Re: [squid-users] ftp receive buffer size?
To vaguely go intto it Programs that adjust incomming buffersizes like the one you use need to be directly connected to the connection and cannot be proxied properly. On small file s they might work but on larger file corruption usually occurs. Why ? Because it is not a problem in any program but a by product of what is happening on the connection. When you connect through squid it ~proxies back, buy connecting to the site and relaying the information back to the calling client. Simplest thing is to do is not configure the program to go through squid. So there by having the session created ftpclient --- ftpserver directly. but in my case it's necessary (user has disabled ftp connect, so the only way for him to use ftp server -- is http gateway). Is it really unconfigurable option in squid? Probably I can 'fix' something in source code... but reading 300 KB of data on first 10 KB request is not right! :)
[squid-users] Squid Authentication
Hi, I have been running the squid proxy quite well with restricted access. Now I have added three lines (1,23) in the configuration for getting authentication from NT domain, though the authentication works ok but the user can go to any site. The restriction defined by acl name BBHOME does not work. Can some one explain why and what is remedy. See the configuration below: 1. auth_param basic program /usr/local/squid/libexec/msnt_auth NT_dom 2. acl RAKESH proxy_auth REQUIRED acl BBHOME dstdomain .nai.com acl BBHOME dstdomain .mcafeeb2b.com acl BBHOME dstdomain a64.g.akamai.net ## acl myhost dst 168.187.148.226/255.255.255.255 acl myhost dst www.webimmune.net acl NOSITE dstdomain 0.0.0.0/0.0.0.0 acl all src 0.0.0.0/0.0.0.0 http_access allow localhost http_access allow BBHOME 3. http_access allow RAKESH http_access allow myhost http_access deny NOSITE Cheers, Rakesh Jha # DISCLAIMER Any non-official business related views, opinions and other information presented in this electronic mail are solely those of the sender/author. Burgan Bank does not endorse or accept responsibility for these opinions, views or conclusions. If you are not the addressee indicated in this electronic mail or responsible for delivering this electronic message to the inteded recipient, you should delete this message and notify the sender immediately. Burgan Bank #
[squid-users] FTP question
Hello Everyone I'm new to the group, please don't flame me if this is to obvious a question. Can I use Squid as an ftp proxy for ftp clients such as WS_FTP Pro? I have it working for http/ftp through a browser, and see entries in the logs for reqests, but I keep getting denied when trying to push an FTP client through. Thanks in advance. JH
Re: [squid-users] Error 104 on an ASP
Sylvain LAIGLE wrote: Hi everybody. while trying to connect http://www.lemoniteur-expert.com/indices-index and searching an value, I can't reach the result page. After retrying, this error message is sent with the page : *** Microsoft OLE DB Provider for ODBC Drivers error '80040e14' [Microsoft][ODBC SQL Server Driver][SQL Server]Ligne 1 : syntaxe incorrecte vers 'where'. /indices-index/contenu/rechdir_resultat.asp, line 134 sultat.asp, line 134 We have 2 servers : On one, Squid 2.4 stable 7 is installed. On the second, Squid 2.5 stable 3. Both are Red Hat 8. We tried direct connection : it works. We tried a proxied connection (but not squid) : it works. Squid.conf timeouts are defauts. The results page is an asp page. I've read Asp is not cached by squid. Has anyone got an idea about why it's impossible, using squid, to reach this page ? Thanks a lot. regards. As far as I know, that error message is in the webserver itself. Points to a faulty syntax in the webserver sending a SQL sentence to the database server. Probably the page showing the error is cached in Squid and that's why that connecting directly the error does not appear. Try refreshing both the squid cache and the browser's cache. Hope this helps. -- Francisco Neira B. /~\ The ASCII Administrador de Red\ / Ribbon Campaign Defensoria del PuebloX Against Lima, Peru, -05:00 UTC / \ HTML Email PGP Pub Key at http://portal.defensoria.gob.pe/~fneira/llavepublica.asc
Re: [squid-users] Windows Media and Ntlm Auth with winbind
