Re: [squid-users] Authentication Problems

[Hement Gopal]

Hement Gopal wrote:
Hi
I start squid as a process in my rc.local file
/usr/local/squid/sbin/squid
Rgds,
Hement
Chris Robertson wrote:
-Original Message-
From: Hement Gopal [mailto:[EMAIL PROTECTED]
Sent: Thursday, January 13, 2005 12:06 AM
To: squid
Subject: [squid-users] Authentication Problems
Hi all
I have two proxy servers, both running the same OS and Squid
Squid Cache: Version 2.5.STABLE5
Linux athena.wits.ac.za 2.4.20-8smp
Linux version 2.4.20-8smp ([EMAIL PROTECTED]) (gcc 
version 3.2.2
20030222 (Red Hat Linux 3.2.2-5)) #1 SMP Thu Mar 13 17:45:54 EST 2003

On server 1, user authetication seems to be giving problems. A small 
percentage of users complain that their username and password 
combinations do not work. If I test from Netscape and IE with their 
user/pass combos I also have issues. When I test on the server 1 itself  using the ncsa-auth command, I get an OK so I know the problem is not 
with my password file.

Comparing password files on the two servers also confirms that there are 
no probelms. If I change my browser to point to  server 2, authetication 
works fineso I'm pretty sure problem is  related to the server 1 only.

I also noticed that when I do a squid -k reconfig on server 1, the 
problem disappears.

Any ideas folks?
Rgds,
Hement Gopal
If I'm reading this right, you are saying that when you initially start
squid on server 1, it has problems with some user's authentication, but
after you run a reconfig everything works just fine.  If this is the case, I
would venture a guess that you might have two different squid.conf files.
One is read on startup (specified by /etc/rc.d/init.d/squid) and one is read
when you run the squid -k reconfig (specified by how you compiled squid).
But this is just a guess, based on interpretation...
Chris

Re: [squid-users] Authentication Problems

[Hement Gopal]

Hi
How would I confirm that I am running the correct version of  nsca?
rgds,
Hement
Henrik Nordstrom wrote:
On Thu, 13 Jan 2005, Hement Gopal wrote:
On server 1, user authetication seems to be giving problems. A small 
percentage of users complain that their username and password 
combinations do not work. If I test from Netscape and IE with their 
user/pass combos I also have issues. When I test on the server 1 
itself  using the ncsa-auth command, I get an OK so I know the 
problem is not with my password file.

Make sure you use ncsa_auth from Squid-2.5 and not an older version..
Regards
Henrik

[squid-users] can a redirector do this?

[Brett Lymn]

Folks,
We are playing with Websense running in squid redirector mode.
On the whole, this works pretty well, I have it integrated with our AD and
squid nicely and we are able to control where our users are able to go.

The problem I have is that we want to block proxy bypass sites, one of the
sites we are having problems with uses https, when this goes through the
websense redirector the redirector says "blocked" but the browser still
gets the site displayed.  I have had a bit of a to and fro with websense
support and they are saying you cannot redirect a https request to a http
page (websense uses a http server to tell the user they have been blocked).
I am not certain what they are telling me is true, mainly because they 
started off by trying to tell me the https requests never went through
the redirector - only to change that story when I gave them the logs showing
their redirector was seeing the https requests.  So, can a redirector
rewrite a https request to go to a http server?  Would squid ignore the
redirect and just go to the https server anyway?

-- 
Brett Lymn

[squid-users] How squid get and make use of username?

[Steve]

Hi ALL,
I am new to squid and wondering anyone could help about how the squid 
get username from the OS environment.

Did the browser send anything to squid to tell it about the client 
identity? or squid will resolve the identity based on the source ip 
addresses?

I have a scenario here: I wish i can define a set of acl rules based on 
username in squid. Since the client is not using standard authentication 
method of any kind, i am thinking if the squid can be modified to 
resolve the username based on client's source ip address. for your 
information, the client may anyhow loggin via web page and be 
authenticated locally by the an self written easy authentication 
service. means, the username can be obtained locally by squid. i am 
hoping that the squid can then filter the traffic based on the 
predefined acl (using username). any other suggestion in accomplishing this?

anyone can tell me about generally how the squid get username from the 
system, how they make use of the username (does squid resolve the ip?) 
and how the acl is enforce to that user?

Thank you.
Steve

[squid-users] digest

[David]

Hi All,
I've just set up Squid on a Debian Sarge box and tried to configure it 
so that it will proxy/cache for my local network which is connected via 
ISDN to my ISP. When I run Squid, and make the first request for a 
webpage, it appears to go off and try to get the file 
/squid-internal-periodic/store_digest from the nominated parent (ISP 
runs Squid 2.5.). This file is some 6MB is size and uses most of my 
link's resources to download.  I am not sure what happens next but I see 
a continual transfer of data at about 6MB per hour (in darkstat) making 
me think that the digest file is constantly being downloaded.

I don't really need the digest anyway as I only have one access point to 
the wider world and no other sibling caches, just the ISP parent.  I've 
tried various squid.conf  configurations and nothing works right. I 
either get it working with the parent and downloading my wanted webpages 
BUT along with the %&# digest OR my proxy tries to access the wanted 
webpages directly and the ISP firewall stops that.

Any way I can get squid to simply act as a local caching proxy, getting 
non-locally stored stuff from a single parent proxy without dwonloading 
the digest almost contunuously? Has anyone else seen this digest info 
continuously flowing? I am assuming that the problem is mine as I have 
another box running Squid 2.2.STABLE6 and it works fine.

Thanks for any help.
David...

[squid-users] Re: [PATCH] fix transparent caching when squid listens on non-80 port

[Henrik Nordstrom]

On Thu, 13 Jan 2005, Denis Vlasenko wrote:
Your patch is about "httpd_accel_port 0 did not work unless httpd_accel_host 
virtual
was also specified" but I do have that specified!
My patch is for slightly different bug. I will try to explain.
Ok. You have convinced me
Please file a bug report at http://www.squid-cache.org/bugs/, and if you 
can please also make a patch relative to the current nightly snapshots 
(which include the other patch), if not attach your 2.5.STABLE7 patch to 
the bug report.

This way I will remember to look into this before 2.5.STABLE8 is released.
Regards
Henrik

Re: [squid-users] Re: yet another squid_ldap_auth question when connecting to AD

[Oliver Hookins]

Henrik Nordstrom wrote:
On Fri, 14 Jan 2005, Oliver Hookins wrote:
It was a copy and paste job, but I thought I changed the text in 
squid_ldap_group from 'password' to 'group'... oh well.

Care to make a second attempt? (yes, I am lazy)
Regards
Henrik
I think you're just afraid of writing documentation! Anyway here are the 
revised patches. I added a bit more information that I forgot about 
yesterday.

