] wrote: Masood, I have these setup already in squid.conf. Regards Ahsan Khan if you are redirecting port 80 packets then you are running squid as a transparent cache. check is your proxy working fine as a transparent cache I mean to say entrys like that httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on and one thing more what sh ip wccp webcache displaying mean to say can router getting cache or not yet I'm running wccp on FreeBSD and Red Hat Linux 7.1 it's going fine but I have patched kernel with module not as gre tunnel but my FreeBSD 4.7 running with GRE tunnle... if you find something more let me know Best Regs, Masood Ahmad Shah System Administrator Fibre Net Tel: +92-42-6677024 Mobile: +92-300-4277367 http://www.fibre.net.pk --- [EMAIL PROTECTED] wrote: Hi, I know that its now an old issue as how to configure Wccp v1 with squid. I myslef has done this many times in the past. But this time i am getting some strange issues. Here is my problem. 1: squid-2.5.STABLE1 2: Linux RedHat 6.0 3: IP_GRE.C path for this Linux Kernel, 4: IPCHANS redirect www --- 3128 (both GRE0 and ETH0) 5: Cisco Router with 12.x IOS Linux Kernel is recompiled with patched GRE code. I have my gre0 up, and i can see my webcache in router. TCPDUMP also reports that i am getting GRE packets. IPCHAINS -L -v shows that i am receiving packets both on gre0 and eth0 interface and they are being redirected. But some or other how users are unable to brows when ever i start wccp in router. I am not sure but i believe there is some thing wrong with my squid conf as once ipchains shows that packets are coming in and being redirected it should work. I have tried the same thing on BSD box and same results. I know i am missing some thing here. Any help to correct me here will be highly appreciated. Regards Ahsan Saleem Khan __ Do you Yahoo!? Yahoo! Tax Center - forms, calculators, tips, more http://taxes.yahoo.com/ __ Do you Yahoo!? Yahoo! Tax Center - forms, calculators, tips, more http://taxes.yahoo.com/
Re: [squid-users] Go direct if parent dies
On Fri, Feb 21, 2003 at 03:35:38PM +0100, Christoph Haas wrote:
This is what I get told in the cache.log when the parent goes down:
2003/02/21 15:25:38| The request GET http://www.porn.com/ is ALLOWED,
because it matched 'all'
2003/02/21 15:25:38| TCP connection to localhost/9090 failed
2003/02/21 15:25:38| TCP connection to localhost/9090 failed
2003/02/21 15:25:38| TCP connection to localhost/9090 failed
2003/02/21 15:25:38| TCP connection to localhost/9090 failed
2003/02/21 15:25:38| TCP connection to localhost/9090 failed
2003/02/21 15:25:38| TCP connection to localhost/9090 failed
2003/02/21 15:25:38| TCP connection to localhost/9090 failed
2003/02/21 15:25:38| TCP connection to localhost/9090 failed
2003/02/21 15:25:38| TCP connection to localhost/9090 failed
2003/02/21 15:25:38| TCP connection to localhost/9090 failed
2003/02/21 15:25:38| Detected DEAD Parent: localhost/9090/0
I pray that you have further ideas. I'm really stuck. :)
And telnet localhost 9090 works?
And if so:
GET http://www.porn.com/ HTTP/1.0
empty line
--
program signature;
begin { telegraaf.com
} writeln([EMAIL PROTECTED] SMA-IS | Geeks don't get viruses);
end
.
