Hallo, michel,
Du meintest am 29.04.11:
I use CentOS, and my version of squid is squid-2.6.STABLE21-6.el5
I configured my squid to generate logs in native mode to Mysar could
generate the reports. as I mentioned in my previous email to the
list.
[...]
But I need to import some old logs
Hi,
I'm trying to configure Kerberos Authentication for squid. I'm
running Squid 3.1.12 and Windows 2008 R2 SP2. I have followed the
kerberos authentication guide on squid-cache and many other guides, I
always end up with these logs in my cache.log. My client browser keeps
prompting for
How they interact is entirely up to you and your configuration.
The http_access lists are a full-blown boolean programming language with
hundreds of ACL permutations and paths you can configure.
It is perfectly possible to configure in a way where they don't
interact, BUT you need to
When I run msktutil I get this line in the output.
krb5_get_init_creds_keytab failed (Client not found in Kerberos database)
I did kinit before issuing msktutil and it ran successfully. I can see
tickets when I issue klist.
On 30 April 2011 10:43, Go Wow gow...@gmail.com wrote:
Hi,
I'm
OK, I see!
Thanks very much!
- Ursprüngliche Mail
Von: Amos Jeffries squ...@treenet.co.nz
An: squid-users@squid-cache.org
Gesendet: Freitag, den 29. April 2011, 16:27:23 Uhr
Betreff: Re: AW: AW: [squid-users] Does any cache in a proxy chain but the last
one need to resolve URLs?
On
On 30/04/11 20:13, Go Wow wrote:
When I run msktutil I get this line in the output.
krb5_get_init_creds_keytab failed (Client not found in Kerberos database)
I did kinit before issuing msktutil and it ran successfully. I can see
tickets when I issue klist.
Tickets, klist and keytabs do not
Amos, Do you know where the problem is? Should I move back to squid
2.7, will that help?
If I configure my squid to use ntlm auth I get so many NTLM Type 3
token messages in cache.log. The same config works good on IE6. When I
test this with firefox 3.6+ or IE8 it keeps prompting the username.
Thanks Amos.
If I use negotiate_wrapper then I'm able to access websites using
squid (yes I dont get prompt for credentials) but I get many of these
messages in cache.log
2011/04/30 13:56:33| negotiate_wrapper: received type 3 NTLM token
2011/04/30 13:56:33| negotiate_wrapper: Got 'KK
On 30/04/11 21:58, Go Wow wrote:
Thanks Amos.
If I use negotiate_wrapper then I'm able to access websites using
squid (yes I dont get prompt for credentials) but I get many of these
messages in cache.log
2011/04/30 13:56:33| negotiate_wrapper: received type 3 NTLM token
2011/04/30 13:56:33|
Both yes and no and no.
Yes to something, any scripting or executable language can be used.
Via *external_acl_type* (NOT auth_param).
STDIN passes the username and password but how does squid pass the IP address
to the squid helper?
hello,
i installed squid on debian 6.0.0, and i need to create two users groups first
one users that have authority to access internet, and the second one can't
access it, can i do this two groups in squid.
can you help me.
thanks.
Hossam Alkhalili
Tel: +962.6.477.7388
Mob: +962.78.808.2201
On 30/04/2011 11:58, Jannis Kafkoulas wrote:
OK, I see!
Thanks very much!
dont you have a local caching dns?
if you dont it's one of the basics recommendations.
and another good thing is to change the udp and tcp times on the linux
kernel\sysctl.
i dont remember the basic TCP settings for
On 30/04/11 22:31, J. Webster wrote:
Both yes and no and no.
Yes to something, any scripting or executable language can be used.
Via *external_acl_type* (NOT auth_param).
STDIN passes the username and password but how does squid pass the IP address
to the squid helper?
Amos, Even now I get these entries in my cache.log
[2011/04/30 14:55:08, 1] libsmb/ntlmssp.c:335(ntlmssp_update)
got NTLMSSP command 3, expected 1
2011/04/30 14:55:08| negotiate_wrapper: Return 'NA = NT_STATUS_INVALID_PARAMETER
The whole point for me to move from ntlm to kerberos was to get
Hello everybody,
wonder if someone me would one model implementation squid.conf that
really works with mesh've worked with one configuration from own Squid
documentation but' there one hierarchy occultly happening because
directs first for he,one cache particularly of the cluster and always
fills
Hi Go,
Can you describe in detail what you did ( e.g. exact msktutil command).
BTW I updated yesterday the wiki pointing to a newer msktutil (version 0.4)
which you should try in the case you use an older version.
It looks to me that your client is not able to get the Kerberos ticket
from
I tried with msktutil version 0.4 but same thing is happening.
I followed your guide, firstly with samba/winbind, I created the
keytab and configure negotiate parameters in squid.conf but when I
open browser pointing to squid3 as proxy server (with fqdn not IP) it
prompts for username/password.
On 30/04/11 22:46, J. Webster wrote:
Something has gone wrong external ACL should not be getting the username
and password. It should be getting the IP address on STDIN.
Of the examples, that I can find they all talk about the username and password
bewing sent from squid:
On 30/04/11 23:43, igor rocha wrote:
Hello everybody,
wonder if someone me would one model implementation squid.conf that
really works with mesh've worked with one configuration from own Squid
documentation but' there one hierarchy occultly happening because
directs first for he,one cache
Ah, that tutorial is about writing an authentication helper (ie
ncsa_auth). Not an ACL helper.
