Re: [squid-users] SQUID + FIREFOX + ACTIVE DIRECTORY
Are you using any type of auth with your squid setup? I don't see it mentioned in your post. I too would be interested in knowing how you got integrated NTLM auth through firefox, if indeed you have. On Wed, Oct 29, 2008 at 9:31 AM, Chris Nighswonger [EMAIL PROTECTED] wrote: On Wed, Oct 29, 2008 at 10:23 AM, nairb rotsak [EMAIL PROTECTED] wrote: I am totally confused by this statement?.. as I have 300 people using firefox right now.. using Ubuntu 6.06, Samba3, Squid2.. and not a single one gets a user/pass prompt? I am not using it as a transparent proxy, it is listed in firefox under proxy settings (8080 because it goes to DG first.. but I have tested just Squid at 3128 and it works as well).. and I haven't touched anything else in firefox I'd be very interested in knowing what is different about your setup. I have fought this problem for several years now. - Original Message From: Chris Nighswonger [EMAIL PROTECTED] To: matlor [EMAIL PROTECTED] Cc: squid-users@squid-cache.org Sent: Wednesday, October 29, 2008 8:48:39 AM Subject: Re: [squid-users] SQUID + FIREFOX + ACTIVE DIRECTORY On Tue, Oct 28, 2008 at 6:18 AM, matlor [EMAIL PROTECTED] wrote: I have configured squid with winbind integrated in the active directory of a windows 2003 domain. If I browse internet trough IE 7 everething is ok, no user and password prompted, because of the common login. While, if I open Firefox (2 or 3 version), it prompts for user and password. One other note: While FF does support NTLM, it does not do transparent auth as IE does. Hence the prompting for username/password. Furthermore, due to M$ having a broken implementation of NTLM, FF will at times repeatedly prompt ad infinitum. There is an open bug on this at Mozilla, (https://bugzilla.mozilla.org/show_bug.cgi?id=318253) but action on it is understandably slow. You can mess with FF's NTLM related settings under 'about:config' to gain some respite. You can also run a basic auth that authenticates against NTLM which for some reason seems to avoid the multi-prompt issue. Something like: auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic children 2 auth_param basic realm somerealm auth_param basic credentialsttl 2 hours auth_param basic casesensitive off Regards, Chris
Re: [squid-users] SQUID + FIREFOX + ACTIVE DIRECTORY
Firefox can't grab NTLM creds like IE does. On 10/28/08, matlor [EMAIL PROTECTED] wrote: I have configured squid with winbind integrated in the active directory of a windows 2003 domain. If I browse internet trough IE 7 everething is ok, no user and password prompted, because of the common login. While, if I open Firefox (2 or 3 version), it prompts for user and password. I have also notioced that if I clic on cancel twice, than I can see tha internet page someon can help me?!?! thanks in advance -- View this message in context: http://www.nabble.com/SQUID-%2B-FIREFOX-%2B-ACTIVE-DIRECTORY-tp20204501p20204501.html Sent from the Squid - Users mailing list archive at Nabble.com.
Re: [squid-users] Squid requirements
My most recent setup was on an old Compaq desktop server 1100mhz, 1gb RAM (not sure of speed) with ~30gb cache on 10k rpm SCSI disks. Squid was auth-ing against Samba using the winbind helper. No AV, but dansguardian was used for content filtering. Performance was adequate for ~100 users. Josh On Wed, Jul 16, 2008 at 5:49 PM, Richard Hubbell [EMAIL PROTECTED] wrote: --- On Wed, 7/16/08, Adrian Chadd [EMAIL PROTECTED] wrote: From: Adrian Chadd [EMAIL PROTECTED] Subject: Re: [squid-users] Squid requirements To: Chris Robertson [EMAIL PROTECTED] Cc: Squid Users squid-users@squid-cache.org Date: Wednesday, July 16, 2008, 9:28 AM What we're really missing is a bunch of hardware x, config y, testing z, results a, b, c. TMF used to have some stuff up for older hardware but there's just nothing recent to use as a measuring stick.. The problem is that there's so much disparate technology out there. multi-core cpus, all kinds of different memory, all kinds of different disk technologies, different filesystems, different OS, different kernels, and on and on. It's hard to get useful measuring sticks. I still think it's a useful pursuit. But I think that the reasons above make people less inclined to do it. spec.org tries to level the field, if someone concocted a level field and made it easy for people to do, then we'd see more results.
Re: [squid-users] Extremely high 'Median response time' warnings
Do you ever see this entry/log during the day? Are there any other sites that give the same message? Perhaps this particular site has latency issues at night or consistently throughout the day? Josh On 7/12/08, Tim Boyer [EMAIL PROTECTED] wrote: I'm running squid/2.6.STABLE6 on a RHEL5.2 system, on a Dell PowerEdge 1750 with 2Gb memory, dual CPUs, and a fast SCSI disk dedicated to the cache. At night - times when the load should be down around zero - I'm seeing the following response time messages: Jul 12 16:46:43 saratoga.denmantire.com squid[9326]: WARNING: Median response time is 57448 milliseconds Jul 12 16:47:43 saratoga.denmantire.com squid[9326]: WARNING: Median response time is 57448 milliseconds Jul 12 16:48:43 saratoga.denmantire.com squid[9326]: WARNING: Median response time is 57448 milliseconds Jul 12 16:49:43 saratoga.denmantire.com squid[9326]: WARNING: Median response time is 57448 milliseconds Jul 12 16:50:43 saratoga.denmantire.com squid[9326]: WARNING: Median response time is 57448 milliseconds Jul 12 16:51:43 saratoga.denmantire.com squid[9326]: WARNING: Median response time is 57448 milliseconds Jul 12 17:26:43 saratoga.denmantire.com squid[9326]: WARNING: Median response time is 57448 milliseconds Jul 12 17:27:43 saratoga.denmantire.com squid[9326]: WARNING: Median response time is 57448 milliseconds I've logged on and tried browsing, and response seemed positively zippy. I'd think I'd notice a one minute response time. Where is this statistic coming from? I know I could disable it, but I'm curious about why squid thinks my performance is this bad. -- Tim Boyer Denman Tire Corporation [EMAIL PROTECTED]