Re: [squid-users] Zero Sized Reply Errors
Brad Holman wrote: Marc, I am using: squid v 2.4.STABLE7 freebsd v 4.6-RELEASE #2 I am not using transparent proxying. Besides the faq on zero sized reply errors, check the freebsd part of the squid faq too. Check cache.log for further error info,if any. FYI : I can access the sites mentioned without any problems (on 2.5S1 with Redhat Linux 6.2). M. Brad -Original Message- From: Marc Elsen [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 25, 2003 9:18 AM To: Brad Holman Cc: [EMAIL PROTECTED] Subject: Re: [squid-users] Zero Sized Reply Errors Brad Holman wrote: I am getting a more frequent amount of zero-sized reply errors with squid. Some examples are the sites http://southernsecurity.org and http://www.tusdnet.k12.ca.us. If I look in the access.log the lising looks like this: 1046183214.075 2613 65.69.103.75 TCP_MISS/503 3399 GET http://www.tusdnet.k12.ca.us/ - DIRECT/204.102.255.4 - Each time I get the error, it says TCP_MISS/503. Upon doing a little research it seems that a 503 error is from the proxy or cache. I have attempted to create a no caching acl for the domains, but I still get the error. Is there any insight I can get besides the FAQ (which didnt help)? Which version of squid are you using ? On which platform/os/version ? Are you using transp. proxying ? M. Any assistance you can provide is greatly appreciated. Brad Technical Support S4F, Inc. 918.524.1010 [EMAIL PROTECTED] ** We are proud to introduce the S4F FilterCube hardware filtering solution. Call our sales dept. today for details. ** -- 'Time is a consequence of Matter thus General Relativity is a direct consequence of QM (M.E. Mar 2002) -- 'Time is a consequence of Matter thus General Relativity is a direct consequence of QM (M.E. Mar 2002)
[squid-users] Acess.log
Hi I'm currently running 2 instances of squid with WCCP, one on Port 3128 and the other on 3129. My IPTables is configures as follow: iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128-3129 What's happening now is that when I monitor access.log file with the tail -f command, I notice that only one access.log file files up, while there's no activity on the other one. Then both start filling up untill the 1st stops and the other one contnues. It like they taking turns. I got to IP Pools and the one each Instance of squid proxies his one pool. Both access.log files contains data from both pools. So is this nomal? ___ http://www.webmail.co.za the South-African free email service NetWiseGurus.Com Portal - Your Own Internet Business Today!
[squid-users] Squid Auth...
Hi ! Im having problems with the configuration of the squid auth... All my computers in my network, when try to access the internet, are asked for user name and a password to access it OK its working. But I want some IPs with full access of the internet without asking a login to access the internet throw the squid How can I do this ?? Regards
Re: [squid-users] IP Tracking
tis 2003-02-25 klockan 12.36 skrev frank: Hello, How can i send a warning message to specific IP address of users accessing sites which are pornographical To just send a warning is tricky. To block access and send a error message telling the reason is much easier. See the deny_info directive or redirectors. -- Henrik Nordstrom [EMAIL PROTECTED] MARA Systems AB, Sweden
Re: [squid-users] Transparent proxy to a given page
Henrik Nordstrom a écrit: tis 2003-02-25 klockan 16.12 skrev Fabien Salvi: I suppose the response to the client *must* use the real destination server IP for IP source address to not be dropped by it ? So, I suppose I must use NAT in iptables to do this ? Is this possible ? Yes. In squid, I thought there was a mecanism to change the IP source address of the reply. Is this the reallity ? This is done automatically by the TCP/IP kernel when you configure the host to redirect port 80 to Squid (via NAT). Without it the TCP would not at all operate in transparent interception mode, and Squid is an application ontop of TCP. The same TCP/IP redirect methods can be used to redirect the traffic to ANY TCP/IP application on the host, or even on a remote server if you prefer. It is just a variant of NAT. The only specific support required in the application is if the application is interested in knowing the originally intended destination (which is not the case in your case). Ok, thanks a lot Henrik ! These things were a bit obscure to me. Now, I understand. I thought it was a userspace mechanism (like we can fake an IP with sendip or other packet generator) but in fact, it's a kernelspace mechanism... I've just try this and it works well. Thanks again. -- Fabien SALVI Centre de Ressources Informatiques Archamps, France -- http://www.cri74.org PingOO GNU/linux distribution : http://www.pingoo.org
FW: [squid-users] Proxy authentication - PXY1
