[squid-users] Is there a squid_ldap_auth FAQ or trouble shoot help?
Hi All, Anyone knows if there is a FAQ or troubleshoot site specially dedicated for the implementation of squid_ldap_auth? Something similar to the squid faq. I searched through the web but couldn't find much help for squid_ldap_auth. thanks all, Regards Yong
Re: [squid-users] squid_ldap_auth from command line do nothing ...and display no further prompt from terminal
On Mon, 2004-12-06 at 14:56, Yong Bong Fong wrote: > Hello All, > >When I typed my squid_ldap_auth command as shown below, it always do > nothing. \ What happens if you just type the command w/o any other options? > Other people seems to get a follow-up response of a prompt for > username and password from the machine, and then further prompting an > error or ok message back to user. > But my command seems to just stuck there without further progress, see > below: > > [EMAIL PROTECTED] root]# /usr/lib/squid/squid_ldap_auth -b dc=shinyang, > dc=com, > dc=my -D cn=root,dc=shinyang,dc=com,dc=my -w -f > '(&(objectclass=person)(cn=%s))' -h 172.16.0.21 > (it just stops there and do nothing) > > *where should I track down the problem for this? > > Thanks in advance > > Regards > Yong > > > > > > > > -- Ow Mun Heng Gentoo/Linux on D600 1.4Ghz Neuromancer 17:21:40 up 8:02, 4 users, 0.70, 0.53, 0.44
Re: [squid-users] ./squid_ldap_auth command says "bash: ./squid_ldap_auth: No such file or directory"
On Mon, 2004-12-06 at 09:29, Yong Bong Fong wrote: > Dear all, > >I was trying to test my squid_ldap_auth from the terminal as shown > > *As seen above, it responded with "bash: ./squid_ldap_auth:no such file > or directory" Works for me :-) Either you're doing something wrong or... try an strace of it?? ./squid_ldap_auth Usage: squid_ldap_auth -b basedn [options] [ldap_server_name[:port]]... -b basedn (REQUIRED)base dn under which to search -f filter search filter to locate user DN -u userattr username DN attribute -s base|one|sub search scope -D binddn DN to bind as to perform searches -w bindpasswd password for binddn -W secretfile read password for binddn from file secretfile -H URI LDAPURI (defaults to ldap://localhost) -h server LDAP server (defaults to localhost) -p port LDAP server port -P persistent LDAP connection -c timeout connect timeout -t timelimitsearch time limit -R do not follow referrals -a never|always|search|find when to dereference aliases -v 2|3 LDAP version -Z TLS encrypt the LDAP connection, requires LDAP version 3 If no search filter is specified, then the dn =user,basedn will be used (same as specifying a search filter of '=', but quicker as as there is no need to search for the user DN) If you need to bind as a user to perform searches then use the -D binddn -w bindpasswd or -D binddn -W secretfile options
Re: [squid-users] Cache Hits: 0.00000
On Sun, 2004-12-05 at 23:37, Lucia Di Occhi wrote: > I am either having a problem or my machine is faster than lightning :-) > I am running: > > Squid Cache: Version 2.5.STABLE7 > Dell 6550 dual Intel(R) Xeon(TM) MP CPU 2.70GHz - 512 KB cache and 3G Ram > with 3 disks in Raid5 > (quite a sweet machin That is a real sweet machine. bit off-track, but what's the diff with Xeon and P4, I initially thought it was just the L2(or is it L1) cache? > > Cache Hits:0.0 0.0 > Is this possible? Is it that everything is contained in Memory?? TCP_MEM_HIT as opposed to TCP_HIT? > > Median Service Times (seconds) 5 min60 min: > HTTP Requests (All): 0.00562 0.05331 > Cache Misses: 0.18699 0.14252 > Cache Hits:0.0 0.0 > Near Hits: 0.0 0.12783 > Not-Modified Replies: 0.0 0.0 > DNS Lookups: 0.06364 0.00190 > ICP Queries: 0.0 0.0 > > Also I'd like to know why is my 50G /cache never filling up. I have the > following settings: > cache_mem 512 MB > cache_dir ufs /cache 5 16 256 > I'd like to use the whole 100G someday but I am noticing that no matter what > I can't even fill 50% of my 50G /cache > > On the above note, I am trying to maximize speed since I have a very large > pipe to the internet. Any recommendations or suggestions? You already have a _very_ large pipe. What more do you want? :-)
Re: [squid-users] RE: ip_wccp Compilation error on RH ES3