Regards,
Oliver
--- squid_ldap_auth.8.orig  2004-07-18 01:00:12.0 +1000
+++ squid_ldap_auth.8   2005-01-14 10:49:44.0 +1100
@@ -1,4 +1,4 @@
-.TH squid_ldap_auth 8 "17 July 2004" "Squid LDAP Auth"
+.TH squid_ldap_auth 8 "14 January 2005" "Squid LDAP Auth"
 .
 .SH NAME
 squid_ldap_auth - Squid LDAP authentication helper
@@ -13,6 +13,16 @@ squid_ldap_auth - Squid LDAP authenticat
 .SH DESCRIPTION
 This helper allows Squid to connect to a LDAP directory to
 validate the user name and password of Basic HTTP authentication.
+LDAP options are specified as parameters on the command line,
+while the username(s) and password(s) to be checked against the
+LDAP directory are specified on subsequent lines of input to the
+helper, one username/password pair per line separated by a space.
+.P
+As expected by the external_acl construct of Squid, after
+specifying a username and password followed by a new line, this
+helper will produce either OK or ERR on the following line
+to show if the specified credentials are correct according to
+the LDAP directory.
 .P
 The program has two major modes of operation. In the default mode
 of operation the users DN is constructed using the base DN and
--- squid_ldap_group.8.orig 2004-07-18 01:00:12.0 +1000
+++ squid_ldap_group.8  2005-01-14 10:48:47.0 +1100
@@ -1,4 +1,4 @@
-.TH squid_ldap_group 8 "17 July 2004" "Squid LDAP Group"
+.TH squid_ldap_group 8 "14 January 2005" "Squid LDAP Group"
 .
 .SH NAME
 squid_ldap_group - Squid LDAP external acl group helper
@@ -9,6 +9,15 @@ squid_ldap_group -b "base DN" -f "LDAP s
 .SH DESCRIPTION
 This helper allows Squid to connect to a LDAP directory to
 authorize users via LDAP groups.
+LDAP options are specified as parameters on the command line,
+while the username(s) and group(s) to be checked against the
+LDAP directory are specified on subsequent lines of input to the
+helper, one username/group pair per line separated by a space.
+.P
+As expected by the external_acl construct of Squid, after
+specifying a username and group followed by a new line, this
+helper will produce either OK or ERR on the following line
+to show if the user is a member of the specified group.
 .P
 The program operates by searching with a search filter based
 on the users user name and requested group, and if a match

Re: AW: AW: AW: [squid-users] authentication problem with squid_ldap_group

[Henrik Nordstrom]

On Thu, 13 Jan 2005, Joachim JS. Schuster wrote:
I mean i found the error. i installed a squid 2.5.Stable6 Version and it 
yust works. The squid version 2.5.Stable7 dont`t work. The 
squid_ldap_group file from stbale 2.7 is bigger. here is a diffrent.
There is two related patches in the 2.5.STABLE7 release:
http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE6-basic_auth_caseinsensitive
http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE6-ldap_helpers
The first is quite self explanatory..
The second changes some of the code in both squid_ldap_auth and 
squid_ldap_group mainly to work better with different LDAP servers having 
restrictions on how one may login to their directory services...

If you can detail what problem you are seeing, and what exact auth_param 
and external_acl_type parameters you are using then maybe your problem can 
be better understood.

Regards
Henrik

Re: [squid-users] Re: yet another squid_ldap_auth question when connecting to AD

[Henrik Nordstrom]

On Fri, 14 Jan 2005, Oliver Hookins wrote:
It was a copy and paste job, but I thought I changed the text in 
squid_ldap_group from 'password' to 'group'... oh well.
Care to make a second attempt? (yes, I am lazy)
Regards
Henrik

Re: [squid-users] Re: yet another squid_ldap_auth question when connecting to AD

[Oliver Hookins]

Henrik Nordstrom wrote:
> On Thu, 13 Jan 2005, Oliver Hookins wrote:
>
>> OK here they are, both squid_ldap_auth.8 and squid_ldap_group.8. I
>> haven't ever submitted a patch before so hopefully I got the diff
>> options right.
>
>
> The patch format looked good. No problem with the diff options.
>
> However, the squid_ldap_group text is not correct. The squid_ldap_group
> helper checks group memberships (one or more groups), not passwords...
It was a copy and paste job, but I thought I changed the text in 
squid_ldap_group from 'password' to 'group'... oh well.

Regards,
Oliver

Re: [squid-users] MSNTAuth

[Oliver Hookins]

BusyBoy wrote:
Hello ,
I have the  Cache System in a domain of Windows Workstations:
My Current configuration is like this:
I have three groups  to give them  internet access accordingly:
1: some are totally blocked to internet ( except local interanet sites)
2: around 100 IP's are  allowed for all internet  except
Hotmail.com,mail.yahoo.com and MSN Messenger:
3: around 50 IP's are those who are totally allowed to every internet entity.
and all this is working fine as far as the IPs are concenered. 

before this I had configured ISA server for Active Directory  User
based permissions and It went quite happily but due to some reason
(Fortunately we moved to Squid)
now when I have installed Squid and I am doing with it fine w.r.t
IP,,, I have seen that there is a patch for squid called "
MSNTAuth"...
Can someone guideme if there is anything with MSNTAuth patch to do
with Active Directory Users, so that I can configure it to autheticate
current user from Primary Domain Controller and the proxy/cache remain
transparent to user.
One thing more that if it is done successfully,,,will the user have to
put username/password everytime to verify access information?
You don't need any patches for Squid 2.5, it's all built in. As far as 
actually interfacing with the Active Directory, you can either use the 
LDAP helpers (squid_ldap_auth and squid_ldap_group) or Samba 3.0 and 
Winbind. There is information in the FAQ.

If you don't want the users to be prompted for logon information, it can 
be gathered using NTLM authentication. This grabs the logon details 
straight from Internet Explorer, but I've heard it may be prone to 
failure. There should be plenty of information in the FAQ and list 
archives (since I've just been through this mess).

Regards,
Oliver

RE: [squid-users] X-Squid-Error: ERR_DNS_FAIL

[Chris Robertson]

> -Original Message-
> From: yomama [mailto:[EMAIL PROTECTED]
> Sent: Thursday, January 13, 2005 12:08 PM
> To: squid-users@squid-cache.org
> Subject: [squid-users] X-Squid-Error: ERR_DNS_FAIL
> 
> 
> 
> Get this error when trying to reach this site thru squid:
> https://www.totallyfreebanking.com/
> 
> It works fine direct.
> Any ideas how to make it work thru squid?

Check what dns servers squid is using (squidclient
cache_object://localhost/idns), and try to resolve the host there.  Do you
have problems with other sites?