Hi, further help required. About 3 weeks I asked a question about forcing the user to accept a policy page prior to authentication At that time I was using a SUSE installed Squid2.4 STABLE7 version. I have now taken the Squid 2.5 STABLE1 copy from the squid-cache.org website. Bearing in mind I am new to Linux/Squid what is it I have to do to make an external_acl_type to filter out requests without authentication. Would this helper be yet another executable I would have to develop (I am not a C person either) or could it be a script. Can you just spell out a little more the order of the acls in the squid.conf file and what each piece of the puzzle would do. I have seen the new auth_param directive and the external_acl_type but am unsure of how deep I have to go to make this a flier. I would appreciate any reply in layman's language given my experience of Linux is 5 weeks and of squid 3 weeks. Is what you are saying is that I will be able to detect if the HTTP header contains a username/password combination and then redierect through deny_info to a policy page, or is that too simplistic. Any help greatfully received. Cheers Dave O. Robert Collins wrote: Requests without authentication are redirected to the policy page, with the original page in a cookie/form submission. The policy page sets a cookie POLICY ACCEPTED when the user accepts the policy. The policy web server *must* be accessed via squid. When a request to the policy webserver, with a policy accepted cookie, is seen, authentication is triggered, and the user redirected back to the originally requested page. Kenrik wrote Yes, this looks like it might be done. external_acl_type can be used to filter out requests without proxy authentication, or a extension acl can be written within Squid to do the same. deny_info url capability of Squid-3 (also available as a patch to Squid-2.5) can then be used to redirect the request to the policy page. The same scheme can also be used to IP based session timers, having an external_acl_type acting as a filter on which requests may need to be sent to the policy page, and the cookie as the definite filter on which users have accepted the policy or not. Regards Henrik This e-mail and its attachments are confidential and intended solely for the addressee. If you are not the intended addressee, you must not disclose, forward, copy or take any action in respect of this email or any attachments. If you have received this e-mail in error, please delete it and notify the sender. While ADM and Optecon have taken every reasonable precaution to minimise this risk, we cannot accept liability for any damage, which you may sustain as a result of software viruses. You should carry out your own virus checks before opening the attachment.
[squid-users] Proxy authentication - PXY2
Hi, further help required. About 3 weeks I asked a question about forcing the user to accept a policy page prior to authentication At that time I was using a SUSE installed Squid2.4 STABLE7 version. I have now taken the Squid 2.5 STABLE1 copy from the squid-cache.org website. Bearing in mind I am new to Linux/Squid what is it I have to do to make an external_acl_type to filter out requests without authentication. Would this helper be yet another executable I would have to develop (I am not a C person either) or could it be a script. Can you just spell out a little more the order of the acls in the squid.conf file and what each piece of the puzzle would do. I have seen the new auth_param directive and the external_acl_type but am unsure of how deep I have to go to make this a flier. I would appreciate any reply in layman's language given my experience of Linux is 5 weeks and of squid 3 weeks. Is what you are saying is that I will be able to detect if the HTTP header contains a username/password combination and then redierect through deny_info to a policy page, or is that too simplistic. Any help greatfully received. Cheers Dave O. Robert Collins wrote: Requests without authentication are redirected to the policy page, with the original page in a cookie/form submission. The policy page sets a cookie POLICY ACCEPTED when the user accepts the policy. The policy web server *must* be accessed via squid. When a request to the policy webserver, with a policy accepted cookie, is seen, authentication is triggered, and the user redirected back to the originally requested page. Kenrik wrote Yes, this looks like it might be done. external_acl_type can be used to filter out requests without proxy authentication, or a extension acl can be written within Squid to do the same. deny_info url capability of Squid-3 (also available as a patch to Squid-2.5) can then be used to redirect the request to the policy page. The same scheme can also be used to IP based session timers, having an external_acl_type acting as a filter on which requests may need to be sent to the policy page, and the cookie as the definite filter on which users have accepted the policy or not. Regards Henrik This e-mail and its attachments are confidential and intended solely for the addressee. If you are not the intended addressee, you must not disclose, forward, copy or take any action in respect of this email or any attachments. If you have received this e-mail in error, please delete it and notify the sender. While ADM and Optecon have taken every reasonable precaution to minimise this risk, we cannot accept liability for any damage, which you may sustain as a result of software viruses. You should carry out your own virus checks before opening the attachment.
