Re: [squid-users] Negotiate Kerberos Auth - BH Invalid request
First, it very handy to know your os and samba and squid versions used. ? Second, Squid/radius etc anything that uses NTLMv1 with samba stopped working after 4.5.0 I think your main problem can be explained by this extract from the release notes for 4.5.0: ? NTLMv1 authentication disabled by default - In order to improve security we have changed the default value for the "ntlm auth" option from "yes" to "no".? This may have impact on very old clients which doesn't support NTLMv2 yet. The primary user of NTLMv1 is MSCHAPv2 for VPNs and 802.1x. By default, Samba will only allow NTLMv2 via NTLMSSP now, as we have the following default "lanman auth = no", "ntlm auth = no" and "raw NTLMv2 auth = no". ? ? Greetz, ? Louis ? ? ? Van: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] Namens Kevin M???hlparzer Verzonden: dinsdag 13 juni 2017 14:00 Aan: squid-users@lists.squid-cache.org Onderwerp: [squid-users] Negotiate Kerberos Auth - BH Invalid request Hello list, I asked about a problem with NTLM-Authentication before. (BH SPNEGO request invalid prefix; thats the error of the helper protocol "helper-protocol=squid-2.5-ntlmssp" I used with NTLM, while basic works fine) A user told me I should use negotiate_kerberos_auth instead of ntlm_auth. Now here's my new problem: root@x-x-testproxy01:/etc/squid# /usr/lib/squid/negotiate_kerberos_auth -d -s HTTP/x-x-testproxy01.x-xxx.local@X-XXX.LOCAL negotiate_kerberos_auth.cc(487): pid=5305 :2017/06/13 13:29:41| negotiate_kerberos_auth: INFO: Starting version 3.0.4sq negotiate_kerberos_auth.cc(546): pid=5305 :2017/06/13 13:29:41| negotiate_kerberos_auth: INFO: Setting keytab to FILE:/etc/squid/HTTP.keytab negotiate_kerberos_auth.cc(570): pid=5305 :2017/06/13 13:29:41| negotiate_kerberos_auth: INFO: Changed keytab to MEMORY:negotiate_kerberos_auth_5305 testuser xxx negotiate_kerberos_auth.cc(610): pid=5305 :2017/06/13 13:29:47| negotiate_kerberos_auth: DEBUG: Got 'testuser xx' from squid (length: 18). negotiate_kerberos_auth.cc(647): pid=5305 :2017/06/13 13:29:47| negotiate_kerberos_auth: ERROR: Invalid request [testuser xxx] BH Invalid request So my configuration has mistakes, but I can't find them. I don't really know where to search, or what works for sure. I tried many tutorials on krb5 and samba. Every form of testing I tried works fine except indeed using the required kerberos authentication of my squid-proxy. Tests that come to my mind: kinit a user Warning: Your password will expire in 36 days on Don 20 Jul 2017 13:23:54 CEST klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: testuser@X-XXX.LOCAL Valid starting?? Expires? Service principal 2017-06-13 13:38:37? 2017-06-13 23:38:37? krbtgt/X-XXX.LOCAL@X-XXX.LOCAL ?? ?renew until 2017-06-14 13:38:34 klist -k on my HTTP.keytab Keytab name: FILE:/etc/squid/HTTP.keytab KVNO Principal -- ?? 1 host/x-x-testproxy01.x-xxx.local@X-XXX.LOCAL ?? 1 host/x-x-testproxy01.x-xxx.local@X-XXX.LOCAL ?? 1 host/x-x-testproxy01.x-xxx.local@X-XXX.LOCAL ?? 1 host/x-x-testproxy01.x-xxx.local@X-XXX.LOCAL ?? 1 host/x-x-testproxy01.x-xxx.local@X-XXX.LOCAL ?? 1 host/X-X-TESTPROXY01@X-XXX.LOCAL ?? 1 host/X-X-TESTPROXY01@X-XXX.LOCAL ?? 1 host/X-X-TESTPROXY01@X-XXX.LOCAL ?? 1 host/X-X-TESTPROXY01@X-XXX.LOCAL ?? 1 host/X-X-TESTPROXY01@X-XXX.LOCAL ?? 1 X-X-TESTPROXY01$@X-XXX.LOCAL ?? 1 X-X-TESTPROXY01$@X-XXX.LOCAL ?? 1 X-X-TESTPROXY01$@X-XXX.LOCAL ?? 