Hello all i already ask to help me for a special configuration of squid. Clients==>SQUID reverse proxy==> SERVER HTTPS HTTPS All the clients use a certificate. i already configure Squid to recognize this certificate. It is working fine. But this certificate must me forward to the server (via squid)because we use the user name of this certificate in the server application . Can you give me some advice ? i want squid totally transparent for this certificate Thank you for your Help David
[squid-users] squid -k reconfigure crash parallel instances
Hello List, first i´m not a squid expert! I think i have a stupid problem! I use one squid direct from SUSE Distrubition for our internet proxy, and one squid (self compield Version 3.0-PRE3) as reverse proxy. Now the Problem! If i run "squid -k reconfigure" from the "SUSE-Squid" i think i crash the compiled squid! Any tips ? thx christian
Re: [squid-users] squid -k reconfigure crash parallel instances
On Mon, 06 Dec 2004 13:47:22 +0100, Christian Klinger <[EMAIL PROTECTED]> wrote: > Hello List, > > first i´m not a squid expert! > > I think i have a stupid problem! I use one squid direct from SUSE > Distrubition for our internet proxy, and one squid (self compield > Version 3.0-PRE3) as reverse proxy. > > Now the Problem! > > If i run "squid -k reconfigure" from the "SUSE-Squid" i think i crash > the compiled squid! > > Any tips ? For each instance you will have a config file. You can do # squid -k reconfigure -f This should solve your problem. Venkatesh K > > thx christian > >
[squid-users] Re: squid -k reconfigure crash parallel instances
Venkatesh K wrote: On Mon, 06 Dec 2004 13:47:22 +0100, Christian Klinger <[EMAIL PROTECTED]> wrote: Hello List, first i´m not a squid expert! I think i have a stupid problem! I use one squid direct from SUSE Distrubition for our internet proxy, and one squid (self compield Version 3.0-PRE3) as reverse proxy. Now the Problem! If i run "squid -k reconfigure" from the "SUSE-Squid" i think i crash the compiled squid! Any tips ? For each instance you will have a config file. You can do # squid -k reconfigure -f This should solve your problem. Venkatesh K thx christian Thx for your fast answer! But it has the same bad effect! Maybe it depends on how i start the two squid servers. SUSE Squid rcsquid start --> i think without the -f parameter compiled squid --> /usr/local/sbin/squid -N - christian
[squid-users] NAT port translation
Hi, I have the following setup: Users <---> FW <---> Squid <---> Internet 1) The firewal (FW) interface, facing Squid is configure with PAT. 2) Squid is listening at port 8080. When I execute "netstat -na" on squid, I see a lot of session established from FW to Squid and Squid to Internet. May I know to identify the actual session from FW to Internet. Take note my FW is doing a PAT. This is what appear in "netstat -na": Squid IP address facing FW -- 10.10.10.2 FW IP address facing squid -- 10.10.10.1 Squid External IP address facing Internet -- 10.10.20.1 Internet IP address are public IPs Local Address--Foreign Address 10.10.10.2:8080--10.10.10.1:12312 10.10.10.2:8080--10.10.10.1:22341 10.10.10.2:8080--10.10.10.1:33810 10.10.10.2:8080--10.10.10.1:33879 ... 10.10.20.1:22091--InternetIP1:12312 10.10.20.1:22092 --InternetIP2:22341 10.10.20.1:22093--InternetIP3:33810 10.10.20.1:22109 --InternetIP4:33879 .. My access.log access logs are not help, all I can is only the FW IP address (10.10.10.1) (PAT). 1231231231.004 5678 10.10.10.1 TCP_MISS .. 1231231567.020 23 10.10.10.1 TCP_MISS .. 1231231688.027 69 10.10.10.1 TCP_MISS .. 1231231899.004 430 10.10.10.1 TCP_MISS .. Is there a way to find out how Squid translate internally, meaning session from "10.10.10.1:22341" is the same session for "10.10.20.1:22092". Thanks, Andy
[squid-users] Re: squid_ldap_auth from command line do nothing ...and display no further prompt from terminal
Yong Bong Fong wrote: >When I typed my squid_ldap_auth command as shown below, it always do > nothing. Other people seems to get a follow-up response of a prompt for > username and password from the machine, and then further prompting an > error or ok message back to user. No, there is no prompt for the username and password. It just sits there, seeminly doing nothing, until you type "username password" (without the quotes) and hit enter. Then it responds with "OK" or "ERR". What you are seeing is perfectly normal. Adam
[squid-users] Re: Is there a squid_ldap_auth FAQ or trouble shoot help?