[squid-users] fgets() failed error
Every time I start squid, I get this in cache.log (I have 'auth_param ntlm children' set to 10), Yet my setup (2.5STABLE1, RH8.0) is authenticating correctly. What is this an indication of? (wb_ntlmauth)[22198](wb_ntlm_auth.c:273): fgets() failed! dying. errno=0 (Success) (wb_ntlmauth)[22189](wb_ntlm_auth.c:273): fgets() failed! dying. errno=22 (Invalid argument) (wb_ntlmauth)[22190](wb_ntlm_auth.c:273): fgets() failed! dying. errno=22 (Invalid argument) (wb_ntlmauth)[22191](wb_ntlm_auth.c:273): fgets() failed! dying. errno=0 (Success) (wb_ntlmauth)[22192](wb_ntlm_auth.c:273): fgets() failed! dying. errno=0 (Success) (wb_ntlmauth)[22193](wb_ntlm_auth.c:273): fgets() failed! dying. errno=0 (Success) (wb_ntlmauth)[22194](wb_ntlm_auth.c:273): fgets() failed! dying. errno=0 (Success) (wb_ntlmauth)[22195](wb_ntlm_auth.c:273): fgets() failed! dying. errno=0 (Success) (wb_ntlmauth)[22196](wb_ntlm_auth.c:273): fgets() failed! dying. errno=0 (Success) (wb_ntlmauth)[22197](wb_ntlm_auth.c:273): fgets() failed! dying. errno=0 (Success) -jamie-
[squid-users] PROBLEMS WITH SQUID
i have squid-2.4.STABLE6-6.7.3 in Rehat Linux 7.3, i installed and configurated good and start stop very good the services, but today when start, stop or restart the squid service give then next message - [EMAIL PROTECTED] down]# service squid start Iniciando squid: /etc/init.d/squid: line 10: 7533 Abortado $SQUID $SQUID_OPTS 2/dev/null [ OK ] [EMAIL PROTECTED] down]# service squid stop Parando squid: /etc/init.d/squid: line 2: 7559 Abort $SQUID -k check /dev/null 21 [FAILE] [EMAIL PROTECTED] down]# service squid restart Parando squid: /etc/init.d/squid: line 2: 7584 Abort $SQUID -k check /dev/null 21 [FAILE] Iniciando squid: /etc/init.d/squid: line 10: 7585 Abort $SQUID $SQUID_OPTS 2/dev/null [ OK ] -- I do not know, what is happeng ? Richard Dominguez teacher of computer
[squid-users] windows updates
Windows updates behind transparent proxy keeps saying no updates available, yet when I enter the proxy settings manually in lan settings, the update comes right away. Fix? Highest Regards, Rodney www.rcrnet.net 918-358-
[squid-users] smb_auth
Hi, I have configured a Red Hat 8.0 with samba 2.2.5.10. Samba is working great : [EMAIL PROTECTED] bin]# /usr/local/samba/bin/findsmb *=3DDMB +=3DLMB IP ADDR NETBIOS NAME WORKGROUP/OS/VERSION=20 - 10.10.10.5 AKIRA *[BUREAU] [Windows 5.0] [Windows = 2000 LAN Manager] 10.10.10.6 BDCAKIRA[BUREAU] [Windows 5.0] [Windows = 2000 LAN Manager]] 10.10.10.106STEEVE [BUREAU] [Windows 5.0] [Windows = 2000 LAN Manager] 10.10.10.155RENE[BUREAU] [Windows 5.0] [Windows = 2000 LAN Manager] 10.10.10.189NONE-GQBDVJ2L03 [BUREAU] [Windows 5.1] [Windows 2000 = LAN Manager] [EMAIL PROTECTED] log]# /usr/local/samba/bin/smbpasswd -c /etc/samba/smb.conf = -j bureau.x.qc.ca -r akira -U rbouchard Password:=20 Joined domain BUREAU. [EMAIL PROTECTED] log]# smbclient -L rene -W bureau.x.qc.ca -U rbouchard added interface ip=3D10.10.10.210 bcast=3D10.10.10.255 = nmask=3D255.255.255.0 Got a positive name query response from 10.10.10.155 ( 10.10.10.155 ) Password:=20 Domain=3D[BUREAU] OS=3D[Windows 5.0] Server=3D[Windows 2000 LAN Manager] Sharename Type Comment - --- IPC$ IPC IPC distant D$ Disk Partage par d,faut print$ Disk Pilotes d'imprimantes HPLaserJ Printer HP LaserJet 1100 (MS) (Copie 2) E Disk =20 ADMIN$ Disk