The difference being that external_acl_type ACL helpers auth*orize* the
request permission to do something in Squid because it matches an IP
used by some username.
auth_param helpers
On 01/-10/-28163 12:59 PM, Amos Jeffries wrote:
And these are tested for RESPMOD services right?
I was suspecting you hit the bug about RESPMOD not being passed the
request details correctly. The SoftwareUpdateAgent and
SoftwareUpdateDomain would always be failed-match with that bug and
thus
Dear all,
I'm using accel (reverse proxy) with vhost in squid, but it not work
when received https request. I know i can set the https_port and add
the cert to my squid. But I just want to pass my squid cache server
and let the request just redirect to the web server. How to do this in
the
Hi Go,
For Windows 2008 the wiki says use --enctypes 28. Did you use it ?
hat does klist -e show and what does
kinit user
kvno HTTP/proxyserver.orangegroup.com
show (user being your userid ) ?
When you purge tickets (with kerbtray) , start wireshark with a filter on
port 88 and access a
Hi
another problem is when some users try to download file without
download manager application. they rate is very slow. for example with
download manager you can download about 120KB/s and without it speed
reduce to 10KB/s. how can i configure squid to solve this problem?
Thanks
On Fri, Jan 7,
On 01/05/2011 01:14, Mohsen Saeedi wrote:
Hi
another problem is when some users try to download file without
download manager application. they rate is very slow. for example with
download manager you can download about 120KB/s and without it speed
reduce to 10KB/s. how can i configure squid
Hi all,
I'm using squid 3.1 with reverse proxy (accel), I work find with 3
sites. but I find a few page with problem in one of the site. finally
i find out that when the page using https for the user login and
registration, squid don't have response. Can squid reverse proxy only
cache the http
On 01/05/11 05:00, J. Webster wrote:
Ah, that tutorial is about writing an authentication helper (ie
ncsa_auth). Not an ACL helper.
The difference being that external_acl_type ACL helpers auth*orize* the
request permission to do something in Squid because it matches an IP
used by some
On 01/05/11 12:48, Gary K wrote:
Hi all,
I'm using squid 3.1 with reverse proxy (accel), I work find with 3
sites. but I find a few page with problem in one of the site. finally
i find out that when the page using https for the user login and
registration, squid don't have response.
On 01/05/11 05:38, Support Squid wrote:
Dear all,
I'm using accel (reverse proxy) with vhost in squid, but it not work
when received https request. I know i can set the https_port and add
the cert to my squid. But I just want to pass my squid cache server
and let the request just redirect to
Hi Amos,
Thank you for your reply!
Any method when received http go to squid cache, when received https
redirect to web server directly?
Regards,
Gary
在 2011年5月1日星期日,Amos Jeffries squ...@treenet.co.nz 写道:
On 01/05/11 05:38, Support Squid wrote:
Dear all,
I'm using accel (reverse proxy)
On 01/05/11 15:41, Gary K wrote:
Hi Amos,
Thank you for your reply!
Any method when received http go to squid cache, when received https
redirect to web server directly?
Multiple concepts clash in your statement...
squid cache - storage component of Squid
redirect - HTTP 301, 302, 303 or
On 01/05/11 15:51, Gary K wrote:
Hi Amos,
You mean if I add the following acl:
acl HTTPS proto HTTPS
acl example dstdomain .example.com
cache deny HTTPS example
Squid can handle the https request and redirect the https request to
the original web server?
Squid is a proxy. That is what
I installed Squid 3.0 Stable1 in my Ubuntu, but now, I can't find my
cachemgr.cgi or cachemgr.conf, I search in
/usr/lib/squid3
/etc/squid/cachemgr.conf
/usr/lib/cgi-bin/cachemgr3.cgi
I guess was not installed when I use my apt-get install squid3. Anyone
can help me?
On 30/04/11 20:34, Hossam Al-Khalili wrote:
hello,
i installed squid on debian 6.0.0, and i need to create two users groups first
one users that have authority to access internet, and the second one can't
access it, can i do this two groups in squid.
can you help me.
Creating and
On 01/05/11 16:29, Carlos Manuel Trepeu Pupo wrote:
I installed Squid 3.0 Stable1 in my Ubuntu, but now, I can't find my
Your Uubuntu needs an upgrade. Lucid (10.04) is the supported LTS
release and has 3.0.STABLE19
cachemgr.cgi or cachemgr.conf, I search in
/usr/lib/squid3
On 01/05/11 16:37, Carlos Manuel Trepeu Pupo wrote:
Using something like NCSA auth and two files with the name of users,
and two ACL for that files I can't do something like that?
Auth produces a OK/ERR answer. On ERR the user is known/authenticated.
On OK they are unknown/non-authenticated.
On 1 May 2011 00:00, Markus Moeller hua...@moeller.plus.com wrote:
Hi Go,
For Windows 2008 the wiki says use --enctypes 28. Did you use it ?
Yes I used --enctypes 28
what does klist -e show and what does
kinit user
kvno HTTP/proxyserver.orangegroup.com
show (user being your userid )
37 matches
Mail list logo