Yong Bong Fong wrote: > Anyone knows if there is a FAQ or troubleshoot site specially > dedicated for the implementation of squid_ldap_auth? > Something similar to the squid faq. Have you read the man page? Adam
Re: [squid-users] Re: squid -k reconfigure crash parallel instances
Hi Christian, > >>I think i have a stupid problem! I use one squid direct from SUSE > >>Distrubition for our internet proxy, and one squid (self compield > >>Version 3.0-PRE3) as reverse proxy. > >> > >>Now the Problem! > >> > >>If i run "squid -k reconfigure" from the "SUSE-Squid" i think i crash > >>the compiled squid! Just to be sure: Are you running both on the same machine? Why do you not use two instances of the Squid provided with the SUSE distribution? (BTW: Which version of SUSE LINUX are you running?) .. > Thx for your fast answer! But it has the same bad effect! Maybe it > depends on how i start the two squid servers. > > SUSE Squid rcsquid start --> i think without the -f parameter > compiled squid --> /usr/local/sbin/squid -N What is your exact command for starting them (including all options)? And what are your configuration files? Regards, Peter -- Peter Albrecht, Novell, [EMAIL PROTECTED]
AW: [squid-users] Re: squid -k reconfigure crash parallel instances
This might be the the SUSE-shipped squid > SUSE Squid rcsquid start --> i think without the -f parameter > compiled squid --> /usr/local/sbin/squid -N The rcsquid is only a start-script and normal start the /usr/local/sbin/squid . Thus both is SUSE-shipped. Just type "squid -v" to see the correct version. Your cooperation is welcome. Mit freundlichen Grüßen, Volker Neise Süd-Chemie AG, Munich Corporate Information Management - Internet / Intranet Tel. ++49-89-5110-428 Fax ++49-89-5110-71428 > -Ursprüngliche Nachricht- > Von: news [mailto:[EMAIL PROTECTED] Im Auftrag von Christian Klinger > Gesendet: Montag, 6. Dezember 2004 14:36 > An: [EMAIL PROTECTED] > Betreff: [squid-users] Re: squid -k reconfigure crash > parallel instances > > Venkatesh K wrote: > > On Mon, 06 Dec 2004 13:47:22 +0100, Christian Klinger > > <[EMAIL PROTECTED]> wrote: > > > >>Hello List, > >> > >>first i´m not a squid expert! > >> > >>I think i have a stupid problem! I use one squid direct from SUSE > >>Distrubition for our internet proxy, and one squid (self compield > >>Version 3.0-PRE3) as reverse proxy. > >> > >>Now the Problem! > >> > >>If i run "squid -k reconfigure" from the "SUSE-Squid" i > think i crash > >>the compiled squid! > >> > >>Any tips ? > > > > > > For each instance you will have a config file. You can do > > > > # squid -k reconfigure -f > > > > This should solve your problem. > > > > Venkatesh K > > > > > >>thx christian > > Thx for your fast answer! But it has the same bad effect! Maybe it > depends on how i start the two squid servers. > > SUSE Squid rcsquid start --> i think without the -f parameter > compiled squid --> /usr/local/sbin/squid -N > > - christian > >
Re: [squid-users] Re: squid -k reconfigure crash parallel instances
On Mon, 06 Dec 2004 14:35:34 +0100, Christian Klinger <[EMAIL PROTECTED]> wrote: > Venkatesh K wrote: > > > > On Mon, 06 Dec 2004 13:47:22 +0100, Christian Klinger > > <[EMAIL PROTECTED]> wrote: > > > >>Hello List, > >> > >>first i´m not a squid expert! > >> > >>I think i have a stupid problem! I use one squid direct from SUSE > >>Distrubition for our internet proxy, and one squid (self compield > >>Version 3.0-PRE3) as reverse proxy. > >> > >>Now the Problem! > >> > >>If i run "squid -k reconfigure" from the "SUSE-Squid" i think i crash > >>the compiled squid! > >> > >>Any tips ? > > > > > > For each instance you will have a config file. You can do > > > > # squid -k reconfigure -f > > > > This should solve your problem. > > > > Venkatesh K > > > > > >>thx christian > > Thx for your fast answer! But it has the same bad effect! Maybe it > depends on how i start the two squid servers. > > SUSE Squid rcsquid start --> i think without the -f parameter > compiled squid --> /usr/local/sbin/squid -N > Nothing to worry about. I think you can add -f parameter to rcsquid. That should solve your problem. Else, you can even consider using your own rc scripts for starting both instances. Venkatesh K
Re: AW: [squid-users] Re: squid -k reconfigure crash parallel instances
Hi, On Monday 06 December 2004 15:22, Neise, Volker wrote: > This might be the the SUSE-shipped squid > > > SUSE Squid rcsquid start --> i think without the -f parameter > > compiled squid --> /usr/local/sbin/squid -N > > The rcsquid is only a start-script and normal start > the /usr/local/sbin/squid . Thus both is SUSE-shipped. /etc/init.d/squid starts /usr/sbin/squid, so this should not be the self-compiled version. Peter -- Peter Albrecht [EMAIL PROTECTED] Novell Worldwide Training Services Novell GmbH Phone +49-89-20600-1801 Frankfurter Ring 115a Fax +49-89-20600-2100 D-80807 Munich http://www.novell.com/training/
[squid-users] second cache does receive requests
Hi, I am using a router to redirect all the packets to my cache using WCCP. Now I have added another cache to the router. The packets are seen redirected on the router to the second cache but my access.log on the second cache does not show any entries. I have tried using the cache independently and it works fine. What could be the problem. Thanks Shantanu -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.289 / Virus Database: 265.4.6 - Release Date: 12/5/2004
[squid-users] Compiling Squid and Linux Red Hat
I'm currently a student working on making a web cache off of Linux Red Hat for my school. I've been messing around with squid for a bit and nothing has worked. I've got the source for their latest release and I'm not really sure how I'm supposed to compile it. The guide tells me to run ./configure --prefix=/usr/local/squid after I've extraced the source to /usr/local/squid/src which I have done. However, the shell comes back and tells me that the directory ./configure does not exist. I'm running Linux Red Hat 9.0 Thanks in advance to anyone who can help with this problem.
