Re: [squid-users] Problem with Kerberos and ext_kerberos_ldap_group_acl not being able to reach realm's KDC

2016-09-19 Thread Silamael Darkomen
On 19.09.2016 14:08, L.P.H. van Belle wrote: > Well thats strange. > No i cant speak about openBSD, but below is pretty general. > > When you test, did you set this before the test. > KRB5_KTNAME=/etc/squid/proxy.keytab > And does that keytab contain the HTTP/SPN > And test/check if you see

Re: [squid-users] Problem with Kerberos and ext_kerberos_ldap_group_acl not being able to reach realm's KDC

2016-09-19 Thread L . P . H . van Belle
Well thats strange. No i cant speak about openBSD, but below is pretty general. When you test, did you set this before the test. KRB5_KTNAME=/etc/squid/proxy.keytab And does that keytab contain the HTTP/SPN And test/check if you see http/SPN in the UPN, if not try that also. After that change

Re: [squid-users] Problem with Kerberos and ext_kerberos_ldap_group_acl not being able to reach realm's KDC

2016-09-19 Thread L . P . H . van Belle
Yes, You can fix that by setting the SPN : HTTP/host.you.domain.tld in UPN I had that too, changed it and it is working perfect now. See subject : Re: [squid-users] ext_kerberos_ldap_group_acl problem ( 2 minorbugsmaybe ) Greetz, Louis > -Oorspronkelijk bericht- > Van:

Re: [squid-users] Problem with Kerberos and ext_kerberos_ldap_group_acl not being able to reach realm's KDC

2016-09-19 Thread Silamael Darkomen
On 16.09.2016 22:11, Markus Moeller wrote: > Hi Silamael, > > Can you perform a kinit u...@example.com ? Does the squid user > have read access to krb5.conf ? > > Markus Hello Markus, Yes, the permissions are correctly set up so that Squid and it's processes can read every file

Re: [squid-users] What's the algorithm to achieve AclRandom

2016-09-19 Thread ysu yang
Firstly of all.Thanks for your advice. > B. Adjust the ICAP service to store information about "sessions" in > such > a way that different service instances can share it. For example, if > all > ICAP services run on the same machine, they can use shared memory > segments to

Re: [squid-users] Problem with Kerberos and ext_kerberos_ldap_group_acl not being able to reach realm's KDC

2016-09-19 Thread Silamael Darkomen
On 16.09.2016 10:52, L.P.H. van Belle wrote: > I think you forgot in your test, that you may need to modify the default > kerberos ticket used. > > > > > > I suggest you change you config a bit to something like > > > > external_acl_type internet-win-allowed %LOGIN >

Re: [squid-users] Squid 3.5.20 compile issue

2016-09-19 Thread LYMN
On Mon, Sep 19, 2016 at 07:20:14PM -0600, James Lay wrote: > > Well last word on this...squid starts but dies with: > /squid: symbol lookup error: ./squid: undefined symbol: > SSL_set_alpn_protos > So at this point I'll just go back to linking to libressl.  Thanks all. > What does a "ldd squid"

Re: [squid-users] Squid 3.5.20 compile issue

2016-09-19 Thread James Lay
On Tue, 2016-09-20 at 11:05 +0930, LYMN wrote: > On Mon, Sep 19, 2016 at 07:20:14PM -0600, James Lay wrote: > > > > > > Well last word on this...squid starts but dies with: > > /squid: symbol lookup error: ./squid: undefined symbol: > > SSL_set_alpn_protos > > So at this point I'll just go back

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-19 Thread erdosain9
mm so... i think this is working for non take the certificate acl step1 at_step SslBump1 acl excludeSSL ssl::server_name_regex web/.whatsapp/.com ssl_bump peek step1 ssl_bump splice excludeSSL ssl_bump bump all but, anyway something more is happening because well... dosent

Re: [squid-users] Web Whatsapp, Dropbox... problem

2016-09-19 Thread Jok Thuau
On Mon, Sep 19, 2016 at 10:39 AM, erdosain9 wrote: > mm > so... > i think this is working for non take the certificate > > acl step1 at_step SslBump1 > acl excludeSSL ssl::server_name_regex web/.whatsapp/.com > wrong slashes... you want "\" > > ssl_bump peek

Re: [squid-users] What's the algorithm to achieve AclRandom

2016-09-19 Thread Alex Rousskov
On 09/19/2016 06:29 AM, ysu yang wrote: >> A. Define "session" in HTTP or Squid terms that Squid understands. Write >> ACLs (likely including an external ACL or an eCAP adapter) that will >> define a "session" for any given transaction and annotate same-session >> transactions