Chris

RE: [squid-users] least resource intensive log analyzer

[Chris Robertson]

> -Original Message-
> From: joe z [mailto:[EMAIL PROTECTED]
> Sent: Thursday, January 13, 2005 10:46 AM
> To: squid-users@squid-cache.org
> Subject: [squid-users] least resource intensive log analyzer
> 
> 
> hello all,
> 
> i have a proxy setup running transparently with squid, squidguard, and
> privoxy. i am looking to setup a web page accessible via a browser that
> lists top 15 websites visited, host html activity, and by clicking on the
> name of the site in the top visited a list of which hosts were active on
> that site. i want the default to be for the last twelve hours but the
option
> (via dropdown? with last day, last two days, last week) to view more
> history. i looked around and found some log analyzers. i am more of an
> engineer than programmer/web designer (i can do the basics and figure out
> what i need to) and am hoping someone who knows this stuff can point me to
> what is the fastest, least resource intensive solution to this. i also
want
> to be able to plug these graphs into a custom webpage.
> 
> thanks in advance,
> zack

I don't know of a single squid log analyzer that works on live data.  All of
the ones that I have seen parse old logs.

Aside from that fact, Calamaris (http://cord.de/tools/squid/calamaris/) is
capable of making a lot of the graphs you are looking for (top 15 sites,
host activity (though I don't know if it will do host activity only for a
specific site)), and the current beta is capable of making pretty graphs
which you can plug into a custom page.

*shrug*

Chris

[squid-users] X-Squid-Error: ERR_DNS_FAIL

[yomama]

Get this error when trying to reach this site thru squid:

https://www.totallyfreebanking.com/



It works fine direct.

Any ideas how to make it work thru squid?





___
Join Excite! - http://www.excite.com
The most personalized portal on the Web!

[squid-users] least resource intensive log analyzer

[joe z]

hello all,
i have a proxy setup running transparently with squid, squidguard, and
privoxy. i am looking to setup a web page accessible via a browser that
lists top 15 websites visited, host html activity, and by clicking on the
name of the site in the top visited a list of which hosts were active on
that site. i want the default to be for the last twelve hours but the option
(via dropdown? with last day, last two days, last week) to view more
history. i looked around and found some log analyzers. i am more of an
engineer than programmer/web designer (i can do the basics and figure out
what i need to) and am hoping someone who knows this stuff can point me to
what is the fastest, least resource intensive solution to this. i also want
to be able to plug these graphs into a custom webpage.
thanks in advance,
zack
_
Express yourself instantly with MSN Messenger! Download today - it's FREE! 
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/

[squid-users] Re: [PATCH] fix transparent caching when squid listens on non-80 port

[Denis Vlasenko]

On Thursday 13 January 2005 18:15, Henrik Nordstrom wrote:
> 
> On Thu, 13 Jan 2005, Denis Vlasenko wrote:
> 
> > Squid uses destination port of incoming request
> > in order to determine dst port for it's own request
> > if vport is used. This is handled correctly for
> > case where there is no "Host:" header in user
> > request. However, if there *IS* a "Host:" header
> > without explicit :port spec, squid does not check
> > whether port was translated by NAT before reaching
> > squid.
> >
> > This will work if your squid listens on port 80, but
> > in my case, it was on 9080, causing all requests to go
> > to port 9080 too on origin servers 8(
> 
> According to my notes this was fixed quite some time ago:
> 
> http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-httpd_accel_vport

Your patch is about "httpd_accel_port 0 did not work unless httpd_accel_host 
virtual
was also specified" but I do have that specified!

My patch is for slightly different bug. I will try to explain.

Your patch:

Index: squid/src/client_side.c
diff -c squid/src/client_side.c:1.561.2.64 squid/src/client_side.c:1.561.2.65
*** squid/src/client_side.c:1.561.2.64  Tue Dec  7 16:57:25 2004
--- squid/src/client_side.c Tue Dec  7 17:44:01 2004
***
*** 2872,2877 
--- 2872,2886 
vport, url);
  #endif
debug(33, 5) ("VHOST REWRITE: '%s'\n", http->uri);
+   } else if (vport_mode) {
+   int vport;
+   const char *protocol_name = "http";
+   vport = (int) ntohs(http->conn->me.sin_port);
+   url_sz = strlen(url) + 32 + Config.appendDomainLen +
+   strlen(Config.Accel.host);
+   http->uri = xcalloc(url_sz, 1);
+   snprintf(http->uri, url_sz, "%s://%s:%d%s",
+   protocol_name, Config.Accel.host, vport, url);
} else {
url_sz = strlen(Config2.Accel.prefix) + strlen(url) +
Config.appendDomainLen + 1;


it is to be applied to this place:

#else
#if LINUX_NETFILTER
/* If the call fails the address structure will be unchanged */
getsockopt(conn->fd, SOL_IP, SO_ORIGINAL_DST, &conn->me, &sock_sz);
debug(33, 5) ("parseHttpRequest: addr = %s", 
inet_ntoa(conn->me.sin_addr));
if (vport_mode)
vport = (int) ntohs(http->conn->me.sin_port);
#endif
snprintf(http->uri, url_sz, "http://%s:%d%s";,
inet_ntoa(http->conn->me.sin_addr),
vport, url);
#endif
debug(33, 5) ("VHOST REWRITE: '%s'\n", http->uri);
} else {
url_sz = strlen(Config2.Accel.prefix) + strlen(url) +
Config.appendDomainLen + 1;
http->uri = xcalloc(url_sz, 1);
snprintf(http->uri, url_sz, "%s%s", Config2.Accel.prefix, url);
}
http->flags.accel = 1;

So, vport = (int) ntohs(http->conn->me.sin_port); line in your patch
is outside of #if LINUX_NETFILTER and thus have no chance in hell to extract
correct dst port in my case when squid listens on NATed port:

this is my xparent proxy box:

---> :8080 \
---> :3128 -> NATed to port 9080 --> squid -> internet
---> :80   /

HTTP requests which go to port 8080 get NATed to 9080, accepted by
squid, and if there is "Host:" header which does not have :8080 spec -
guess what? squid sends request to origin server's port 9080 (!)
because it believes user's request was to port 9080.

squid should ask NAT machinery about "original", untranslated dst
port and send request to it instead. My patch does exactly that.