1 X-X-TESTPROXY01$@X-XXX.LOCAL ?? 1 X-X-TESTPROXY01$@X-XXX.LOCAL basic-auth using ntlm root@x-x-testproxy01:/etc/squid# /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic --username=testuser --password= testuser xx OK testuser@x-xxx.local OK wbinfo -u administrator testuser ... wbinfo -g allowed rodc password replication group enterprise read-only domain controllers ... wbinfo --krb5auth=testuser%xxx plaintext kerberos password authentication for [testuser%xxx] succeeded (requesting cctype: FILE) wbinfo -t checking the trust secret for domain X-XXX via RPC calls succeeded wbinfo --authenticate=testuser% plaintext password authentication succeeded challenge/response password authentication succeeded /usr/lib/squid/negotiate_kerberos_auth_test x-x-testproxy01.x-xxx.local Token: YIIFOgYGKwYBBQUCoIIFLjCCBSqgJzAlBgkqhkiG9xIBAgIGBSsFAQUCBgkqhkiC9xIBAgIGBisGAQUCBaKCBP0EggT5YIIE9QYJKoZIhvcSAQICAQBuggTkMIIE4KADAgEFoQMCAQ6iBwMFAACjggP2YYID8jCCA+6gAwIBBaENGwtYLU5FVC5MT0NBTKIuMCygAwIBA6ElMCMbBEhUVFAbG3gtbC10ZXN0cHJveHkwMS54LW5ldC5sb2NhbKOCA6YwggOioAMCARKhAwIBAaKCA5QEggOQIMtincRDtWjh44pew3twk26Gm9rTC7CbkobNrzaRq/weljVl5TSbMQTFIVRQXVe4CQBWJ/Gcg472cgLA3mjOH8Z30zxQFP8fsK46wAtTEzJhonzXLImhaPtXvCVz94xaCVG7cBlNJCUmZQHsQMxF
[squid-users] Negotiate Kerberos Auth - BH Invalid request
Hello list, I asked about a problem with NTLM-Authentication before. (BH SPNEGO request invalid prefix; thats the error of the helper protocol "helper-protocol=squid-2.5-ntlmssp" I used with NTLM, while basic works fine) A user told me I should use negotiate_kerberos_auth instead of ntlm_auth. Now here's my new problem: root@x-x-testproxy01:/etc/squid# /usr/lib/squid/negotiate_kerberos_auth -d -s HTTP/x-x-testproxy01.x-xxx.local@X-XXX.LOCAL negotiate_kerberos_auth.cc(487): pid=5305 :2017/06/13 13:29:41| negotiate_kerberos_auth: INFO: Starting version 3.0.4sq negotiate_kerberos_auth.cc(546): pid=5305 :2017/06/13 13:29:41| negotiate_kerberos_auth: INFO: Setting keytab to FILE:/etc/squid/HTTP.keytab negotiate_kerberos_auth.cc(570): pid=5305 :2017/06/13 13:29:41| negotiate_kerberos_auth: INFO: Changed keytab to MEMORY:negotiate_kerberos_auth_5305 testuser xxx negotiate_kerberos_auth.cc(610): pid=5305 :2017/06/13 13:29:47| negotiate_kerberos_auth: DEBUG: Got 'testuser xx' from squid (length: 18). negotiate_kerberos_auth.cc(647): pid=5305 :2017/06/13 13:29:47| negotiate_kerberos_auth: ERROR: Invalid request [testuser xxx] BH Invalid request So my configuration has mistakes, but I can't find them. I don't really know where to search, or what works for sure. I tried many tutorials on krb5 and samba. Every form of testing I tried works fine except indeed using the required kerberos authentication of my squid-proxy. Tests that come to my mind: kinit a user Warning: Your password will expire in 36 days on Don 20 Jul 2017 13:23:54 CEST klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: testuser@X-XXX.LOCAL Valid starting Expires Service principal 2017-06-13 13:38:37 2017-06-13 23:38:37 krbtgt/X-XXX.LOCAL@X-XXX.LOCAL renew until 2017-06-14 13:38:34 klist -k on my HTTP.keytab Keytab name: FILE:/etc/squid/HTTP.keytab KVNO Principal -- 1 host/x-x-testproxy01.x-xxx.local@X-XXX.LOCAL 1 host/x-x-testproxy01.x-xxx.local@X-XXX.LOCAL 1 host/x-x-testproxy01.x-xxx.local@X-XXX.LOCAL 1 host/x-x-testproxy01.x-xxx.local@X-XXX.LOCAL 1 host/x-x-testproxy01.x-xxx.local@X-XXX.LOCAL 1 host/X-X-TESTPROXY01@X-XXX.LOCAL 1 host/X-X-TESTPROXY01@X-XXX.LOCAL 