Administration . distance C$ Disk Partage par d,faut Server Comment ---- WorkgroupMaster ---- and I got SQUID with this squid.conf informations : authenticate_program /usr/lib/squid/smb_auth -W bureau -B 10.10.10.255 = -U 10.10.10.5 acl domainusers proxy_auth REQUIRED http_access allow domainusers I got the NETLOGON files named proxyauth with allow in it and = permissions to everyone but it doesn't work [EMAIL PROTECTED] log]# smb_auth -W bureau -U akira ERR [EMAIL PROTECTED] log]# smb_auth -W bureau.xx.qc.ca -U akira -B = 10.10.10.255 -d ERR [EMAIL PROTECTED] log]# smb_auth -W bureau.xx.qc.ca -U 10.10.10.5 -B = 10.10.10.255 -d ERR [EMAIL PROTECTED] log]# smb_auth -W bureau -U 10.10.10.5 -B 10.10.10.255 -d ERR [EMAIL PROTECTED] log]# smb_auth -W bureau -U 10.10.10.5 -d ERR =20 smbpassword send encrypted password : here is a part of my smb.conf : [global] log file =3D /var/log/samba/%m.log smb passwd file =3D /etc/samba/smbpasswd load printers =3D no passwd chat =3D *New*password* %n\n *Retype*new*password* %n\n = *passwd:*all*authentication*tokens*updated*successfully* socket options =3D TCP_NODELAY SO_RCVBUF=3D8192 SO_SNDBUF=3D8192 obey pam restrictions =3D yes domain master =3D no encrypt passwords =3D yes passwd program =3D /usr/bin/passwd %u dns proxy =3D no=20 server string =3D PROXY printing =3D lprng unix password sync =3D no workgroup =3D bureau printcap name =3D /etc/printcap security =3D domain preferred master =3D no max log size =3D 0 pam password change =3D yes Do you know what can solve the problem ?=20 Pleeease help me :) thanks, Rene Bouchard
Re: [squid-users] windows updates
--On 25 February 2003 14:38 -0600 Rodney Richison [EMAIL PROTECTED] wrote: Windows updates behind transparent proxy keeps saying no updates available, yet when I enter the proxy settings manually in lan settings, the update comes right away. Fix? Highest Regards, Rodney I've noticed a 'similar' thing here - going to the Windows Update page takes ages, and you finally get a You need a new component to scan for updates - which you elect to download (and it takes ages) - only to throw you back to You need a new component to scan for updates [ad infinitum]. Turn the proxy off, and it's an order of magnitude quicker, and you don't get caught in the loop. Knowing our setup here, I'd guess it's over anonimity by the proxy - so I'm going to make sure theres no headers being stripped by Squid that perhaps should be there (or at least try it when it's not removing anything) - does your proxy strip anything out headers / anonimity wise? -Kp
Re: [squid-users] windows updates
Is a fresh default install. Other than transparent. I get the feeling it's related to the certificate windows update first installs. Any way to tell squid not to cache that, but cache the updates? Highest Regards, Rodney www.rcrnet.net 918-358- - Original Message - From: Karl Pielorz [EMAIL PROTECTED] To: Rodney Richison [EMAIL PROTECTED]; [EMAIL PROTECTED] [EMAIL PROTECTED] Sent: Tuesday, February 25, 2003 3:11 PM Subject: Re: [squid-users] windows updates --On 25 February 2003 14:38 -0600 Rodney Richison [EMAIL PROTECTED] wrote: Windows updates behind transparent proxy keeps saying no updates available, yet when I enter the proxy settings manually in lan settings, the update comes right away. Fix? Highest Regards, Rodney I've noticed a 'similar' thing here - going to the Windows