Marc Muehlfeld schrieb:
Hello,
I have blocked some URLs through an url_regex acl, which works, if the
URL contains any protocol execept https.
The "blocked_urls.lst" file contains lines like:
([^\/]\.facebook\.com\/|[^\/]\.facebook\.com$|^.*://facebook\.com)+
I've tested the regex using an on
Nick Cairncross wrote:
>
> What's your AD 2008 or
> 2003?
>
AD Servers are 2008R2 in 2003 mode
Nick Cairncross wrote:
>
> Did you use msktutil to create your keytab or ktpass? I found a few issues
> with ktpass. Are you authenticating against the same computer as the squid
> server or a du
On Tue, 26 Oct 2010 16:34:52 -0400, alexus wrote:
> On Mon, Oct 25, 2010 at 6:38 PM, Amos Jeffries
> wrote:
>> On Mon, 25 Oct 2010 12:38:49 -0400, alexus wrote:
>>> is there a way to disallow serving of pages based on browser (agent)?
>>> I'm getting a lot of these:
>>>
>>> XX.XX.XX.XX - - [25/O
On Tue, 26 Oct 2010 17:30:48 -0500, "Clive Christie"
wrote:
> Hi ,
>
> So this is my setup. I have a web filter running Dansguardian and I'm
using
> squid as the underlying proxy server. I have to login to an Intranet
Site
So you have a two-proxy hierarchy:
Client -> DG -> Squid --> Internet
On Tue, 26 Oct 2010 09:43:45 -0500, "Sokol, Ryan - 1244"
wrote:
> Sorry if this has already been answered, but I can't seem to find it
under
> what I'm searching.
>
> I have 2 squids set up as reverse proxies and are load balanced for the
> URL http://www.domain.com. I am trying to precache cert
Hi ,
So this is my setup. I have a web filter running Dansguardian and I'm using
squid as the underlying proxy server. I have to login to an Intranet Site on
another domain that I am connected to by VPN. To authenticate against the
website I use an Active Directory account that exist on its domai
Hi Paul,
As far as I know the Kerberos libraries do not use openssl code. Can you
capture the traffic between your 2008 server and AD on port 88 and between
the 2008 server and squid on 3128 (the squid port). Can you also capture the
traffic between squid and AD when you try a kinit -kt squid
[top posting corrected]
>> Are you just trying to share bandwidth fairly between users? If so, your
>> best bet is to change to one leaf for all your clients, but attach a
>> filter to it that will share bandwidth *by IP address* (see below) - the
>> default is to share by connection. If you want
Sorry to reply to my own email but I realised I have not properly described
the encryption type problem I had with https which may mean my theory about
it being similar to the Kerberos problem is incorrect.
The certificate encryption problem I had on Ubuntu 10.04 LTS was due to the
Windows Root CA
> Ah, well the difference is that you are using INPUT/OUTPUT chains with
> Squid, not FORWARD, so that will be the difference.
What a dreadful sentence! That will teach me to not proofread before
posting to a list...
Will that share the bandwidth pro rata?
Say the bandwidth is 10Mbps and you have 10 users, they only get 1 each?
Otherwise isn't it shared equally anyway?
There must be a way to apply a kbps limit in case someone is hogging the
bandwidth?
--
From:
> Thanks Andy for your reply and taking your time to help like always.
>
No problem at all.
> > > $tc class add dev eth0 parent 1:0 classid 1:1
> > htb rate 900kbit ceil 945kbit
>
> As I understand, correct me if I'm wrong, this rule is telling the
> kernel how much bw we want to use globally
Markus
Don't worry about asking too many questions - I am happy to answer.
Generally questions will lead to some sort of answer or at least a greater
understanding of the problem.
I just sent a reply to Nick's email and in that I mention the difference
between encryption types for Kerberos tickets
Hi Nick
Thanks for looking at this. I appreciate your help.
My answers to your questions are in line below
> -Original Message-
> From: Nick Cairncross [mailto:nick.cairncr...@condenast.co.uk]
> Sent: Tuesday, 26 October 2010 8:36 PM
> To: Paul Freeman; Squid Users
> Subject: Re: [squid-
Hi Paul,
Did you install http://support.microsoft.com/kb/951191 onto your 2008 AD
server (it did not work in my case without this patch) ?
If it is not related to the above, do you know if your 2008 server tries to
use AES encryption (check the exchange between your 2008 server and AD on
por
On Mon, Oct 25, 2010 at 6:38 PM, Amos Jeffries wrote:
> On Mon, 25 Oct 2010 12:38:49 -0400, alexus wrote:
>> is there a way to disallow serving of pages based on browser (agent)?
>> I'm getting a lot of these:
>>
>> XX.XX.XX.XX - - [25/Oct/2010:16:37:44 +] "GET
>> http://www.google.com/gwt/x?