1 host/X-X-TESTPROXY01@X-XXX.LOCAL 1 host/X-X-TESTPROXY01@X-XXX.LOCAL 1 host/X-X-TESTPROXY01@X-XXX.LOCAL 1 X-X-TESTPROXY01$@X-XXX.LOCAL 1 X-X-TESTPROXY01$@X-XXX.LOCAL 1 X-X-TESTPROXY01$@X-XXX.LOCAL 1 X-X-TESTPROXY01$@X-XXX.LOCAL 1 X-X-TESTPROXY01$@X-XXX.LOCAL basic-auth using ntlm root@x-x-testproxy01:/etc/squid# /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic --username=testuser --password= testuser xx OK testuser@x-xxx.local OK wbinfo -u administrator testuser ... wbinfo -g allowed rodc password replication group enterprise read-only domain controllers ... wbinfo --krb5auth=testuser%xxx plaintext kerberos password authentication for [testuser%xxx] succeeded (requesting cctype: FILE) wbinfo -t checking the trust secret for domain X-XXX via RPC calls succeeded wbinfo --authenticate=testuser% plaintext password authentication succeeded challenge/response password authentication succeeded /usr/lib/squid/negotiate_kerberos_auth_test x-x-testproxy01.x-xxx.local Token:
Re: [squid-users] NEGOTIATE Kerberos Auth
Many thanks Markus, i solved everythings! Sent: Tuesday, March 22, 2016 at 1:25 AM From: "Markus Moeller" <hua...@moeller.plus.com> To: squid-users@lists.squid-cache.org Subject: Re: [squid-users] NEGOTIATE Kerberos Auth Hi, 1) Yes, you should see user@DOMAIN for kerberos authentication, but if you use –r the @DOMAIN will be removed. 2) The client in EXTERNAL.COM needs to know where to find the HTTP/@FATHER.COM principal. I think your trust is not fully setup. You should see some cross domain TGTs. Cross Domain SPN Lookups with Active Directory When Domains are within the same forest, the KDC should consult the GC (Global Catalog) and provide a referral if the account is in a different domain. If the account is not in the same forest you would need to define Host Mapping for the account, unless you are using a forest trust. Then you could define a Kerberos Forest Search Order Markus "akn ab" <drcim...@mail.com> wrote in message news:trinity-1231fb52-3516-493c-a2c9-b9fe1c1623c5-1458549367234@3capp-mailcom-lxa05... Hello Markus, firt of all thank you for your reply, today i'm having a strange issue. KID1 and KID2 started to autenticate with kerberos correclty without any modification ... This is so strange, but i'm very happy, so i started others configurations, but i have 2 more problems: 1) On my squid logs, i can see users authenticated correctly, but not the domain users came from. For example: FATHER.COM\user1 KID1.FATHER.COM\user1 KID2.FATHER.COM\user1 are reported on my logs with "user1" and not in us...@kid1.father.com or KID1\user1 (for example) I need to differentiate domains because i'm sending x-authenticated-user to my proxy peers. Is it possible with kerberos? 2) I have another domain EXTERNALS.COM with bidirectional trust with FATHER.COM, so i added it in my krb5.conf like KID1, but kerberos auth fail. Using your instructions, i captured port 88 during handshake and i get: eRR-C-PRINCIPAL-UNKNOWN User's PC belonging to EXTERNALS.COM are joined to EXTERNALS.COM Best Regards. Sent: Saturday, March 19, 2016 at 12:28 AM From: "Markus Moeller" <hua...@moeller.plus.com> To: squid-users@lists.squid-cache.org Subject: Re: [squid-users] NEGOTIATE Kerberos Auth Hi, Is you client a member of FATHER.COM or KID1.FATHER.COM / KID2.FATHER.COM ? Can you get a wireshark capture on your client on port 88 ? You should see some TGS –REQs in the capture and I assume also TGS-REPs with error messages. Can you share these error messages ? Regards Markus "akn ab" <drcim...