Re: [squid-users] Fw: squid_ldap_group config
Hello Kelly, From the man page for squid_ldap_group: - -f filter LDAP search filter used to search the LDAP directory for any matching group memberships. In the filter %u will be replaced by the user login name (or DN if the -F or -u options are used) and %g by the requested group name. -F filter LDAP search filter used to search the LDAP directory for any matching users. In the filter %s will be replaced by the user login name. If % is to be included literally in the filter then use %%. - The lower case dash f, "-f", is a filter used to match group records from your LDAP database. The upper cas dash F, "-F", is a filter used to match user records from your LDAP database. As for the definition I defined and used here at KCL, I allow two different styles of user name recognition when replying to a proxy challenge. One is by the user's identifier (UID) the other is by the user's E-Mail address. - external_acl_type ldap_group %LOGIN /usr/lib/squid/squid_ldap_group -h ldap.komatsu.ca -p 389 -P -b o=komatsu -F "(|(uid=%s)(mail=%s))" -f "(&(cn=%g)(uniquemember=%u)(objectClass=groupOfUniqueNames))" - If your LDAP schema uses a different tag for the user identifier than "uid", you may want to consider using the "-F" option. Hope this helps. Sorry for the delayed reply. Last week became quite busy... Tim --- Timothy E. Neto Computer Systems Engineer Komatsu Canada Limited Ph#: 905-625-6292 x2651725B Sismet Road Fax: 905-625-6348 Mississauga, Canada E-Mail: [EMAIL PROTECTED] L4W 1P9 --- [EMAIL PROTECTED] wrote: Hi Tim - Looking over what you sent me, I have made a few changes. First, I have taken port 21 out of Safe_ports, since I don't want free access to FTP downloads. What is going on in your squid_ldap_auth line? what is the difference between "-F" and "-f"? the man page does not even mention -F. I have modified my set thus far: external_acl_type ldap_group %LOGIN /usr/sbin/squid_ldap_group -b ou=techsvc,o=gps -D cn=squid,ou=global,o=gps -w -f "(&(cn=%s)(groupMembership=cn=RestrictedInternetAccess,ou=techsvc,o=gps))" -h FS-GPS1.GPS acl Restricted port 20 21 1025-65535 acl RestrictedUsers external ldap_group RestrictedInternetAccess acl OpenUsers external ldap_group InternetAccess http_access allow Restricted OpenUsers http_access deny !Safe_ports Am I doing something wrong with the external_acl_type line? Kelly Connor Network Technician Gilbert Unified School District [EMAIL PROTECTED]
RE: [squid-users] Compiling Squid and Linux Red Hat
Try this: cd /usr/local/squid/src ./configure --prefix=/usr/local/squid That should get the compile started. RedHat 9 is no longer supported. You might be better off installing the newest Fedora Core (http://fedora.redhat.com/) (or an other distribution of Linux, such as SUSE http://www.novell.com/linux/suse/index.html), and using the supplied package files. When you start compiling software on a distribution that doesn't use that as its primary update method (Gentoo is one that does), you become more responsible for keeping it up to date. Instead of just using YUM (http://www.linux.duke.edu/projects/yum/) or apt-rpm (http://freshrpms.net/apt/) to keep your system up to date, you have to monitor mailing lists. Not that there's anything wrong with that. *shrug* In any case, you might check to see if your school library has any books on Linux administration. Chris -Original Message- From: THBOY [mailto:[EMAIL PROTECTED] Sent: Monday, December 06, 2004 7:21 AM To: [EMAIL PROTECTED] Subject: [squid-users] Compiling Squid and Linux Red Hat I'm currently a student working on making a web cache off of Linux Red Hat for my school. I've been messing around with squid for a bit and nothing has worked. I've got the source for their latest release and I'm not really sure how I'm supposed to compile it. The guide tells me to run ./configure --prefix=/usr/local/squid after I've extraced the source to /usr/local/squid/src which I have done. However, the shell comes back and tells me that the directory ./configure does not exist. I'm running Linux Red Hat 9.0 Thanks in advance to anyone who can help with this problem.