Hi Markus
My AD servers (I have 2) are both Windows 2008 R2. AD is running at the 2003
functional level. The AD environment is the same one that is working OK with
Squid and Kerberos authentication for Windows XP workstations running IE8.
Regards
Paul
> -Original Message-
> From: Mar
Thanks Andy for your reply and taking your time to help like always.
> > $tc class add dev eth0 parent 1:0 classid 1:1
> htb rate 900kbit ceil 945kbit
As I understand, correct me if I'm wrong, this rule is telling the kernel how
much bw we want to use globally or how big is the entire bucket.
"DmitrySh" wrote in message
news:1288100124027-3013710.p...@n4.nabble.com...
Hi all again.
I think we can close this threat couse i localize the problem.
It's the same problem as in this threat -
http://squid-web-proxy-cache.1019090.n4.nabble.com/Authentication-using-squid-kerb-auth-with-Int
Hi Paul,
Is your AD server 2003 or 2008 ?
Markus
"Paul Freeman" wrote in message
news:19672eecfb9ae340833c84f3e90b5956042a4...@mel-ex-01.eml.local...
Hi.
I have successfully installed Squid 3.1.8 on Ubuntu 10.04LTS and have
enabled
Kerberos/NTLM authentication using the squid_kerb_auth hel
Hi guys,
my problem with youtube uploads persists.
Every day some users have to make upload to youtube.
Attached to this email:
eth0-day.png: Shows the link utilization (green for download and blue
for upload)
perf-day.png: Shows the cpu(green) and memory(blue line) utilization
of my firewall runn
On 26/10/2010 14:58, "DmitrySh" wrote:
>
>
>Nick Cairncross wrote:
>>
>>
>> Hi Paul,
>> Just my thoughts (which are minor in relation to the power of other
>> listers..!): Are you specifically running the 64-bit version of IE? How
>> does your DNS look? A/PTR records all in order? What does k
On Tue, 2010-10-26 at 08:15 -0700, Landy Landy wrote:
> Here's a snip:
>
> #!/bin/bash
> #set -v
> iptables='sudo iptables'
> tc='sudo tc'
> #$iptables -t mangle -F
> #$iptables -t mangle -Z
>
> #
> ## Traffic Shaping
> #
> ## Parent ID: 1, Associated with
Here's a snip:
#!/bin/bash
#set -v
iptables='sudo iptables'
tc='sudo tc'
#$iptables -t mangle -F
#$iptables -t mangle -Z
#
## Traffic Shaping
#
## Parent ID: 1, Associated with iface: eth0 -- External Interface - Internet
Side.
$tc qdisc del dev eth0 root
Sorry if this has already been answered, but I can't seem to find it under what
I'm searching.
I have 2 squids set up as reverse proxies and are load balanced for the URL
http://www.domain.com. I am trying to precache certain objects before my users
see them by visiting those URLs (i.e. http:/
Nick Cairncross wrote:
>
>
> Hi Paul,
> Just my thoughts (which are minor in relation to the power of other
> listers..!): Are you specifically running the 64-bit version of IE? How
> does your DNS look? A/PTR records all in order? What does kerbtray show?
> What encoding for kerberos are you
Hello all.
I can join and confirm the same problem on client machine with IE8.
Have the same errors in cache.log file when try to connect from IE8 and
Firefox 3.6.10.
Maybe it's not a browser problem, but OS version? I'm using Windows 7
operating system on this "problem" client machine. Maybe so
Hi all again.
I think we can close this threat couse i localize the problem.
It's the same problem as in this threat -
http://squid-web-proxy-cache.1019090.n4.nabble.com/Authentication-using-squid-kerb-auth-with-Internet-Explorer-8-on-Windows-Server-2008-R2-td3013070.html#a3013070
I check all on
Hello,
I have blocked some URLs through an url_regex acl, which works, if the URL
contains any protocol execept https.
The "blocked_urls.lst" file contains lines like:
([^\/]\.facebook\.com\/|[^\/]\.facebook\.com$|^.*://facebook\.com)+
I've tested the regex using an online regex tester: "http:
On 26/10/2010 03:56, "Paul Freeman" wrote:
>Hi.
>I have successfully installed Squid 3.1.8 on Ubuntu 10.04LTS and have
>enabled
>Kerberos/NTLM authentication using the squid_kerb_auth helper. This
>setup is
>working well and successfully authenticates Windows domain users when they
>are logged
Thanks Nick and Markus
You were right about permissions. Before check it for helper but forgot do
this for keytab file.
Now for helper is 0755 and for keytab 0666 (for testing period).
One step forward, but now i have another error in cache.log
...
glrUbv5/nTtm0eRDjSLMllQnILqhEV+fsjinx+HOHYQ=
=
31 matches
Mail list logo