Re: [squid-users] squid 3.1 ldap authentication
Just to update the thread. A basic CLI test showed it's not an issue related to anything in the LDAP helpers or settings. The issue was IPV6 network level issue, there was a default gateway but for some unknown reason there was no IPV6 connectivity. The test host could be any host with both IPV6 and IPV4 dns records that has at-least one IPV6 record. Due to request_start_timeout default of 5 minutes the site took about 5 minutes to show up after the IPV6 try was timed out. The basic way to test it is running a simple script on the host machine that will test IPV6 connectivity. The right way to do that should be using a basic IPV6 ping like this script: - http://paste.ngtech.co.il/pxizenek2 - http://ngtech.co.il/squid/ipv6_test.sh But since it is known that opening the whole IPV6 ICMP protocol in FireWalls opens network vulnerabilities it is commonly disabled(while it be opened properly) and there for makes it's an issue to test IPV6 connectivity based only on ICMP. Example ip6tables ICMPv6 rules that will allow a router to pass a basic ping6 test: ip6tables -A FORWARD -p icmpv6 --icmpv6-type destination-unreachable -j ACCEPT ip6tables -A FORWARD -p icmpv6 --icmpv6-type packet-too-big -j ACCEPT ip6tables -A FORWARD -p icmpv6 --icmpv6-type time-exceeded -j ACCEPT ip6tables -A FORWARD -p icmpv6 --icmpv6-type parameter-problem -j ACCEPT ip6tables -A FORWARD -p icmpv6 --icmpv6-type echo-request -j ACCEPT ip6tables -A FORWARD -p icmpv6 --icmpv6-type echo-reply -j ACCEPT ip6tables -A FORWARD -p icmpv6 -j DROP Later I will upgrade the script to test tcp\http level connectivity so it will be more useful as a debugging tool. * http://www.squid-cache.org/Doc/config/request_start_timeout/ * https://www.cert.org/downloads/IPv6/ip6tables_rules.txt * https://www.sixxs.net/wiki/IPv6_Firewalling On 29/01/2016 03:50, Nando Mendonca wrote: Thanks! I ran tcpdump, didnt really notice anything. Any other suggesstions? Thanks, Nando On Jan 25, 2016, at 10:07 AM, Anders Gustafsson wrote: Do a packet trace on the LDAP connection. I bet the delay happens there. Also: I suspect that it might do the same LDAP lookup for EVERY HTTP session of which there might be thousands for a complex page. nando mendonca 2016-01-25 17:52 >>> I'm running squid 3.5.12, i'm using ldap for authentication. When trying to browse the internet from clients it takes up to 10 minutes for the website to load. Can you please assist me in troubleshooting what the issue is? Below is my squid.conf file. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] squid-users Digest, Vol 17, Issue 94
Hi, If this is Squid for Windows 'Squid -z' must be run from the Squid shell desktop shortcut. -Patrick -Original Message- From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf Of squid-users-requ...@lists.squid-cache.org Sent: Saturday, January 30, 2016 7:00 AM To: squid-users@lists.squid-cache.org Subject: squid-users Digest, Vol 17, Issue 94 Send squid-users mailing list submissions to squid-users@lists.squid-cache.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.squid-cache.org/listinfo/squid-users or, via email, send a message with subject or body 'help' to squid-users-requ...@lists.squid-cache.org You can reach the person managing the list at squid-users-ow...@lists.squid-cache.org When replying, please edit your Subject line so it is more specific than "Re: Contents of squid-users digest..." Today's Topics: 1. Re: squid -z not exiting? (TarotApprentice) -- Message: 1 Date: Sat, 30 Jan 2016 09:38:06 +1100 From: TarotApprentice To: squid-users Subject: Re: [squid-users] squid -z not exiting? Message-ID: Content-Type: text/plain; charset="utf-8" Under Debian I remember that I had to hit enter after it had displayed all the directories it was creating and then it comes back to the bash prompt. The actual creation process seems to work fine, it just stops on the last one and "appears" to hang. MarkJ > On 30 Jan 2016, at 8:33 AM, LucĂa Guevgeozian wrote: > > Did you check the /var/log/squid3/cache.log ? > > 2016-01-29 17:47 GMT-03:00 Panda Admin : >> I'm running squid3.5.13 and running the command 'squid -z" says it creates >> the directories but doesn't exit. Ever. >> >> Any idea what's going on with that? >> >> Thanks! >> >> ___ >> squid-users mailing list >> squid-users@lists.squid-cache.org >> http://lists.squid-cache.org/listinfo/squid-users > > ___ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users -- next part -- An HTML attachment was scrubbed... URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160130/8bb93575/attachment-0001.html> -- Subject: Digest Footer ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users -- End of squid-users Digest, Vol 17, Issue 94 *** ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