Re: Re: [squid-users] Windows Update Parent Cache Problem
> Now the funny part: If I copy the URL WU requested from squid's access.conf and enter it into my browser on the Mac, the file starts to download. Now i kick WU again and it works - and keeps working for this file even after canceling the browser request. Some ideas ? Do you mean after canceling the browser request in mac? Venkatesh K Yes. I start the request on the mac (using safari) and wait 10 seconds. Then I ask WU to download/install the file on Windows. It starts downloading (this doesn't work without the previous mac action). Then I cancel the request on the mac (at about 25 %) and Windows happily continues to download and install the whole file. (BTW. I mean access.log not access.conf) ML
[squid-users] Problem with WCCP on OpenBSD
I just loaded squid-2.5.STABLE7 on an OpenBSD 3.6 machine. Squid seems to be working fine when I setup a browser proxy directly to port 3128. However, I am attempting to setup WCCP on the Cisco router(IOS 12.2) to redirect web traffic to the Squid cache and have run into a bit of a problem. The Cisco shows the squid cache is available and is communication with all the normal HERE_I_AM/I_SEE_YOU messages. The WCCP counters are incrementing when I try to hit a web site and I see the router is redirecting packets to the cache but the access.log does not show the requests making it to Squid. I am assuming that my port 80->3128 redirection or the GRE un-encapsulation is not happening right. Here is my PF translation rule: rdr on fxp0 inet proto tcp from any to any port 80 -> 127.0.0.1 port 3128 I do have "net.inet.ip.forwarding=1" and "net.inet.gre.wccp=1" set. I have compiled squid with the "enable-pf-transparent" option. Here is a short snippet from a tcpdump of the router when trying to access a web site via WCCP. 15:03:08.951713 207.19.167.199.2048 > cache1.metalink.net.2048: udp 64 15:03:19.140050 cache1.metalink.net.2048 > 207.19.167.199.2048: udp 52 15:03:19.141997 207.19.167.199.2048 > cache1.metalink.net.2048: udp 64 15:03:20.131678 gre-proto-0x883e (gre encap) 15:03:23.128623 gre-proto-0x883e (gre encap) 15:03:29.138911 gre-proto-0x883e (gre encap) 15:03:29.160045 cache1.metalink.net.2048 > 207.19.167.199.2048: udp 52 15:03:29.161871 207.19.167.199.2048 > cache1.metalink.net.2048: udp 64 Anyone, have any idea what I missed or am doing wrong? Thanks in advance! === Eric Merkel MetaLINK Technologies, Inc
[squid-users] ntlm auth & java plugin
hello all, I'v setup a squid with ntlm & basic auth throught winbind, now I'v a problem with java plugin, when i go to a web page with applet java the jvm ask me for a password; I'v read that the jvm & ie doesent share the credential so howto solve that problem for not to ask a password to user (without acl to tunnel java request) ? thnx a lot. Libero ADSL: 3 mesi gratis e navighi a 1.2 Mega, senza costi di attivazione. Abbonati subito su http://www.libero.it
[squid-users] Re: ntlm auth & java plugin
[EMAIL PROTECTED] wrote: > I'v setup a squid with ntlm & basic auth throught winbind, now I'v > a problem with java plugin, when i go to a web page with applet java the > jvm ask me for a password; I'v read that the jvm & ie doesent share the > credential so howto solve that problem for not to ask a password to user > (without acl to tunnel java request) ? Is this the Sun JVM? If so, check the configuration in Control Panel - there may be a section for configuring proxy settings (including a username and password to use). Adam
Re: Re: [squid-users] Windows Update Parent Cache Problem
On Mon, 6 Dec 2004 20:51:06 +0100, Martin Loehnertz <[EMAIL PROTECTED]> wrote: > > > Now the funny part: If I copy the URL WU requested from squid's > >> access.conf and enter it into my browser on the Mac, > >> the file starts to download. Now i kick WU again and it works - and > >> keeps working for this file even after canceling the browser request. > >> > >> Some ideas ? > > > >Do you mean after canceling the browser request in mac? > > > >Venkatesh K > > > Yes. I start the request on the mac (using safari) and wait 10 > seconds. Then I ask WU to download/install the file on Windows. It > starts downloading (this doesn't work without the previous mac > action). Then I cancel > the request on the mac (at about 25 %) and Windows happily continues > to download and install the whole file. (BTW. I mean access.log not > access.conf) Can you paste the entry in access.log when windowsupdate failed? Venkatesh K
[squid-users] my login kept replying with "ERR", is it something to do with squid_ldap_auth.c?