Please apply.
--
vda

RE: [squid-users] Authentication Problems

[Chris Robertson]

> -Original Message-
> From: Hement Gopal [mailto:[EMAIL PROTECTED]
> Sent: Thursday, January 13, 2005 12:06 AM
> To: squid
> Subject: [squid-users] Authentication Problems
> 
> 
> Hi all
> 
> I have two proxy servers, both running the same OS and Squid
> 
> Squid Cache: Version 2.5.STABLE5
> Linux athena.wits.ac.za 2.4.20-8smp
> Linux version 2.4.20-8smp ([EMAIL PROTECTED]) (gcc 
> version 3.2.2
> 20030222 (Red Hat Linux 3.2.2-5)) #1 SMP Thu Mar 13 17:45:54 EST 2003
> 
> 
> On server 1, user authetication seems to be giving problems. A small 
> percentage of users complain that their username and password 
> combinations do not work. If I test from Netscape and IE with their 
> user/pass combos I also have issues. When I test on the server 1 itself  
> using the ncsa-auth command, I get an OK so I know the problem is not 
> with my password file.
> 
> Comparing password files on the two servers also confirms that there are 
> no probelms. If I change my browser to point to  server 2, authetication 
> works fineso I'm pretty sure problem is  related to the server 1 only.
> 
> I also noticed that when I do a squid -k reconfig on server 1, the 
> problem disappears.
> 
> Any ideas folks?
> 
> Rgds,
> Hement Gopal

If I'm reading this right, you are saying that when you initially start
squid on server 1, it has problems with some user's authentication, but
after you run a reconfig everything works just fine.  If this is the case, I
would venture a guess that you might have two different squid.conf files.
One is read on startup (specified by /etc/rc.d/init.d/squid) and one is read
when you run the squid -k reconfig (specified by how you compiled squid).

But this is just a guess, based on interpretation...

Chris

RE: [squid-users] Issue with squid-2.5STABLE7

[Chris Robertson]

> -Original Message-
> From: Deepa D [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, January 12, 2005 7:46 PM
> To: Elsen Marc; squid-users@squid-cache.org
> Subject: RE: [squid-users] Issue with squid-2.5STABLE7
> 
> 
> Hi,
>   Thanks for the response.
>   When running squid in strace then was displaying -1,
> EAGAIN(Resource temporarily unavailable). Also,
> another command called host that I think uses the same
> DNS server(/etc/resolv.conf on linux) was resolving
> the urls correctly.
>   When we revertedback to squid2.5.STABLE5, the
> problem got resolved though.
>   Kindly let me know what the problem could have been.
>   Regards and TIA,
>  Deepa
>  

Are you using the same squid.conf for both versions?

Are you using a separate cache_dns_program (i.e. did you compile with
"--disable-internal-dns")?

What is your dns_timeout set to?

Squid 2.5.STABLE7 is working fine for me (and I'm sure many others) so I'd
have to presume it's not a *known* bug...

Chris

RE: [squid-users] Bad request when access a website.

[Chris Robertson]

> -Original Message-
> From: Niti Lohwithee [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, January 12, 2005 5:33 PM
> To: Henrik Nordstrom
> Cc: Squid Users
> Subject: RE: [squid-users] Bad request when access a website.
> 
> 
>  
> 
> On Fri, 7 Jan 2005, Niti Lohwithee wrote:
> 
>>> I see only TCP_NEGATIVE_HIT from access.log(using  " grep thaiair 
>> >access.log ")  when I request to www.thaiair.com website.
> 
>>What is your negative_ttl set to?
> 
>>The default is only 5 minutes.
> 
> 
> I' sorry for late reply. After I changed to negative_ttl to 10 and 15
> min. It display message in the same as below
> 
> 172.30.xx.xx - nitil [13/Jan/2005:08:59:46 +0700] "GET
> http://www.thaiair.com/ HTTP/1.1" 400 403 TCP_NEGATIVE_HIT:NONE
> 
> Please advice
> 
> Regards and Thanks
> Niti : )

The negative_ttl option specifies how long squid will cache a non-reachable
response to a page.  In other words, increasing the value of negative_ttl
will decrease the frequency Squid will recheck if the page is available.
You need to find the original TCP_MISS entry in your access.log to find the
root cause of the problem.

Chris

[squid-users] Re: [PATCH] fix transparent caching when squid listens on non-80 port

[Henrik Nordstrom]

On Thu, 13 Jan 2005, Denis Vlasenko wrote:
Squid uses destination port of incoming request
in order to determine dst port for it's own request
if vport is used. This is handled correctly for
case where there is no "Host:" header in user
request. However, if there *IS* a "Host:" header
without explicit :port spec, squid does not check
whether port was translated by NAT before reaching
squid.
This will work if your squid listens on port 80, but
in my case, it was on 9080, causing all requests to go
to port 9080 too on origin servers 8(
According to my notes this was fixed quite some time ago:
http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-httpd_accel_vport
Regards
Henrik

[squid-users] Video caching

[Daniel Navarro]

Hi all fellows,

Since squid is running fine I set 10Gigas of cache
size that store aproximately 12 days of browsing from
the 20 clients with 712 Mb cache_mem.

Now.

How can I set video players cache?
I mean.

Windows media player.
QuickTime
RTSP
RealPlayer
PNA
RTSP
Windows Media Player
MMS

Regards, Daniel Navarro
 Maracay, Venezuela.
 www.csaragua.com/ecodiver

_
Do You Yahoo!?
Información de Estados Unidos y América Latina, en Yahoo! Noticias.
Visítanos en http://noticias.espanol.yahoo.com

Re: [squid-users] SHIRAZ-how to cache all exe 10MB files for atleast 30 days...

[Henrik Nordstrom]

On Wed, 12 Jan 2005, Shiraz Gul Khan wrote:
please tell me what and where i add or edit command in squid.conf to "keep 
all downloaded files which is under 10MB and all .exe files in cache for 
atleast 30 days"
You can't, but you can be a lot smarter.
For the first part see the maximum_object_size directive.
For the second part see the refresh_pattern directive, but beware that all 
.exe requests are note downloads (a lot are CGI requests on Windows 
servers).

Regards
Henrik

Re: [squid-users] Two questions about the cachemgr in Squid 2.5.STABLE7

[Henrik Nordstrom]

On Wed, 12 Jan 2005 [EMAIL PROTECTED] wrote:
1. What does the "unlink" count in the DISKD stats section of the cachemgr
mean?   Does that indicate the number of cache objects that have been
deleted from the cache?
Yes.
2.  Also, I'm still populating my cache.  It's about 14% used and I'm
wondering when Squid will start purging items from the cache, now that I'm
using GDSF vs LRU. Will Squid purge items from the cache even though it's
not near the cache_swap_low threshold?
Objects gets purged from the cache due to a number of reasons
  - Object replaced by a newer version of the same URL
  - Object expired and deleted by the removal policy due to this, despite 
there still being free space available.

  - Removal policy throws objects out to make space for new ones when low 
on space.

Regards
Henrik

[squid-users] [PATCH] fix transparent caching when squid listens on non-80 port

[Denis Vlasenko]

Squid uses destination port of incoming request
in order to determine dst port for it's own request
if vport is used. This is handled correctly for
case where there is no "Host:" header in user
request. However, if there *IS* a "Host:" header
without explicit :port spec, squid does not check
whether port was translated by NAT before reaching
squid.

This will work if your squid listens on port 80, but
in my case, it was on 9080, causing all requests to go
to port 9080 too on origin servers 8(

Patch fixes this. Fix for LINUX_NETFILTER only, sorry.

Patch also fixes missing "\n" in debug print and
optimizes "http->conn" into "conn" because they
are equal throughout affected function.