I couldn't understand what access.log said. The problem doesn't happen on my machine. I logged on with my login name on my user's machine and the problem happened too. So, it's not a Login matter. On his pc, everytime he clicks on a link to a Windows Media Player file, when the Media Player try to connect to media, it asks for login and password. I also saw that when a user has Sun Java installed, Sun's java asks for proxy authentication, when you go to a web site with java applet. (www.bcn.com.br, for example). I will upgrade to Stable 4. Do I have to use only: --enable-auth=ntlm,basic --enable-basic-auth-helpers=winbind --enable-ntlm-auth-helpers=winbind --enable-external-acl-helpers=winbind_group? Will the installer upgrade all bin files? Do I have to back up squid.conf? I'm sorry for asking so many questions, but could you tell me what files I have to edit on /etc/pam.d/? Why? The man pages of winbindd tells me to update /etc/pam.d/*... Thank you very much, regards Joao From: Henrik Nordstrom [EMAIL PROTECTED] To: Joao Coutinho [EMAIL PROTECTED] CC: [EMAIL PROTECTED] Subject: Re: [squid-users] Windows Media and Ntlm Auth with winbind Date: Tue, 23 Sep 2003 23:06:23 +0200 (CEST) On Tue, 23 Sep 2003, Joao Coutinho wrote: Hi all, I'm using Squid 2.5 stable 3, samba 2.8a. Ntlm auth is working fine, but when people try to listen any Windows Media Audio(streaming), a Login, password and domain Popup comes up. What does access.log say? Also try upgrading to 2.5.STABLE4. There is relevant changes in this area (when/how/why authentication is requested when access is denied) Regards Henrik _ MSN Messenger: converse com os seus amigos online. http://messenger.msn.com.br
RE: [squid-users] Authentication by NT Domain Server
Hi Jens, I found this to be quite usefull http://devel.squid-cache.org/ntlm/ If you google ntlm squid you should get a pile of results (and a lot of interesting reading!) Andrew. -Original Message- From: Altrock, Jens [mailto:[EMAIL PROTECTED] Sent: Thursday, 25 September 2003 01:46 To: '[EMAIL PROTECTED]' Subject: [squid-users] Authentication by NT Domain Server Hi all! Am new to this group (and to squid), so sorry if my question is little bit outdated :) I am setting up a Squid proxy server on a machine that network users should use as proxy :) The network behind though is a Windows NT Domain, so I want to use the NT authentication to register when using the proxy (so only authenticated users can use that proxy). Is there a possibility to realize that and if where can I get information about that? Thanks in advance, Jens Altrock ### Diese Nachricht wurde von F-Secure Anti-Virus gescannt. This message has been scanned by F-Secure Anti-Virus. CAUTION - This message may contain privileged and confidential information intended only for the use of the addressee named above. If you are not the intended recipient of this message you are hereby notified that any use, dissemination, distribution or reproduction of this message is prohibited. If you have received this message in error please notify Air New Zealand immediately. Any views expressed in this message are those of the individual sender and may not necessarily reflect the views of Air New Zealand. _ For more information on the Air New Zealand Group, visit us online at http://www.airnewzealand.com _
RE: [squid-users] Squid Authentication
Hi Rakesh, Hmmm.. Looks like it should work? Try removing the ACL 'NOSITE' and replacing http_access deny NOSITE with http_access deny all Andrew. -Original Message- From: rakesh [mailto:[EMAIL PROTECTED] Sent: Wednesday, 24 September 2003 20:30 To: [EMAIL PROTECTED] Subject: [squid-users] Squid Authentication Hi, I have been running the squid proxy quite well with restricted access. Now I have added three lines (1,23) in the configuration for getting authentication from NT domain, though the authentication works ok but the user can go to any site. The restriction defined by acl name BBHOME does not work. Can some one explain why and what is remedy. See the configuration below: 1. auth_param basic program /usr/local/squid/libexec/msnt_auth NT_dom 2. acl RAKESH proxy_auth REQUIRED acl BBHOME dstdomain .nai.com acl BBHOME dstdomain .mcafeeb2b.com acl BBHOME dstdomain a64.g.akamai.net ## acl myhost dst 168.187.148.226/255.255.255.255 acl myhost dst www.webimmune.net acl NOSITE dstdomain 0.0.0.0/0.0.0.0 acl all src 0.0.0.0/0.0.0.0 http_access allow localhost http_access allow BBHOME 3. http_access allow RAKESH http_access allow myhost http_access deny NOSITE Cheers, Rakesh Jha # DISCLAIMER Any non-official business related views, opinions and other information presented in this electronic mail are solely those of the sender/author. Burgan Bank does not endorse or accept responsibility for these opinions, views or conclusions. If you are not the addressee indicated in this electronic mail or responsible for delivering this electronic message to the inteded recipient, you should delete this message and notify the sender immediately. Burgan Bank # CAUTION - This message may contain privileged and confidential information intended only for the use of the addressee named above. If you are not the intended recipient of this message you are hereby notified that any use, dissemination, distribution or reproduction of this message is prohibited. If you have received this message in error please notify Air New Zealand immediately. Any views expressed in this message are those of the individual sender and may not necessarily reflect the views of Air New Zealand. _ For more information on the Air New Zealand Group, visit us online at http://www.airnewzealand.com _
Re: [squid-users] ftp receive buffer size?