[squid-users] Squid 3.5.20 fails to compile with openssl

2016-09-19 Thread James Lay
So I know I posted this a while ago...thought I'd give it a shot today, but still no luck: make[3]: Entering directory `/home/nobackup/build/squid-3.5.20/src/anyp' depbase=`echo PortCfg.lo | sed 's|[^/]*$|.deps/&|;s|\.lo$||'`;\ /bin/bash ../../libtool --tag=CXX --mode=compile g++

Re: [squid-users] Squid 3.5.20 fails to compile with openssl

2016-09-19 Thread Alex Rousskov
On 09/19/2016 04:01 PM, James Lay wrote: > Openssl git latest commit version commit > e2562bbbe1e1c68ec5a3e02c1f151fd6149ee2ae. Please see http://bugs.squid-cache.org/show_bug.cgi?id=4599 Thank you, Alex. ___ squid-users mailing list

Re: [squid-users] Squid 3.5.20 fails to compile with openssl

2016-09-19 Thread James Lay
On 2016-09-19 16:05, Alex Rousskov wrote: On 09/19/2016 04:01 PM, James Lay wrote: Openssl git latest commit version commit e2562bbbe1e1c68ec5a3e02c1f151fd6149ee2ae. Please see http://bugs.squid-cache.org/show_bug.cgi?id=4599 Thank you, Alex. And there you go...thanks Alex. James

[squid-users] Squid 3.5.20 compile issue

2016-09-19 Thread James Lay
Ok so this is with the 1.0.2 branch of openssl: make[3]: Entering directory `/home//nobackup/build/squid- 3.5.20/src/ssl' /bin/bash ../../libtool  --tag=CXX   --mode=link g++ -Wall -Wpointer- arith -Wwrite-strings -Wcomments -Wshadow -Woverloaded-virtual -Werror -pipe -D_REENTRANT -m64   -g -O2

Re: [squid-users] Squid 3.5.20 compile issue

2016-09-19 Thread Alex Rousskov
On 09/19/2016 06:22 PM, James Lay wrote: > Ok so this is with the 1.0.2 branch of openssl: > > dso_dlfcn.c:(.text+0x11): undefined reference to `dlopen' > dso_dlfcn.c:(.text+0x24): undefined reference to `dlsym' > dso_dlfcn.c:(.text+0x2f): undefined reference to `dlclose' You can probably force

Re: [squid-users] Squid 3.5.20 compile issue

2016-09-19 Thread James Lay
Thanks...off to git cloning the 1.0.1 branch...all this work for chacha and poly...yugh 8-| James On Mon, 2016-09-19 at 18:37 -0600, Alex Rousskov wrote: > On 09/19/2016 06:22 PM, James Lay wrote: > > > > Ok so this is with the 1.0.2 branch of openssl: > > > > dso_dlfcn.c:(.text+0x11): undefined

Re: [squid-users] Squid 3.5.20 compile issue

2016-09-19 Thread LYMN
On Mon, Sep 19, 2016 at 06:37:44PM -0600, Alex Rousskov wrote: > On 09/19/2016 06:22 PM, James Lay wrote: > > Ok so this is with the 1.0.2 branch of openssl: > > > > dso_dlfcn.c:(.text+0x11): undefined reference to `dlopen' > > dso_dlfcn.c:(.text+0x24): undefined reference to `dlsym' > >

Re: [squid-users] Squid 3.5.20 compile issue

2016-09-19 Thread James Lay
On Tue, 2016-09-20 at 10:12 +0930, LYMN wrote: > On Mon, Sep 19, 2016 at 06:37:44PM -0600, Alex Rousskov wrote: > > > > On 09/19/2016 06:22 PM, James Lay wrote: > > > > > > Ok so this is with the 1.0.2 branch of openssl: > > > > > > dso_dlfcn.c:(.text+0x11): undefined reference to `dlopen' > >

Re: [squid-users] Squid 3.5.20 compile issue

2016-09-19 Thread James Lay
On Tue, 2016-09-20 at 10:26 +0930, LYMN wrote: > On Mon, Sep 19, 2016 at 06:44:38PM -0600, James Lay wrote: > > > > > > > > > > > > > > > > At a guess add this to the libraries list after openssl: -ldl > > > > > Thank you...where would I add that to?  My config line?  Here it > > is: > >

Re: [squid-users] Squid 3.5.20 compile issue

2016-09-19 Thread James Lay
On Mon, 2016-09-19 at 18:44 -0600, James Lay wrote: > On Tue, 2016-09-20 at 10:12 +0930, LYMN wrote: > > On Mon, Sep 19, 2016 at 06:37:44PM -0600, Alex Rousskov wrote: > > > > > > On 09/19/2016 06:22 PM, James Lay wrote: > > > > > > > > Ok so this is with the 1.0.2 branch of openssl: > > > > >