@mail.com> wrote in message news:trinity-1aed7413-4936-4022-90fa-eac7e2d892ed-1458301713239@3capp-mailcom-lxa01... Dear all, i'm having a problem in configuring my squid 3.5.15 with negotiated kerberos authentication in my Mono Forest Multi Domains. My FATHER.COM is a forest with 2 children: KID1 and KID2. Like this: FATHER.COM -> KID1.FATHER.COM -> KID2.FATHER.COM With actual configurazion, squid negotiated kerberos auth works with only FATHER.COM but not when my users belongs to KID1 and KID2. I readed some discussions on mailing list about forest, but cannot find a definitive advice and procedure to authenticate childern domains users. My krb5.conf: [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = FATHER.COM dns_lookup_realm = false dns_lookup_kdc = false ticket_lifetime = 24h renew_lifetime = 7d forwardable = true default_keytab_name = /usr/local/squid/etc/HTTP.keytab default_tgs_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5 default_tkt_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5 permitted_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5 [realms] FATHER.COM = { kdc = dc1.father.com:88 kdc = dc2.father.com:88 default_domain = father.com } KID1.FATHER.COM = { kdc = dc1.kid1.father.com:88 kdc = dc2.kid1.father.com:88 default_domain = kid1.father.com } KID2.FATHER.COM = { kdc = dc1.kid2.father.com:88 kdc = dc2.kid2.father.com:88 default_domain = kid2.father.com } [domain_realm] .father.com = FATHER.COM father.com = FATHER.COM .kid1.father.com = KID1.FATHER.COM kid1.father.com = KID1.FATHER.COM .kid2.father.com = KID2.FATHER.COM kid2.father.com = KID2.FATHER.COM [capaths] KID1.FATHER.COM = { FATHER.COM = . } KID2.FATHER.COM = { FATHER.COM = . } To join kerberous auth with FATHER.COM i did: # kinit u...@father.com # msktutil -c -b "CN=Computers" -s HTTP/proxy1.father.com -h proxy1.father.com -k /usr/local/squid/etc/HTTP.keytab --computer-name proxy1krb --upn HTTP/proxy1.father.com --server dc1.father.com --enctypes 28 --verbose -N On squid config
Re: [squid-users] NEGOTIATE Kerberos Auth
Hi, 1) Yes, you should see user@DOMAIN for kerberos authentication, but if you use –r the @DOMAIN will be removed. 2) The client in EXTERNAL.COM needs to know where to find the HTTP/@FATHER.COM principal. I think your trust is not fully setup. You should see some cross domain TGTs. Cross Domain SPN Lookups with Active Directory When Domains are within the same forest, the KDC should consult the GC (Global Catalog) and provide a referral if the account is in a different domain. If the account is not in the same forest you would need to define Host Mapping for the account, unless you are using a forest trust. Then you could define a Kerberos Forest Search Order Markus "akn ab" <drcim...@mail.com> wrote in message news:trinity-1231fb52-3516-493c-a2c9-b9fe1c1623c5-1458549367234@3capp-mailcom-lxa05... Hello Markus, firt of all thank you for your reply, today i'm having a strange issue. KID1 and KID2 started to autenticate with kerberos correclty without any modification ... This is so strange, but i'm very happy, so i started others configurations, but i have 2 more problems: 1) On my squid logs, i can see users authenticated correctly, but not the domain users came from. For example: FATHER.COM\user1 KID1.FATHER.COM\user1 KID2.FATHER.COM\user1 are reported on my logs with "user1" and not in us...