hmm.. Thanx Rob, I definetely should try that readahead setting, but problem is that I cant any info about it. Tried google -- no luck, my default squid.conf doesn't have it too. Any clue how this setting sounds? I've found only one similar: # A value of 0 causes Squid to never fetch more than the # client requested. (default) # #Default: # range_offset_limit 0 KB uncommented it (quite useless, i know, but i had to try :), same result. Thanx in advance. I'll note though, that squid should not be reading 300Kb when the client has only recieved 10KB. Check your readahead gap in squid.conf. If that is set high, lower it. If that is not set, or is set lower than 100Kb, then there is probably a bug in squid related to FTP and readahead. If you are running a version earlier than squid 2.5, upgrade, or if you are running a 2.5 version, please file a bug in bugzilla. - Original Message - From: Robert Collins [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: Squid Users [EMAIL PROTECTED] Sent: Thursday, September 25, 2003 12:53 AM Subject: RE: [squid-users] ftp receive buffer size?
Re: [squid-users] ftp receive buffer size?
On Thu, 2003-09-25 at 10:11, Copland wrote: hmm.. Thanx Rob, I definetely should try that readahead setting, but problem is that I cant any info about it. Tried google -- no luck, my default squid.conf doesn't have it too. Any clue how this setting sounds? What version of squid do you have? Rob -- GPG key available at: http://members.aardvark.net.au/lifeless/keys.txt. signature.asc Description: This is a digitally signed message part
RE: [squid-users] proxy_auth help
Hi Thron, I think you need to use proxy_auth_regex instead of proxy_auth You may need to ./configure with --enable-gnuregex in order to use this. Andrew. -Original Message- From: Thron [mailto:[EMAIL PROTECTED] Sent: Wednesday, 24 September 2003 16:58 To: [EMAIL PROTECTED] Subject: [squid-users] proxy_auth help Hi all, How can I get the acl command proxy_auth to read a file? What I have now is: acl acl_name proxy_auth -i /usr/local/squid/allow the allow file has domain\user-name domain\user-name and it wont read the file but if I have this command: acl acl_name proxy_auth -i domain\user-name domain\user-name it reads the user name and authorizes the user. What am I doing wrong? Thanks for your help Thron __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com CAUTION - This message may contain privileged and confidential information intended only for the use of the addressee named above. If you are not the intended recipient of this message you are hereby notified that any use, dissemination, distribution or reproduction of this message is prohibited. If you have received this message in error please notify Air New Zealand immediately. Any views expressed in this message are those of the individual sender and may not necessarily reflect the views of Air New Zealand. _ For more information on the Air New Zealand Group, visit us online at http://www.airnewzealand.com _
Re: [squid-users] ftp receive buffer size?
hmm.. Thanx Rob, I definetely should try that readahead setting, but problem is that I cant any info about it. Tried google -- no luck, my default squid.conf doesn't have it too. Any clue how this setting sounds? What version of squid do you have? sorry, forgot to mention. 2.5 STABLE3
Re: [squid-users] ftp receive buffer size?