Patch developed and tested on STABLE1, rediffed
to STABLE7.
--
vda--- squid-2.5.STABLE7/src/client_side.c.orig	Wed Oct  6 01:34:42 2004
+++ squid-2.5.STABLE7/src/client_side.c	Thu Jan 13 16:04:41 2005
@@ -2717,8 +2717,13 @@
 	int vport;
 	char *q;
 	const char *protocol_name = "http";
-	if (vport_mode)
-		vport = (int) ntohs(http->conn->me.sin_port);
+	if (vport_mode) {
+#if LINUX_NETFILTER
+		/* If the call fails the address structure will be unchanged */
+		getsockopt(conn->fd, SOL_IP, SO_ORIGINAL_DST, &conn->me, &sock_sz);
+#endif
+		vport = (int) ntohs(conn->me.sin_port);
+	}
 	else
 		vport = (int) Config.Accel.port;
 	/* If a Host: header was specified, use it to build the URL 
@@ -2741,9 +2746,9 @@
 	http->uri = xcalloc(url_sz, 1);
 
 #if SSL_FORWARDING_NOT_YET_DONE
-	if (Config.Sockaddr.https->s.sin_port == http->conn->me.sin_port) {
+	if (Config.Sockaddr.https->s.sin_port == conn->me.sin_port) {
 		protocol_name = "https";
-		vport = ntohs(http->conn->me.sin_port);
+		vport = ntohs(conn->me.sin_port);
 	}
 #endif
 	snprintf(http->uri, url_sz, "%s://%s:%d%s",
@@ -2754,14 +2759,14 @@
 	url_sz = strlen(url) + 32 + Config.appendDomainLen;
 	http->uri = xcalloc(url_sz, 1);
 	if (vport_mode)
-		vport = (int) ntohs(http->conn->me.sin_port);
+		vport = (int) ntohs(conn->me.sin_port);
 	else
 		vport = (int) Config.Accel.port;
 #if IPF_TRANSPARENT
-	natLookup.nl_inport = http->conn->me.sin_port;
-	natLookup.nl_outport = http->conn->peer.sin_port;
-	natLookup.nl_inip = http->conn->me.sin_addr;
-	natLookup.nl_outip = http->conn->peer.sin_addr;
+	natLookup.nl_inport = conn->me.sin_port;
+	natLookup.nl_outport = conn->peer.sin_port;
+	natLookup.nl_inip = conn->me.sin_addr;
+	natLookup.nl_outip = conn->peer.sin_addr;
 	natLookup.nl_flags = IPN_TCP;
 	if (natfd < 0) {
 		int save_errno;
@@ -2805,7 +2810,7 @@
 		return parseHttpRequestAbort(conn, "error:nat-lookup-failed");
 		} else
 		snprintf(http->uri, url_sz, "http://%s:%d%s";,
-			inet_ntoa(http->conn->me.sin_addr),
+			inet_ntoa(conn->me.sin_addr),
 			vport, url);
 	} else {
 		if (vport_mode)
@@ -2823,10 +2828,10 @@
 		return parseHttpRequestAbort(conn, "error:pf-open-failed");
 	}
 	memset(&nl, 0, sizeof(struct pfioc_natlook));
-	nl.saddr.v4.s_addr = http->conn->peer.sin_addr.s_addr;
-	nl.sport = http->conn->peer.sin_port;
-	nl.daddr.v4.s_addr = http->conn->me.sin_addr.s_addr;
-	nl.dport = http->conn->me.sin_port;
+	nl.saddr.v4.s_addr = conn->peer.sin_addr.s_addr;
+	nl.sport = conn->peer.sin_port;
+	nl.daddr.v4.s_addr = conn->me.sin_addr.s_addr;
+	nl.dport = conn->me.sin_port;
 	nl.af = AF_INET;
 	nl.proto = IPPROTO_TCP;
 	nl.direction = PF_OUT;
@@ -2838,7 +2843,7 @@
 		return parseHttpRequestAbort(conn, "error:pf-lookup-failed");
 		} else
 		snprintf(http->uri, url_sz, "http://%s:%d%s";,
-			inet_ntoa(http->conn->me.sin_addr),
+			inet_ntoa(conn->me.sin_addr),
 			vport, url);
 	} else
 		snprintf(http->uri, url_sz, "http://%s:%d%s";,
@@ -2848,12 +2853,12 @@
 #if LINUX_NETFILTER
 	/* If the call fails the address structure will be unchanged */
 	getsockopt(conn->fd, SOL_IP, SO_ORIGINAL_DST, &conn->me, &sock_sz);
-	debug(33, 5) ("parseHttpRequest: addr = %s", inet_ntoa(conn->me.sin_addr));
+	debug(33, 5) ("parseHttpRequest: addr = %s\n", inet_ntoa(conn->me.sin_addr));
 	if (vport_mode)
-		vport = (int) ntohs(http->conn->me.sin_port);
+		vport = (int) ntohs(conn->me.sin_port);
 #endif
 	snprintf(http->uri, url_sz, "http://%s:%d%s";,
-		inet_ntoa(http->conn->me.sin_addr),
+		inet_ntoa(conn->me.sin_addr),
 		vport, url);
 #endif
 	debug(33, 5) ("VHOST REWRITE: '%s'\n", http->uri);

RE: [squid-users] Squid Cache

[Kinkie]

On Thu, 2005-01-13 at 14:53 +0200, Raphael Maseko wrote:
> The best way is to ensure that your squid.conf has been set up correctly
> using the cache_dir ufs tag. Let the size be at least 80% 

Maybe you meant "at most"?

> of the total partition used for the cache.

-- 
Kinkie <[EMAIL PROTECTED]>

RE: [squid-users] squid error

[Elsen Marc]

 
> 
> I've installed a SuSE  9.1, but the squid doesn't work.
> When I start it (from runlevel editor in yast or with rcsquid start) 
> it sends the following error:
> 
> +Starting WWW-proxy squid  
> (/var/cache/squid)/usr/sbin/rcsquid: line 135:
> 
> 13915 Aborted $SQUID_BIN -z -F >/dev/null 2>&1
> 
> 
>  - Could not create cache_dir !
> 
> failed
> 
>  
> 
>  
> 
> I've controlled the permissions of the folders /var/log/squid and 
> 
> /var/cache/squid that are the same of others 9.1 installations I've 
> 
> done, I've tried to delete those folders (created during the 
> 
> installation) but it can't recreate them.
> 
> I've also tried to install squid 3 beta, same problem...
> 
> 
> 

 - Checkout the user (and group) Squid is intended to run as in squid.conf.
   Check whether this user has appropriate access w.r.t to the cache 
directories.

 M.