Hello, I am having trouble getting pass a login prompt. It just keep giving me ERR. Somewhere in the archive, i read that Henrik mentioned that we need to modifythe "squid_ldap_auth.c file. However I searched through the internet and read the instructions about setting up squid_ldap_auth hardly anyone mentioned about "squid_ldap_auth.c". I am wondering if my login failure is because I missed that part to deal with "squid_ldap_auth.c" ? where exactly in the directory is squid_ldap_auth.c stored? I canot find the file with locate or find command. I read from the archive someone called Shahin Hacikuliev faced similar problem too with his login keep producing ERR. But the replies he got was not quite related to his question. I can bind and search users with ldapsearch without problem, just cannot get pass the login prompt after typing in login name and password. Where are the possible errors of my work? Thanks all, regards yong
Re: [squid-users] Compiling Squid and Linux Red Hat
> I'm currently a student working on making a web cache off of Linux Red > Hat for my school. I've been messing around with squid for a bit and > nothing has worked. I've got the source for their latest release and > I'm not really sure how I'm supposed to compile it. The guide tells me > to run ./configure --prefix=/usr/local/squid after I've extraced the > source to /usr/local/squid/src which I have done. However, the shell > comes back and tells me that the directory ./configure does not exist You may be trying to use binary version of squid. Download Stable version squid from http://www.squid-cache.org/Versions/v2/2.5/ Visolve is having a startup guide to setup squid easily. It is available as, http://squid.visolve.com/squid/sqguide.htm If you get problem, let us know more. Best Wishes Visolve Squid Development Team. = URL : http://squid.visolve.com/ mail : [EMAIL PROTECTED] =
Re: [squid-users] my login kept replying with "ERR", is it something to do with squid_ldap_auth.c?
Yong Bong Fong wrote: Hello, I am having trouble getting pass a login prompt. It just keep giving me ERR. Somewhere in the archive, i read that Henrik mentioned that we need to modifythe "squid_ldap_auth.c file. However I searched through the internet and read the instructions about setting up squid_ldap_auth hardly anyone mentioned about "squid_ldap_auth.c". I am wondering if my login failure is because I missed that part to deal with "squid_ldap_auth.c" ? where exactly in the directory is squid_ldap_auth.c stored? I canot find the file with locate or find command. I read from the archive someone called Shahin Hacikuliev faced similar problem too with his login keep producing ERR. But the replies he got was not quite related to his question. I can bind and search users with ldapsearch without problem, just cannot get pass the login prompt after typing in login name and password. Where are the possible errors of my work? Thanks all, regards yong squid_ldap_auth.c is the source file for the squid_ldap_auth helper so it is in the source tarball. I think it's under helpers/basic_auth/LDAP. I don't know why you'd need to modify it in any way. I had a look at the code and I don't dare to touch it even in order to understand how it works better. Regards, Oliver
[squid-users] Squid RPM compile flags (was cache hit 0.0000)
Thanks for all your replies on the cache hit. I had just installed my squid server during the weekend and it wasn't running it under heavy load. Now under heavier load I can see the cache hits showing up and given the more memory and CPU cache I definitely have a better response on cache hits than I had on my older dell 1750. But Let me ask you gurus a question: I have noticed that some stats are quite impressive compared to my previous box (dell 1750), but some others are definitely worst on my new box (dell 6550). The main difference I am noticing is on cache missed where my old box outperformed the new one by a factor of 3. I am guessing that this cannot be related to disk performance since the new box has 3 disks in hardware raid5 like the old one did and the disks on the new box are faster. Also I am using the same FS (ext3). The only difference as far as quid is: - on the old dell 1750 I was using squid2.5-Stable5 from the redhat RPM - on the new dell 6550 I am using squid2.5-Stable7 compiled from source with the flags that I had posted. Now my question is: what are the compile flags used in the fedora RPMS? I could get the list of configure flags on the old box (squid installed by RPM) by doing a squid -v and so I did replicate most of them for the new box eliminating some NTLM and other stuff I do not use, but how about the compile flags? How do I know which flags are passed to make in the RPM? Could it be that the compile flags used by just typing make are different from the compile flags used in the RPM? Thanks. From: "Elsen Marc" <[EMAIL PROTECTED]> To: "Lucia Di Occhi" <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> Subject: RE: [squid-users] Cache Hits: 0.0 Date: Mon, 6 Dec 2004 07:27:25 +0100 > > I am either having a problem or my machine is faster than > lightning :-) > I am running: > > Squid Cache: Version 2.5.STABLE7 > configure options: --program-prefix= --prefix=/usr > --exec-prefix=/usr > --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc > --datadir=/usr/share > --includedir=/usr/include --libdir=/usr/lib --libexecdir=/usr/libexec > --localstatedir=/var --sharedstatedir=/usr/com > --mandir=/usr/share/man > --infodir=/usr/share/info --exec_prefix=/usr --bindir=/usr/sbin > --libexecdir=/usr/lib/squid --localstatedir=/var > --sysconfdir=/etc/squid > --enable-poll --enable-snmp --enable-removal-policies=heap,lru > --enable-storeio=aufs,coss,diskd,null,ufs --enable-ssl > --with-openssl=/usr/kerberos --enable-delay-pools > --enable-linux-netfilter > --with-pthreads --enable-useragent-log --enable-referer-log > --disable-dependency-tracking --enable-cachemgr-hostname=localhost > --disable-ident-lookups --enable-truncate --enable-underscores > --datadir=/usr/share > > compiled from source on a freshly installed Fedora Core 3 > system with the > following specs: > Dell 6550 dual Intel(R) Xeon(TM) MP CPU 2.70GHz - 512 KB > cache and 3G Ram > with 3 disks in Raid5 > (quite a sweet machine) Well it seems that something is quite wrong. > > Cache Hits:0.0 0.0 > Is this possible? Note that this value denotes the median service time for cache hits. It does not say that there are not any hits. As to why it is 0 , perhaps currently your squid is lightly loaded. > > Median Service Times (seconds) 5 min60 min: >HTTP Requests (All): 0.00562 0.05331 >Cache Misses: 0.18699 0.14252 >Cache Hits:0.0 0.0 >Near Hits: 0.0 0.12783 >Not-Modified Replies: 0.0 0.0 >DNS Lookups: 0.06364 0.00190 >ICP Queries: 0.0 0.0 > > Also I'd like to know why is my 50G /cache never filling up. > I have the > following settings: > cache_mem 512 MB > cache_dir ufs /cache 5 16 256 > I'd like to use the whole 100G someday but I am noticing that > no matter what > I can't even fill 50% of my 50G /cache That depends on your users Internet access profile (too). Suppose they are all accessing objects with short lifetimes. Theoretically that behavior could even be worse. You may have a light load , or you didn't wait long enough. It can take up to a week to fill the cache. What is your average http reqs/sec ? M. > > On the above note, I am trying to maximize speed since I have > a very large > pipe to the internet. Any recommendations or suggestions? > > Thank you guys! > > _ > Express yourself instantly with MSN Messenger! Download today > - it's FREE! > http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ > > _ Dont just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/
Re: [squid-users] Squid RPM compile flags (was cache hit 0.0000)
On Monday 06 December 2004 10:40 pm, Lucia Di Occhi wrote: [snip] > Now my question is: what are the compile flags used in the fedora RPMS? The standard flags (FC3, for x86 systems) are "-march=i386 -mcpu=pentium4 -O2". That is, the i386 instruction set is used, with the instructions arranged to most benefit a Pentium4 CPU. These default flags can be overridden in /etc/rpmrc or by editing the spec file in the source RPM package. As long as I am writing, I will also note that ext3 is bad for Squid. The preferred filesystem is ReiserFS (v3), with the "notail" option. Hope this helps.
RE: [squid-users] Problem with WCCP on OpenBSD
Hi Eric, I have never worked with OpenBSD but a lot with FreeBSD. Is your OpenBSD using a standard GRE or you have had to "patch" it in? I experienced something very similar to what you have described on FreeBSD 4.9 and 4.10 when I tried to implement WCCP. I must ad that this used o work fine on previous versions where we had to put in a patch. I could not get round it despite following different sets of instructions and the "gre man" on my system. In fact I had to fallback on LINUX to get my WCCP working. Ralph -Original Message- From: Eric J Merkel [mailto:[EMAIL PROTECTED] Sent: Monday, December 06, 2004 10:14 PM To: Squid Subject: [squid-users] Problem with WCCP on OpenBSD I just loaded squid-2.5.STABLE7 on an OpenBSD 3.6 machine. Squid seems to be working fine when I setup a browser proxy directly to port 3128. However, I am attempting to setup WCCP on the Cisco router(IOS 12.2) to redirect web traffic to the Squid cache and have run into a bit of a problem. The Cisco shows the squid cache is available and is communication with all the normal HERE_I_AM/I_SEE_YOU messages. The WCCP counters are incrementing when I try to hit a web site and I see the router is redirecting packets to the cache but the access.log does not show the requests making it to Squid. I am assuming that my port 80->3128 redirection or the GRE un-encapsulation is not happening right. Here is my PF translation rule: rdr on fxp0 inet proto tcp from any to any port 80 -> 127.0.0.1 port 3128 I do have "net.inet.ip.forwarding=1" and "net.inet.gre.wccp=1" set. I have compiled squid with the "enable-pf-transparent" option. Here is a short snippet from a tcpdump of the router when trying to access a web site via WCCP. 15:03:08.951713 207.19.167.199.2048 > cache1.metalink.net.2048: udp 64 15:03:19.140050 cache1.metalink.net.2048 > 207.19.167.199.2048: udp 52 15:03:19.141997 207.19.167.199.2048 > cache1.metalink.net.2048: udp 64 15:03:20.131678 gre-proto-0x883e (gre encap) 15:03:23.128623 gre-proto-0x883e (gre encap) 15:03:29.138911 gre-proto-0x883e (gre encap) 15:03:29.160045 cache1.metalink.net.2048 > 207.19.167.199.2048: udp 52 15:03:29.161871 207.19.167.199.2048 > cache1.metalink.net.2048: udp 64 Anyone, have any idea what I missed or am doing wrong? Thanks in advance! === Eric Merkel MetaLINK Technologies, Inc -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.290 / Virus Database: 265.4.6 - Release Date: 12/5/2004
