Re: A question....
Hi, Please ignore this stupid question. Was made while I was under panic :-( Hi all, I have a question about clientHttpRequest structure. It has the field clientHttpRequest *next. Where the hell used this field? ... What am I loosing here? Everything Sory, Christos
Re: SPNEGO questions
Hi Andrew, At 23.06 01/11/2005, Andrew Bartlett wrote: I can confirm to you that the SPN problem is fixed, the Samba 4 machine was joined fine to the domain, and now I am able to see the list of the shares from a Windows 2000 machine, but I cannot connect to any share. There is something like Samba 3 'username map' in Samba 4 ? A known problem. We are working on winbindd, and that will start to get things going again. OK, this not a problem. I have tried to use Squid with ntlm_auth and Negotiate (gss-spnego), but Unable to open tdb '/usr/local/samba/private/secrets.ldb' Failed to connect to '/usr/local/samba/private/secrets.ldb' Could not open secrets.ldb This sounds stupid, but you will need to either run Squid as root, or give world access to secrets.ldb. This will change before release... OK, I will do a try. Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
Re: SPNEGO questions
On Wed, 2 Nov 2005, Serassio Guido wrote: Unable to open tdb '/usr/local/samba/private/secrets.ldb' Failed to connect to '/usr/local/samba/private/secrets.ldb' Could not open secrets.ldb This sounds stupid, but you will need to either run Squid as root, or give world access to secrets.ldb. This will change before release... OK, I will do a try. With the new group settings in Squid it should be sufficient to just create a samba group and have /usr/local/samba/private/ owned by that group, with your Squid cache_effective_user as member of the group.. Similar to the permission problem of the winbind privileged pipe. Regards Henrik
Re: Summary of Squid-2.6 opinions
No answer yet: * Duane Wessels * Robert Collins I have mixed feelings about 2.6. On one hand I think 2.5 has lived too long and it looks bad that we have not incremented the stable branch number for years. But on the other hand I feel cheated because I remember being scolded for adding things to the squid-2-head branch when others had decided that it would become a dead end. Like you I suppose, I have a number of little 2.5 features and fixes that I use on my own squids, which I have been reluctant to commit for those reasons. My company has taken on development projects with the understanding that all future work will go into squid-3. As part of that work we have promised spend time on making squid-3 stable. We still intend to do that. Looking at the current wishlist for 2.6 I think it is too long and too ambitious. I would rather that people spend time on squid-3, but that is perhaps a selfish reason. Duane W.
Re: Summary of Squid-2.6 opinions
On Wed, 2005-11-02 at 09:40 -0700, Duane Wessels wrote: As part of that work we have promised spend time on making squid-3 stable. We still intend to do that. Everyone does. Looking at the current wishlist for 2.6 I think it is too long and too ambitious. I would rather that people spend time on squid-3, but that is perhaps a selfish reason. It shouldn't be more than a few days' work to get everything ready for a PRE release. This is the factor which determined what to include and what not to. It's more of a we did 98 out of 100, let's do the last snippet thing. -- Kinkie [EMAIL PROTECTED]
Re: Summary of Squid-2.6 opinions
On Wed, 2 Nov 2005, Duane Wessels wrote: Looking at the current wishlist for 2.6 I think it is too long and too ambitious. I would rather that people spend time on squid-3, but that is perhaps a selfish reason. The 2.6 presented in the original wishlist in praktice already exists and getting it together to a feature complete PRE release is not a big effort. Then there is some time required to polish off the remaining rough edges, but should not be much. It's mostly the epoll branch which needs some updates to match new select/poll requirements set out by the SSL fixes. Regards Henrik
Re: Summary of Squid-2.6 opinions
On Wed, 2 Nov 2005, Duane Wessels wrote: Looking at the current wishlist for 2.6 I think it is too long and too ambitious. I would rather that people spend time on squid-3, but that is perhaps a selfish reason. As indicated in my earlier message I have not been able to find customers willing to fund Squid-3 only development. In all development requests I have been involved in the request has been to deliver a stable version for the current STABLE release (i.e. 2.5) and in addition to get the feature into the development version for future maintenance (i.e. 3). There has never been any problem in convincing the customers that the development also has to be done for Squid-3, and that this will add some time to the total development cost compared to a 2.5 only solution. I sincerely does not expect a 2.6 release to make this much different. My hope is instead kind of the opposite that we by getting this 2.6 release together will draw more attention to Squid and make it easier to find people interested in funding various aspects of the development. In addition a 2.6 release would reduce my maintenance costs significantly as I currently have to maintain about 10 different Squid-2.5 trees, and with the 2.6 release this can be brought down to one or maybe two trees.. Regards Henrik
New version of squid filter patches
Hi all, [Please CC me in replies, I am not subscribed to this mailing list.] I have finally come around to create a web page for my squid filter patches (an updated version of Olaf Titz's patches, as indicated by my last post http://www.squid-cache.org/mail-archive/squid-dev/200401/0062.html). They work with squid 2.5.9 and include a streaming clamav anti-virus filter plugin that works quite well. It has been included in Gibraltar firewall for over a year and has thus been tested at many sites (including networks with 100 concurrent users). There is a tradeoff between the probability of detecting a virus and performance, but it is configurable in squid.conf. With the values suggested at my web page, the probability of letting a virus through is low, and performance is reasonable. You can find the current patch at http://www.mayrhofer.eu.org/squid-filter (I am sorry for the shameless plug of my web page, but I think that these patches might be helpful to some people.) with best regards, Rene pgpAxxaLuA5uu.pgp Description: PGP signature
Re: SPNEGO questions
On Wed, 2005-11-02 at 17:03 +0100, Henrik Nordstrom wrote: On Wed, 2 Nov 2005, Serassio Guido wrote: Unable to open tdb '/usr/local/samba/private/secrets.ldb' Failed to connect to '/usr/local/samba/private/secrets.ldb' Could not open secrets.ldb This sounds stupid, but you will need to either run Squid as root, or give world access to secrets.ldb. This will change before release... OK, I will do a try. With the new group settings in Squid it should be sufficient to just create a samba group and have /usr/local/samba/private/ owned by that group, with your Squid cache_effective_user as member of the group.. Similar to the permission problem of the winbind privileged pipe. As a longer-term option I'm considering either having ntlm_auth use it's own keytab, or having it submit the whole exchange to winbindd for verification, much as it does for NTLM in Samba3. In many ways it will be a trade-off between a complex and more secure solution and a simpler but faster solution. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Samba Developer, SuSE Labs, Novell Inc.http://suse.de Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part