[squid-users] squid error

[Davide Braghiroli]

I've installed a SuSE  9.1, but the squid doesn't work.
When I start it (from runlevel editor in yast or with rcsquid start) 
it sends the following error:

+Starting WWW-proxy squid  (/var/cache/squid)/usr/sbin/rcsquid: line 135:

13915 Aborted $SQUID_BIN -z -F >/dev/null 2>&1


 - Could not create cache_dir !

failed

 

 

I've controlled the permissions of the folders /var/log/squid and 

/var/cache/squid that are the same of others 9.1 installations I've 

done, I've tried to delete those folders (created during the 

installation) but it can't recreate them.

I've also tried to install squid 3 beta, same problem...

 
Any help?
Thanks,
Davide

Re: [squid-users] Squid Cache

[Rodrigo A B Freire]

   Khalid,
   The cache size is defined by the cache_dir on your file squid.conf .
   The default configuration is:
#cache_dir ufs /usr/local/squid/var/cache 5600 16 256
   That means: Your cache is located at /usr/local/squid/var/cache and will 
have a maximum size of 5.600 MB (5,6 GB)

   You'll find the disk usage of your cache directory issuing a du -sb 
/usr/local/squid/var/cache (maybe it will take a time to run)

   If you want a complete wipe of your cache directory, I first *STOP* 
squid, ensure that your cache is stopped issuing a ps ax|grep squid, then:
rm -rf /usr/local/squid/var/cache
mkdir /usr/local/squid/var/cache
chown squid_process_owner /usr/local/squid/var/cache
/usr/local/squid/sbin/squid -z

   Then, run your cache normally.
   Please notice, as Elsen stated, Squid ages and delete normally the 
objects on the cache, to keep the cache_size within the specified on 
squid.conf . So, under typical ops, you have no need to erase your cache 
dir.

   Good luck,
   Rodrigo.
---
Rodrigo A B Freire
http://www.pt2rod.qsl.br/
Brasilia - DF
.--. - ..--- .-. --- -..
- Original Message - 
From: <[EMAIL PROTECTED]>
To: 
Sent: Thursday, January 13, 2005 10:48 AM
Subject: [squid-users] Squid Cache


Hi,
I am new to squid, how do i know if the cache have reached its limit and
where do i delete it. 

RE: [squid-users] Squid Cache

[Raphael Maseko]

The best way is to ensure that your squid.conf has been set up correctly
using the cache_dir ufs tag. Let the size be at least 80% of the total
partition used for the cache. Squid will purge old entries accordingly
without you having to manually delete the cache directories.

Ralph


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
Sent: Thursday, January 13, 2005 2:48 PM
To: squid-users@squid-cache.org
Subject: [squid-users] Squid Cache

Hi,

I am new to squid, how do i know if the cache have reached its limit and
where do i delete it.


-- 
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.302 / Virus Database: 265.6.11 - Release Date: 1/12/2005
 

RE: [squid-users] Squid Cache

[Elsen Marc]

 
> 
> Hi,
> 
> I am new to squid, how do i know if the cache have reached 
> its limit and
> where do i delete it.
 
 Check cachemgr -> Store Directory Stats.

 SQUID will automatically maintain (and trim if needed) the
 specified cache dirs (& sizes).

 You do not need to intervene.

 M.

[squid-users] Squid Cache

[khalid]

Hi,

I am new to squid, how do i know if the cache have reached its limit and
where do i delete it.

RE: [squid-users] auth popup is not comming

[Elsen Marc]

 
> Hi,
> I am running the squid in the transparent mode. While i abrowsing a
> secured site it should give a popup window for giving theuser name and
> passwd, but if i browse these site through squid the popupwindow is
> not comming and i am getting 401 error.
> 
> If i reuest thissitr without squid i am getting the popup window.
> 
> What configurationshould i change in the squid to get the 
> popup window?
> 
   
   Does it work, when the browser is set to use
   SQUID directly (through proxy settings) ?

   M.

Re: [squid-users] Authentication Problems

[Henrik Nordstrom]

On Thu, 13 Jan 2005, Hement Gopal wrote:
On server 1, user authetication seems to be giving problems. A small 
percentage of users complain that their username and password combinations do 
not work. If I test from Netscape and IE with their user/pass combos I also 
have issues. When I test on the server 1 itself  using the ncsa-auth command, 
I get an OK so I know the problem is not with my password file.
Make sure you use ncsa_auth from Squid-2.5 and not an older version..
Regards
Henrik

AW: AW: AW: [squid-users] authentication problem with squid_ldap_group

[Joachim JS. Schuster]

Hi Yong,
I mean i found the error. i installed a squid 2.5.Stable6 Version and it yust 
works. The squid version 2.5.Stable7 dont`t work. The squid_ldap_group file 
from stbale 2.7 is bigger. here is a diffrent. 
Or is this a compiling problem. I compile with ./configure 
--prefix=/usr/local/squid . Is this correct ?

Regard 
Joachim


-Ursprüngliche Nachricht-
Von: Yong Bong Fong [mailto:[EMAIL PROTECTED] 
Gesendet: Donnerstag, 13. Januar 2005 08:00
An: Joachim JS. Schuster
Betreff: Re: AW: AW: [squid-users] authentication problem with squid_ldap_group


Hi Joachim,

   I am using squid-2.5.STABLE5-2, comes with FC2.
Actually for your case, is it when you do it from command prompt, its ok 
but from browser it cannot pass through?

I had a case before when I got OK from terminal but on browser it cannot 
go through. It just kept reprompting for username and password from the 
browser. Then I changed the %u -> %v and %g -> %a and worked.

regards
Yong

Joachim JS. Schuster wrote:

>Hi Yong,
>What squid version do you use ?
>
>regards
>
>Joachim
>
>
>-Ursprüngliche Nachricht-
>Von: Yong Bong Fong [mailto:[EMAIL PROTECTED]
>Gesendet: Donnerstag, 13. Januar 2005 01:27
>An: Joachim JS. Schuster
>Betreff: Re: AW: [squid-users] authentication problem with squid_ldap_group
>
>
>Hi Joachim,
>
>   This is my acl which works. Maybe you can copy exactly mine,
>especially the order of the http_access part. And see if it works.
>
>acl all src 0.0.0.0/0.0.0.0
>acl manager proto cache_object
>acl localhost src 127.0.0.1/255.255.255.255
>acl to_localhost dst 127.0.0.0/8
>acl SSL_ports port 443 563
>acl Safe_ports port 80  # http
>acl Safe_ports port 21  # ftp
>acl Safe_ports port 443 563 # https, snews
>acl Safe_ports port 70  # gopher
>acl Safe_ports port 210 # wais
>acl Safe_ports port 1025-65535  # unregistered ports
>acl Safe_ports port 280 # http-mgmt
>acl Safe_ports port 488 # gss-http
>acl Safe_ports port 591 # filemaker
>acl Safe_ports port 777 # multiling http
>acl CONNECT method CONNECT
>acl ldap_group-admin external ldap_group admin
>
>
>
>http_access allow manager localhost
>http_access allow manager
>http_access allow ldap_group-admin
>http_access deny !Safe_ports
>http_access deny CONNECT !SSL_ports
>http_access allow localhost
>http_access deny all
>
>Regards
>Yong
>
>
>Joachim JS. Schuster wrote:
>
>  
>
>>Hi,
>>Please have a look on the lines below:
>>
>>
>>acl all src 0.0.0.0/0.0.0.0
>>acl manager proto cache_object
>>acl localhost src 127.0.0.1/255.255.255.255
>>acl to_localhost dst 127.0.0.0/8
>>acl SSL_ports port 443 563
>>acl Safe_ports port 80
>>acl Safe_ports port 21
>>acl Safe_ports port 443 563
>>acl Safe_ports port 70
>>acl Safe_ports port 210
>>acl Safe_ports port 1025-65535
>>acl Safe_ports port 280
>>acl Safe_ports port 488
>>acl Safe_ports port 591
>>acl Safe_ports port 777
>>acl CONNECT method CONNECT
>>acl ldapproxygroup external ldapgroup webaccess
>>
>>http_access allow manager localhost
>>http_access deny manager
>>http_access deny !Safe_ports
>>http_access deny CONNECT !SSL_ports
>>http_access allow ldapproxygroup
>>http_access deny all
>>
>>Regards
>>
>>Joachim
>>
>>
>>-Ursprüngliche Nachricht-
>>Von: Yong Bong Fong [mailto:[EMAIL PROTECTED]
>>Gesendet: Mittwoch, 12. Januar 2005 02:29
>>An: Joachim JS. Schuster
>>Betreff: Re: [squid-users] authentication problem with 
>>squid_ldap_group
>>
>>
>>Hi Joachim,
>>
>> Can you post your acl list and http_access?
>>Maybe we can spot some mistakes from your acl and http_access.
>>
>>
>>
>>Joachim JS. Schuster wrote:
>>
>> 
>>
>>
>>
>>>Dear squid users,
>>>I need help about my authentifaction problem with squid_ldap_group.
>>>
>>>first i create a entry for squid_ldap_auth. i can login and i have 
>>>web access and it works fine.
>>>
>>>auth_param basic program /usr/sbin/squid_ldap_auth -P -R -b 
>>>"dc=mb,dc=local" -D "cn=squid,cn=users,dc=mb,dc=local" -w secret1998 
>>>-f "(&(sAMAccountName=%s)(objectClass=Person))" -h 192.168.3.1 acl 
>>>USERS proxy_auth REQUIRED
>>>
>>>http_access allow USERS
>>>
>>>in the next step i create this lines for my ldap group access.
>>>
>>>external_acl_type ldapgroup concurrency=15 %LOGIN 
>>>/usr/sbin/squid_ldap_group -P -R -b "ou=intern,dc=mb,dc=local" -f 
>>>"(&(cn=%g)(member=%u))" -F 
>>>"(&(sAMAccountName=%s)(objectClass=Person))"
>>>-D "cn=squid,cn=users,dc=mb,dc=local" -w secret1998 -h 192.168.3.1
>>>
>>>acl ldapproxygroup external ldapgroup webaccess
>>>
>>>http_access allow ldapproxygroup
>>>
>>>i can login but i have no webaccess. i see the 407 error access 
>>>denied in squid conf.
>>>
>>>when i execute
>>>
>>>heins:~ # /usr/sbin/squid_ldap_group -P -R -b 
>>>"ou=intern,dc=mb,dc=local" -f "(&(cn=%g)(member=%u))" -F 
>>>"(&(sAMAccountName=%s)(objectClass=Person))" -D 
>>>"cn=squid,cn=users,dc=mb,dc=local" -w secret1998 -h 192.168.3.1 cwm 
>>>webaccess OK
>>>
>>>i get ok but the user cwm can´t use the proxy.
>>

Re: [squid-users] trying to track down a bug

[Henrik Nordstrom]

On Wed, 12 Jan 2005, Robert Borkowski wrote:
Well, I captured a failed server request. Looks like apache finishes sending 
the object, sends a FIN to close the connection, squid acks the FIN, but 
never sends its own FIN. 16 seconds later apache sends an RST.
Please capture the full data stream with
  tcpdump -s 1600 -w capture.tcpdump 
then upload the resulting capture.tcpdump to 
ftp://ftp.squid-cache.se/incoming/ and drop me an email.

Regards
Henrik

[squid-users] auth popup is not comming

[ss babu]

Hi,
I am running the squid in the transparent mode. While i abrowsing a
secured site it should give a popup window for giving theuser name and
passwd, but if i browse these site through squid the popupwindow is
not comming and i am getting 401 error.

If i reuest thissitr without squid i am getting the popup window.

What configurationshould i change in the squid to get the popup window?

Thanks and Regards
Chima

[squid-users] Delay pools

[ansari imtiyaz ahmed khadim husain]

Hi all ...

I am having a problem regarding delay pools..

I have a total bandwidth of 128kbps ( cable line ).

I want to divide this bandwidth for three pools

One for class 1 pool( 28 kbps ),
second for class 2 pool ( 50 kbps ),
third for class 2 pool. ( 50 kbps )

In pool 1 , I have 5 members,
In pool 2 , I have 10 members with 5kbps for each member
In pool 3 , I have 25 members with 2 kbps for each user

the delay parameter will be 

delay_parameter 1  3500/3500

delay_prameter  2  6250/6250 625/625

delay_parameter 3 6250/6250 250/250

This will limit the individual member not to cross their individual 
limit even if no one is using the bandwidth.I want that a member should
be able to use the bandwidth when no one is using it.

How can I achieve that ..?

Can any one help me?

Thank's in advance
Imtiyaz Ansari




--
Netcore's New Website
http://www.netcore.co.in
--

[squid-users] Authentication Problems

[Hement Gopal]

Hi all
I have two proxy servers, both running the same OS and Squid
Squid Cache: Version 2.5.STABLE5
Linux athena.wits.ac.za 2.4.20-8smp
Linux version 2.4.20-8smp ([EMAIL PROTECTED]) (gcc 
version 3.2.2
20030222 (Red Hat Linux 3.2.2-5)) #1 SMP Thu Mar 13 17:45:54 EST 2003

On server 1, user authetication seems to be giving problems. A small 
percentage of users complain that their username and password 
combinations do not work. If I test from Netscape and IE with their 
user/pass combos I also have issues. When I test on the server 1 itself  
using the ncsa-auth command, I get an OK so I know the problem is not 
with my password file.

Comparing password files on the two servers also confirms that there are 
no probelms. If I change my browser to point to  server 2, authetication 
works fineso I'm pretty sure problem is  related to the server 1 only.

I also noticed that when I do a squid -k reconfig on server 1, the 
problem disappears.

Any ideas folks?
Rgds,
Hement Gopal

Re: [squid-users] Connection reset by peer

[Payal Rathod]

On Thu, Jan 13, 2005 at 09:17:11AM +0100, Elsen Marc wrote:
> 
>  http://www.squid-cache.org/Doc/FAQ/FAQ-11.html#ss11.41
> 
>  (Conn reset by peer , explanation).