Update page takes ages, and you finally get a You need a new component to scan for updates - which you elect to download (and it takes ages) - only to throw you back to You need a new component to scan for updates [ad infinitum]. Turn the proxy off, and it's an order of magnitude quicker, and you don't get caught in the loop. Knowing our setup here, I'd guess it's over anonimity by the proxy - so I'm going to make sure theres no headers being stripped by Squid that perhaps should be there (or at least try it when it's not removing anything) - does your proxy strip anything out headers / anonimity wise? -Kp
[squid-users] comm_accept Software caused connection abort
Hi, I am getting following messages in the cache.log. Can someone advise me what would fix it? I am running Squid 2.5 on solaris 2.8. squid_ldap_auth: WARNING, LDAP search error 'Can't contact LDAP server' squid_ldap_auth: WARNING, LDAP search error 'Can't contact LDAP server' squid_ldap_auth: WARNING, LDAP search error 'Can't contact LDAP server' squid_ldap_auth: WARNING, LDAP search error 'Can't contact LDAP server' squid_ldap_auth: WARNING, LDAP search error 'Can't contact LDAP server' squid_ldap_auth: WARNING, LDAP search error 'Can't contact LDAP server' squid_ldap_auth: WARNING, LDAP search error 'Can't contact LDAP server' squid_ldap_auth: WARNING, LDAP search error 'Can't contact LDAP server' squid_ldap_auth: WARNING, LDAP search error 'Can't contact LDAP server' squid_ldap_auth: WARNING, LDAP search error 'Can't contact LDAP server' squid_ldap_auth: WARNING, LDAP search error 'Can't contact LDAP server' squid_ldap_auth: WARNING, LDAP search error 'Can't contact LDAP server' squid_ldap_auth: WARNING, LDAP search error 'Can't contact LDAP server' squid_ldap_auth: WARNING, LDAP search error 'Can't contact LDAP server' 2003/02/26 10:59:43| comm_accept: FD 22: (130) Software caused connection abort 2003/02/26 10:59:43| httpAccept: FD 22: accept failure: (130) Software caused connection abort 2003/02/26 10:59:43| comm_accept: FD 22: (130) Software caused connection abort 2003/02/26 10:59:43| httpAccept: FD 22: accept failure: (130) Software caused connection abort squid_ldap_auth: WARNING, LDAP search error 'Can't contact LDAP server' squid_ldap_auth: WARNING, LDAP search error 'Can't contact LDAP server' squid_ldap_auth: WARNING, LDAP search error 'Can't contact LDAP server' squid_ldap_auth: WARNING, LDAP search error 'Can't contact LDAP server' squid_ldap_auth: WARNING, LDAP search error 'Can't contact LDAP server' squid_ldap_auth: WARNING, LDAP search error 'Can't contact LDAP server' squid_ldap_auth: WARNING, LDAP search error 'Can't contact LDAP server' squid_ldap_auth: WARNING, LDAP search error 'Can't contact LDAP server' 2003/02/26 10:59:48| comm_accept: FD 22: (130) Software caused connection abort 2003/02/26 10:59:48| httpAccept: FD 22: accept failure: (130) Software caused connection abort squid_ldap_auth: WARNING, LDAP search error 'Can't contact LDAP server' 2003/02/26 10:59:50| comm_accept: FD 22: (130) Software caused connection abort 2003/02/26 10:59:50| httpAccept: FD 22: accept failure: (130) Software caused connection abort squid_ldap_auth: WARNING, LDAP search error 'Can't contact LDAP server' squid_ldap_auth: WARNING, LDAP search error 'Can't contact LDAP server' squid_ldap_auth: WARNING, LDAP search error 'Can't contact LDAP server' 2003/02/26 