@kid1.father.com or KID1\user1 (for example) I need to differentiate domains because i'm sending x-authenticated-user to my proxy peers. Is it possible with kerberos? 2) I have another domain EXTERNALS.COM with bidirectional trust with FATHER.COM, so i added it in my krb5.conf like KID1, but kerberos auth fail. Using your instructions, i captured port 88 during handshake and i get: eRR-C-PRINCIPAL-UNKNOWN User's PC belonging to EXTERNALS.COM are joined to EXTERNALS.COM Best Regards. Sent: Saturday, March 19, 2016 at 12:28 AM From: "Markus Moeller" <hua...@moeller.plus.com> To: squid-users@lists.squid-cache.org Subject: Re: [squid-users] NEGOTIATE Kerberos Auth Hi, Is you client a member of FATHER.COM or KID1.FATHER.COM / KID2.FATHER.COM ? Can you get a wireshark capture on your client on port 88 ? You should see some TGS –REQs in the capture and I assume also TGS-REPs with error messages. Can you share these error messages ? Regards Markus "akn ab" <drcim...@mail.com> wrote in message news:trinity-1aed7413-4936-4022-90fa-eac7e2d892ed-1458301713239@3capp-mailcom-lxa01... Dear all, i'm having a problem in configuring my squid 3.5.15 with negotiated kerberos authentication in my Mono Forest Multi Domains. My FATHER.COM is a forest with 2 children: KID1 and KID2. Like this: FATHER.COM -> KID1.FATHER.COM -> KID2.FATHER.COM With actual configurazion, squid negotiated kerberos auth works with only FATHER.COM but not when my users belongs to KID1 and KID2. I readed some discussions on mailing list about forest, but cannot find a definitive advice and procedure to authenticate childern domains users. My krb5.conf: [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = FATHER.COM dns_lookup_realm = false dns_lookup_kdc = false ticket_lifetime = 24h renew_lifetime = 7d forwardable = true default_keytab_name = /usr/local/squid/etc/HTTP.keytab default_tgs_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5 default_tkt_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5 permitted_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5 [realms] FATHER.COM = { kdc = dc1.father.com:88 kdc = dc2.father.com:88 default_domain = father.com } KID1.FATHER.COM = { kdc = dc1.kid1.father.com:88 kdc = dc2.kid1.father.com:88 default_domain = kid1.father.com } KID2.FATHER.COM = { kdc = dc1.kid2.father.com:88 kdc = dc2.kid2.father.com:88 default_domain = kid2.father.com } [domain_realm] .father.com = FATHER.COM father.com = FATHER.COM .kid1.father.com = KID1.FATHER.COM kid1.father.com = KID1.FATHER.COM .kid2.father.com = KID2.FATHER.COM kid2.father.com = KID2.FATHER.COM [capaths] KID1.FATHER.COM = { FATHER.COM = . } KID2.FATHER.COM = { FATHER.COM = . } To join kerberous auth with FATHER.COM i did: # kinit u...@father.com # msktutil -c -b "CN=Computers" -s HTTP/proxy1.father.com -h proxy1.father.com -k /usr/local/squid/etc/HTTP.keytab --computer-name proxy1krb --upn HTTP/proxy1.father.com --server dc1.father.com --enctypes 28 --verbose -N On squid config i have: auth_param negotiate program /usr/local/squid/libexec/negotiate_kerberos_auth -r -k /usr/local/sq uid/etc/HTTP.keytab -s HTTP/proxy1.father.com Doing so, all my users belonging to FATHER.COM can negotiate kerberos using proxy1.father.com:8080 (this exact name. If i use an alias dns name, does not work). Now i'm trying to add KID1 an
Re: [squid-users] NEGOTIATE Kerberos Auth