[squid-users] Digest Authentication
Hello, I have been trying to authenticate users using a 'Digest Authentication' scheme but have not had success. I have been unable to find some communication where this is described, though there are emails listing some problems and many indicating that this may not be possible, possibly because of the environment. Is digest authentication is possible in the following environment. 1. We are using squid version 2.5 Stable 3 on a Redhat 9 server (and are happy to upgrade to any other suitable version). 2. We wish to authenticate using an independent DIGEST scheme; the equivalent of 'ncsa_auth', because the users are not already centrally authenticated. We wish to add the users and passwords to the Linux box ONLY FOR SQUID; the users are not Linux OS users. If the answer to the above is yes, the queries are: 1. What is the version of squid where this is possible? 2. What is the authentication program and is it part of the '/usr/lib/squid/' directory or does it have to be separately compiled. 3. What is the name of the program which will create the password file and where is it located. Thank you for your help. Yours sincerely, Glenn Baptista
[squid-users] ERR is all I got when I use squid_ldap_auth from command line and browser reprompt for login
Hello , Anyone knows what are the general cause of a reply of "ERR" when login from terminal? Even when I tried to login from browser when authenticated It always failed and reprompt for login. I read through 1000 of archives mails but couldn't seek an answer. _my squid configuration for:_ *auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hour **auth_param basic program /usr/lib/squid/squid_ldap_auth -b "cn=root,dc=shinyang,dc=com,dc=my" -D "cn=bfyong,ou=qmail_users,cn=root,dc=shinyang,dc=com,dc=my" -w xx -f "(&(objectclass=person)(cn=%s))" -h 172.16.0.11 *_when I typed:_ * /usr/lib/squid/squid_ldap_auth -b "cn=root,dc=shinyang,dc=com,dc=my" -D "cn=bfyong,ou=qmail_users,cn=root,dc=shinyang,dc=com,dc=my" -w xx -f "(&(objectclass=person)(cn=%s))" -h 172.16.0.11 username password (enter my login info) ERR *_When I used ldapsearch: _# ldapsearch -x -b "cn=bfyong,ou=qmail_users,cn=root,dc=shinyang,dc=com,dc=my" -h 172.16.0.11 _ results:_ version: 2 # # filter: (objectclass=*) # requesting: ALL # # bfyong, qmail_users, root, shinyang, com, my dn: cn=bfyong,ou=qmail_users,cn=root,dc=shinyang,dc=com,dc=my objectClass: top objectClass: person objectClass: inetOrgPerson objectClass: qmailUser objectClass: shinyangUser mailHost: symail.shinyang.com.my mailQuotaCount: 0 accountStatus: active mail: [EMAIL PROTECTED] sn: Yong Bong Fong uid: bfyong mailMessageStore: bfyong deliveryMode: normal cn: Yong Bong Fong ou: Shin Shin mailQuotaSize: 2000 mailClass: full userPassword:: e2NyeXB0fWpwUlNtMWRHN2RlR0U= mailSenderScope: full mailAlternateAddress: [EMAIL PROTECTED] # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 When I login from browser it also kept prompting for login. I couldn't track down the cause of the problem, anyone have similar problem before can help me with this, I think this is a very general problem but not sure why I tried this and that still cannot get it work. Please help million thanks... regards Yong * ** *
[squid-users] server restarted after squid crash
Hi, The squid server restarted on its own. The only trace i got why it restarted is from /squid/localmessages Is this anything related to uri_whitespace strip setting in squid.conf. Below is the logfile of that time. Dec 7 09:08:23 proxy-01 squid[3790]: clientReadRequest: FD 100 Invalid Request Dec 7 09:09:27 proxy-01 squid[3790]: clientReadRequest: FD 557 Invalid Request Dec 7 09:09:54 proxy-01 squid[3790]: clientReadRequest: FD 326 Invalid Request [EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@ [EMAIL PROTECTED]@ [EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@ [EMAIL PROTECTED]@ [EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@ [EMAIL PROTECTED]@ [EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@ [EMAIL PROTECTED]@ [EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@ [EMAIL PROTECTED]@ [EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@ [EMAIL PROTECTED]@ [EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@ [EMAIL PROTECTED]@ [EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@ [EMAIL PROTECTED]@ [EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@Dec 7 09:13:30 proxy-01 squid[757]: Squid Parent: c hild process 759 started Dec 7 09:13:30 proxy-01 squid[759]: Starting Squid Cache version 2.5.STABLE7 fo r i686-pc-linux-gnu... RGDS SK
RE: [squid-users] server restarted after squid crash
> > Hi, > > The squid server restarted on its own. The only trace i got why it > > restarted is from /squid/localmessages > > Is this anything related to > > uri_whitespace strip setting in squid.conf. Probably not > > Below is the logfile of that time. > >... >... Your posted log entries are rather 'partial' and 'fragmental'. Please post a more complete window from cache.log , including the complete startup sequence AND what happened before that too. M.