10:59:56| comm_accept: FD 22: (130) Software caused connection abort 2003/02/26 10:59:56| httpAccept: FD 22: accept failure: (130) Software caused connection abort squid_ldap_auth: WARNING, LDAP search error 'Can't contact LDAP server' 2003/02/26 10:59:56| comm_accept: FD 22: (130) Software caused connection abort 2003/02/26 10:59:56| httpAccept: FD 22: accept failure: (130) Software caused connection abort squid_ldap_auth: WARNING, LDAP search error 'Can't contact LDAP server' squid_ldap_auth: WARNING, LDAP search error 'Can't contact LDAP server' 2003/02/26 10:59:57| comm_accept: FD 22: (130) Software caused connection abort 2003/02/26 10:59:57| httpAccept: FD 22: accept failure: (130) Software caused connection abort squid_ldap_auth: WARNING, LDAP search error 'Can't contact LDAP server' 2003/02/26 10:59:58| comm_accept: FD 22: (130) Software caused connection abort 2003/02/26 10:59:58| httpAccept: FD 22: accept failure: (130) Software caused connection abort 2003/02/26 10:59:58| comm_accept: FD 22: (130) Software caused connection abort 2003/02/26 10:59:58| httpAccept: FD 22: accept failure: (130) Software caused connection abort squid_ldap_auth: WARNING, LDAP search error 'Can't contact LDAP server' squid_ldap_auth: WARNING, LDAP search error 'Can't contact LDAP server' squid_ldap_auth: WARNING, LDAP search error 'Can't contact LDAP server' squid_ldap_auth: WARNING, LDAP search error 'Can't contact LDAP server' Thanks Sunil
[squid-users] Re: How to build with static linking?
I take it then that there is no config option or similar for building Squid statically? -- Forwarded Message -- Subject: How to build with static linking? Date: Sat, 22 Feb 2003 12:35:40 -0500 From: Steve Snyder [EMAIL PROTECTED] To: [EMAIL PROTECTED] Is there a clean way to tell the Squid v2.5S1 build process (on a Linux system) that I want to link the binaries staticly? If so, how is it done? Doing a ./configure --help didn't tell me anything, and it seems that setting a LDFLAGS=-static environment variable doesn't work either. I know I can hack the makefile(s) to get static linking, but there must be a better way. I'm building Squid on a machine other than the one I will run it on. As the 2 machines have different versions of GCC and GLIBC I want to make sure that all the resources needed by Squid are linked into the binaries. Advice, please? Thanks. ---
[squid-users] --enable-ssl config needed if not doing authentication?
When building Squid v2.5S1 (+ all patches) do I need to use the --enable-ssl configuration option if I am not doing authentication of clients? If so, what feature(s) of Squid require the SSL services? Thanks.
AW: [squid-users] smb_auth
Please try smb_auth with option -d (debugging). # smb_auth -W bureau -U akira Example: Domain name: ntdomain Pass-through authentication: no Query address options: -U bureau -R Domain controller IP address: 10.1.14.3 Domain controller NETBIOS name: akira Contents of //akira/NETLOGON/proxyauth: allow OK Mit freundlichen Grüßen / regards Werner Rost - ZF Boge GmbH Werner Rost IT Friesdorfer Str. 175 D-53175 Bonn phone:+49/228/3825 420 fax: +49/228/3825 398 [EMAIL PROTECTED] www.boge-vibrationcontrol.com/ - -Ursprüngliche Nachricht- Von: René Bouchard [mailto:[EMAIL PROTECTED] Gesendet am: Dienstag, 25. Februar 2003 22:04 An: [EMAIL PROTECTED] Betreff: [squid-users] smb_auth Hi, I have configured