Hi, Is you client a member of FATHER.COM or KID1.FATHER.COM / KID2.FATHER.COM ? Can you get a wireshark capture on your client on port 88 ? You should see some TGS –REQs in the capture and I assume also TGS-REPs with error messages. Can you share these error messages ? Regards Markus "akn ab"wrote in message news:trinity-1aed7413-4936-4022-90fa-eac7e2d892ed-1458301713239@3capp-mailcom-lxa01... Dear all, i'm having a problem in configuring my squid 3.5.15 with negotiated kerberos authentication in my Mono Forest Multi Domains. My FATHER.COM is a forest with 2 children: KID1 and KID2. Like this: FATHER.COM -> KID1.FATHER.COM -> KID2.FATHER.COM With actual configurazion, squid negotiated kerberos auth works with only FATHER.COM but not when my users belongs to KID1 and KID2. I readed some discussions on mailing list about forest, but cannot find a definitive advice and procedure to authenticate childern domains users. My krb5.conf: [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = FATHER.COM dns_lookup_realm = false dns_lookup_kdc = false ticket_lifetime = 24h renew_lifetime = 7d forwardable = true default_keytab_name = /usr/local/squid/etc/HTTP.keytab default_tgs_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5 default_tkt_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5 permitted_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5 [realms] FATHER.COM = { kdc = dc1.father.com:88 kdc = dc2.father.com:88 default_domain = father.com } KID1.FATHER.COM = { kdc = dc1.kid1.father.com:88 kdc = dc2.kid1.father.com:88 default_domain = kid1.father.com } KID2.FATHER.COM = { kdc = dc1.kid2.father.com:88 kdc = dc2.kid2.father.com:88 default_domain = kid2.father.com } [domain_realm] .father.com = FATHER.COM father.com = FATHER.COM .kid1.father.com = KID1.FATHER.COM kid1.father.com = KID1.FATHER.COM .kid2.father.com = KID2.FATHER.COM kid2.father.com = KID2.FATHER.COM [capaths] KID1.FATHER.COM = { FATHER.COM = . } KID2.FATHER.COM = { FATHER.COM = . } To join kerberous auth with FATHER.COM i did: # kinit u...@father.com # msktutil -c -b "CN=Computers" -s HTTP/proxy1.father.com -h proxy1.father.com -k /usr/local/squid/etc/HTTP.keytab --computer-name proxy1krb --upn HTTP/proxy1.father.com --server dc1.father.com --enctypes 28 --verbose -N On squid config i have: auth_param negotiate program /usr/local/squid/libexec/negotiate_kerberos_auth -r -k /usr/local/sq uid/etc/HTTP.keytab -s HTTP/proxy1.father.com Doing so, all my users belonging to FATHER.COM can negotiate kerberos using proxy1.father.com:8080 (this exact name. If i use an alias dns name, does not work). Now i'm trying to add KID1 and KID2 users to krb auth. As i sayed previously, i readed some posts but i cannot find correct configuration to support my forest. 1) Someone say to add to HTTP.keytab KID1 and KID2. To do so i did: - kinit u...@father.com - msktutil -c -b "CN=Computers" -s HTTP/proxy1.father.com -h proxy1.father.com -k /usr/local/squid/etc/HTTP.keytab --computer-name proxy1krb-kid1 --upn HTTP/proxy1.father.com --server dc1.kid1.father.com --enctypes 28 --verbose -N but this configuration give my an error authentication of my keytab or ticketing problem. So i tryed: - kinit u...@kid1.father.com but my user is an Enterprise Admin form FATHER.COM, so i cannot get the ticket. After many, many and many hours, i need some advices to complete my configuration. Is there anyone that could help me? Many thanks in advance. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users