On Thu, 2003-09-25 at 10:34, Copland wrote: hmm.. Thanx Rob, I definetely should try that readahead setting, but problem is that I cant any info about it. Tried google -- no luck, my default squid.conf doesn't have it too. Any clue how this setting sounds? What version of squid do you have? sorry, forgot to mention. 2.5 STABLE3 Ah, it's a 3.0 feature only - oops. Well, please log a bug in bugzilla for this, when I get some time I'll review and see if the cause is a read ahead bug. You could try 3.0 and see if that shows the same issue for you. Rob -- GPG key available at: http://members.aardvark.net.au/lifeless/keys.txt. signature.asc Description: This is a digitally signed message part
RE: [squid-users] Authentication by NT Domain Server
See the FAQ regarding Authentication and the Winbind helpers Regards Jay -Original Message- From: Altrock, Jens [mailto:[EMAIL PROTECTED] Sent: Wednesday, 24 September 2003 9:46 PM To: '[EMAIL PROTECTED]' Subject: [squid-users] Authentication by NT Domain Server Hi all! Am new to this group (and to squid), so sorry if my question is little bit outdated :) I am setting up a Squid proxy server on a machine that network users should use as proxy :) The network behind though is a Windows NT Domain, so I want to use the NT authentication to register when using the proxy (so only authenticated users can use that proxy). Is there a possibility to realize that and if where can I get information about that? Thanks in advance, Jens Altrock ### Diese Nachricht wurde von F-Secure Anti-Virus gescannt. This message has been scanned by F-Secure Anti-Virus.
[squid-users] Re: Squid2.5 config problem on W2KServer
I think you might just miss one line; visible_hostname name.it.whatever.you.like ##ignore the Vivek Kulkarni writes: I'm trying to setup squid 2.5 on win2k server box. This box has 2 NIC cards, one internal other going to internet. The error I get is ' could not determine fully qualified hostname'. In my config file I've visible_hostname set to the local machine's hostname. I even tried setting the internale IP as visible_hostnem but no luck. Can someone please tell me what am I missing? Thanks, Vivek .::DAMK::.
RE: [squid-users] Re: Squid2.5 config problem on W2KServer
You also need an entry in DNS or in your \etc\hosts which matches the visible_hostname entry in your squid.conf Andrew. -Original Message- From: dwi amk [mailto:[EMAIL PROTECTED] Sent: Thursday, 25 September 2003 14:45 To: [EMAIL PROTECTED] Subject: [squid-users] Re: Squid2.5 config problem on W2KServer I think you might just miss one line; visible_hostname name.it.whatever.you.like ##ignore the Vivek Kulkarni writes: I'm trying to setup squid 2.5 on win2k server box. This box has 2 NIC cards, one internal other going to internet. The error I get is ' could not determine fully qualified hostname'. In my config file I've visible_hostname set to the local machine's hostname. I even tried setting the internale IP as visible_hostnem but no luck. Can someone please tell me what am I missing? Thanks, Vivek .::DAMK::. CAUTION - This message may contain privileged and confidential information intended only for the use of the addressee named above. If you are not the intended recipient of this message you are hereby notified that any use, dissemination, distribution or reproduction of this message is prohibited. If you have received this message in error please notify Air New Zealand immediately. Any views expressed in this message are those of the individual sender and may not necessarily reflect the views of Air New Zealand. _ For more information on the Air New Zealand Group, visit us online at http://www.airnewzealand.com _
[squid-users] Re: Compile Error
On Thu, 2003-09-25 at 06:03, WA Support wrote: Hello, I am trying to compile squid-3.0-PRE3-20030830 on a Redhat 7.3 system. I suggest you grab a newer snapshot... some key bugs where fixed in the last week. I just upgraded gcc from gcc-2.9.6 that came with the Redhat distribution to gcc-3.2.3 that I got from the gnu.org tarball. ... If you meant to cross compile, use `--host'. See `config.log' for more details. configure: error: /bin/sh './configure' failed for lib/libTrie Any ideas what might be going on here? If you check lib/libTrie/config.log you'll probably find that a.out couldn't be run. That suggests that you have a library problem. try creating a dummy source program: foo.cc: #include iostream int main (int argc, char **argv) { return 0; } and compile: g++ foo.cc this should create a.out Now, run it: ./a.out if you get any errors, your c++ install is bust. My WAG: you installed g++ into /usr/local/ and /usr/local/lib isn't in your ld.so.conf. Rob -- GPG key available at: http://members.aardvark.net.au/lifeless/keys.txt. signature.asc Description: This is a digitally signed message part