a Red Hat 8.0 with samba 2.2.5.10. Samba is working great : [EMAIL PROTECTED] bin]# /usr/local/samba/bin/findsmb *=3DDMB +=3DLMB IP ADDR NETBIOS NAME WORKGROUP/OS/VERSION=20 - 10.10.10.5 AKIRA *[BUREAU] [Windows 5.0] [Windows = 2000 LAN Manager] 10.10.10.6 BDCAKIRA[BUREAU] [Windows 5.0] [Windows = 2000 LAN Manager]] 10.10.10.106STEEVE [BUREAU] [Windows 5.0] [Windows = 2000 LAN Manager] 10.10.10.155RENE[BUREAU] [Windows 5.0] [Windows = 2000 LAN Manager] 10.10.10.189NONE-GQBDVJ2L03 [BUREAU] [Windows 5.1] [Windows 2000 = LAN Manager] [EMAIL PROTECTED] log]# /usr/local/samba/bin/smbpasswd -c /etc/samba/smb.conf = -j bureau.x.qc.ca -r akira -U rbouchard Password:=20 Joined domain BUREAU. [EMAIL PROTECTED] log]# smbclient -L rene -W bureau.x.qc.ca -U rbouchard added interface ip=3D10.10.10.210 bcast=3D10.10.10.255 = nmask=3D255.255.255.0 Got a positive name query response from 10.10.10.155 ( 10.10.10.155 ) Password:=20 Domain=3D[BUREAU] OS=3D[Windows 5.0] Server=3D[Windows 2000 LAN Manager] Sharename Type Comment - --- IPC$ IPC IPC distant D$ Disk Partage par d,faut print$ Disk Pilotes d'imprimantes HPLaserJ Printer HP LaserJet 1100 (MS) (Copie 2) E Disk =20 ADMIN$ Disk Administration . distance C$ Disk Partage par d,faut Server Comment ---- WorkgroupMaster ---- and I got SQUID with this squid.conf informations : authenticate_program /usr/lib/squid/smb_auth -W bureau -B 10.10.10.255 = -U 10.10.10.5 acl domainusers proxy_auth REQUIRED http_access allow domainusers I got the NETLOGON files named proxyauth with allow in it and = permissions to everyone but it doesn't work [EMAIL PROTECTED] log]# smb_auth -W bureau -U akira ERR [EMAIL PROTECTED] log]# smb_auth -W bureau.xx.qc.ca -U akira -B = 10.10.10.255 -d ERR [EMAIL PROTECTED] log]# smb_auth -W bureau.xx.qc.ca -U 10.10.10.5 -B = 10.10.10.255 -d ERR [EMAIL PROTECTED] log]# smb_auth -W bureau -U 10.10.10.5 -B 10.10.10.255 -d ERR [EMAIL PROTECTED] log]# smb_auth -W bureau -U 10.10.10.5 -d ERR =20 smbpassword send encrypted password : here is a part of my smb.conf : [global] log file =3D /var/log/samba/%m.log smb passwd file =3D /etc/samba/smbpasswd load printers =3D no passwd chat =3D *New*password* %n\n *Retype*new*password* %n\n = *passwd:*all*authentication*tokens*updated*successfully* socket options =3D TCP_NODELAY SO_RCVBUF=3D8192 SO_SNDBUF=3D8192 obey pam restrictions =3D yes domain master =3D no encrypt passwords =3D yes passwd program =3D /usr/bin/passwd %u dns proxy =3D no=20 server string =3D PROXY printing =3D lprng unix password sync =3D no workgroup =3D bureau printcap name =3D /etc/printcap security =3D domain preferred master =3D no max log size =3D 0 pam password change =3D yes Do you know what can solve the problem ?=20 Pleeease help me :) thanks, Rene Bouchard
Re: [squid-users] Re: How to build with static linking?
On Wed, 2003-02-26 at 13:29, Steve Snyder wrote: I take it then that there is no config option or similar for building Squid statically? Not as part of the main squid distribution, and I'm not aware of similar efforts elsewhere. The normal way to do what you need is to cross-compile to the target platform (which in this case just happens to have the same cpu-platform triplet.) rather than statically compile. Cheers, Rob -- GPG key available at: http://users.bigpond.net.au/robertc/keys.txt. signature.asc Description: This is a digitally signed message part