I should have mentioned that I had already read that while 
researching on her problems. But unlike the FAQ mentioned she is 
getting many many request which are getting reset.

>   I never hear reports of google usage restrictions in that area.
>   Your friend should also consult the FAQ ; checkout the
>   'System dependend Weirdness' section. Follow advises mentioned 
>   for Linux.

I read it too and did not find anything specific for this issue.
Unfortunately, I do not have a big setup to test it from my side. 


With warm regards,
-Payal

RE: [squid-users] Problem with ncsa_auth and squid 2.5.7

[Umberto Zanatta]

Thanx a lot.

now it works.

cheers.

Il giorno gio, 13-01-2005 alle 09:23 +0100, Elsen Marc ha scritto:
>  
> > 
> > Hello,
> > 
> > I've worked with squid for 5 years.
> > 
> > Squid works with ncsa_auth and manage up to 400 users;
> > some logins are written with first, second or both letter in 
> > uppercare:
> > Pippo, PLuto...
> > 
> > Today I upgraded Squid to version 2.5.7 (before it was 2.5.6) in my
> > Internet Server and squid doesn't
> > work any more with the users who have login with uppercase.
> > 
> > I've been trying in other systems with squid 2.5.7 (both ppc and x86
> > system) and I had the same result!
> > 
> > My system works on Debian 3.1 testing (i386).
> > 
> > Is that a bug?
> > 
>  Apparently :
> 
>   http://www.squid-cache.org/bugs/show_bug.cgi?id=431
> 
>  got tackled in 2.5.STABLE7 (ref ChangeLog).
> 
>  Maybe you need :
> 
>auth_param basic casesensitive on
> 
>  as mentioned in the bugzilla entry.
> 
>  Not sure though.
> 
>  M.
___ 
Umberto Zanatta 
linuxDidattica 

tel: +39 (335) 54 71 385 
email: [EMAIL PROTECTED] 
web: http://linuxdidattica.org 
___

Re: [squid-users] Re: yet another squid_ldap_auth question when connecting to AD

[Henrik Nordstrom]

On Thu, 13 Jan 2005, Oliver Hookins wrote:
OK here they are, both squid_ldap_auth.8 and squid_ldap_group.8. I haven't 
ever submitted a patch before so hopefully I got the diff options right.
The patch format looked good. No problem with the diff options.
However, the squid_ldap_group text is not correct. The squid_ldap_group 
helper checks group memberships (one or more groups), not passwords...

Regards
Henrik

Re: [squid-users] SHIRAZ-how to open smtp and pop

[Matus UHLAR - fantomas]

Hello,

On 12.01 15:51, Shiraz Gul Khan wrote:
> dear heng, hello
> 
> now i am on my server. ok listen. when i applied this line
> # iptable -A INPUT -p tcp -m tcp -dport 110 -j ACCEPT
> error come: bash iptable command not found
> 
> # iptables -A INPUT -p tcp -m tcp -dport 110 -j ACCEPT
> error come: bad argument '110'
> 
> i am using Linux redhat 7.2

Please, keep this discussion out of this mailing list. Find a linux
mailing list for such problems. They will be able to help you much more
than us.

the others, please do not continue on this topic to the list.

...and for the owner of this list: sorry for doing your work.

-- 
Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Emacs is a complicated operating system without good text editor.

RE: [squid-users] Problem with ncsa_auth and squid 2.5.7

[Elsen Marc]

 
> 
> Hello,
> 
> I've worked with squid for 5 years.
> 
> Squid works with ncsa_auth and manage up to 400 users;
> some logins are written with first, second or both letter in 
> uppercare:
> Pippo, PLuto...
> 
> Today I upgraded Squid to version 2.5.7 (before it was 2.5.6) in my
> Internet Server and squid doesn't
> work any more with the users who have login with uppercase.
> 
> I've been trying in other systems with squid 2.5.7 (both ppc and x86
> system) and I had the same result!
> 
> My system works on Debian 3.1 testing (i386).
> 
> Is that a bug?
> 
 Apparently :

  http://www.squid-cache.org/bugs/show_bug.cgi?id=431

 got tackled in 2.5.STABLE7 (ref ChangeLog).

 Maybe you need :

   auth_param basic casesensitive on

 as mentioned in the bugzilla entry.

 Not sure though.

 M.

RE: [squid-users] Connection reset by peer

[Elsen Marc]

 
> 
> Hi,
> My friend is using squid/2.5.STABLE4 in her institute on a Linux 
> system. She is having around 300 users. Many a times when she tries 
> to go to google's cache or 'Similar pages' link she gets,
> (104) Connection reset by peerAn error condition occurred while 
> reading data from the network.

 http://www.squid-cache.org/Doc/FAQ/FAQ-11.html#ss11.41

 (Conn reset by peer , explanation).


> Please retry your request.
> This happens many times. But if I check it immediately from my 
> company the same query works fine. We are both around 100Kms apart 
> and using different ISPs and I have around 20 ppl. browsing the net 
> on same version of squid.  Is it that google might be accepting a 
> limited number of requests from any particular IP?
> 

  I never hear reports of google usage restrictions in that area.
  Your friend should also consult the FAQ ; checkout the
  'System dependend Weirdness' section. Follow advises mentioned 
  for Linux.

  M.
  

[squid-users] Problem with ncsa_auth and squid 2.5.7

[Umberto Zanatta]

Hello,

I've worked with squid for 5 years.

Squid works with ncsa_auth and manage up to 400 users;
some logins are written with first, second or both letter in uppercare:
Pippo, PLuto...

Today I upgraded Squid to version 2.5.7 (before it was 2.5.6) in my
Internet Server and squid doesn't
work any more with the users who have login with uppercase.

I've been trying in other systems with squid 2.5.7 (both ppc and x86
system) and I had the same result!

My system works on Debian 3.1 testing (i386).

Is that a bug?

Regards,

___ 
Umberto Zanatta 
linuxDidattica 

tel: +39 (335) 54 71 385 
email: [EMAIL PROTECTED] 
web: http://linuxdidattica.org 
___

[squid-users] Connection reset by peer

[Payal Rathod]

Hi,
My friend is using squid/2.5.STABLE4 in her institute on a Linux 
system. She is having around 300 users. Many a times when she tries 
to go to google's cache or 'Similar pages' link she gets,
(104) Connection reset by peerAn error condition occurred while 
reading data from the network. Please retry your request.
This happens many times. But if I check it immediately from my 
company the same query works fine. We are both around 100Kms apart 
and using different ISPs and I have around 20 ppl. browsing the net 
on same version of squid.  Is it that google might be accepting a 
limited number of requests from any particular IP?

Thanks for any tips in advance.
With warm regards,
-Payal