Re: [squid-users] Can't get pam authorization to work
Mark, See below. Mark Elsen wrote: Hi, Please help: I have a squid.conf file that I will include. squid -k parse returns nothing and I think that is good. I configure firefox to use my gateway proxy on port 3128 When I choose a web page, the "Prompt" pops up requesting a "User Name" & "Password" I enter the correct username & password, but the window just pops back up asking again for the user & password. Please help. I have configured my squid.conf file as such: ... For starters , check access.log for the failed logon. Check any further info in cache.log , if any. M. [EMAIL PROTECTED] ]# tail -n 20 /var/log/squid/access.log 1138586313.999 1 192.168.4.7 TCP_DENIED/407 1747 GET http://boards.fool.com/Messages.asp? - NONE/- text/html 1138586314.509 12 192.168.4.7 TCP_DENIED/407 1747 GET http://boards.fool.com/Messages.asp? - NONE/- text/html 1138586315.100 12 192.168.4.7 TCP_DENIED/407 1747 GET http://boards.fool.com/Messages.asp? - NONE/- text/html 1138586315.676 19 192.168.4.7 TCP_DENIED/407 1747 GET http://boards.fool.com/Messages.asp? - NONE/- text/html 1138586318.764 17 192.168.4.7 TCP_DENIED/407 1747 GET http://boards.fool.com/Messages.asp? - NONE/- text/html 1138586319.325 7 192.168.4.7 TCP_DENIED/407 1747 GET http://boards.fool.com/Messages.asp? - NONE/- text/html 1138586319.776 18 192.168.4.7 TCP_DENIED/407 1747 GET http://boards.fool.com/Messages.asp? - NONE/- text/html 1138586320.202 15 192.168.4.7 TCP_DENIED/407 1747 GET http://boards.fool.com/Messages.asp? - NONE/- text/html 1138586320.677 20 192.168.4.7 TCP_DENIED/407 1747 GET http://boards.fool.com/Messages.asp? - NONE/- text/html 1138586321.120 2 192.168.4.7 TCP_DENIED/407 1747 GET http://boards.fool.com/Messages.asp? - NONE/- text/html 1138586321.533 16 192.168.4.7 TCP_DENIED/407 1747 GET http://boards.fool.com/Messages.asp? - NONE/- text/html 1138586321.928 1 192.168.4.7 TCP_DENIED/407 1747 GET http://boards.fool.com/Messages.asp? - NONE/- text/html 1138586322.233 6 192.168.4.7 TCP_DENIED/407 1747 GET http://boards.fool.com/Messages.asp? - NONE/- text/html 1138587621.421 4 192.168.4.7 TCP_DENIED/407 1747 GET http://boards.fool.com/Messages.asp? - NONE/- text/html 1138587627.428 10 192.168.4.7 TCP_DENIED/407 1747 GET http://boards.fool.com/Messages.asp? web NONE/- text/html 1138587636.457 9 192.168.4.7 TCP_DENIED/407 1747 GET http://boards.fool.com/Messages.asp? web NONE/- text/html 1138587900.322 11 192.168.4.7 TCP_DENIED/407 1747 GET http://boards.fool.com/Messages.asp? - NONE/- text/html 1138587955.351 14 192.168.4.7 TCP_DENIED/407 1747 GET http://boards.fool.com/Messages.asp? - NONE/- text/html 1138664617.969 12 192.168.4.7 TCP_DENIED/407 1747 GET http://boards.fool.com/Messages.asp? - NONE/- text/html 1138664627.374 57 192.168.4.7 TCP_DENIED/407 1747 GET http://boards.fool.com/Messages.asp? ajt NONE/- text/html [EMAIL PROTECTED] ]# The last two lines above were done just now. Above those were done yesterday. Here's my cache.log: [EMAIL PROTECTED] ]# tail -n 20 /var/log/squid/cache.log 2006/01/29 20:32:33| Max Mem size: 131072 KB 2006/01/29 20:32:33| Max Swap size: 768000 KB 2006/01/29 20:32:33| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec 2006/01/29 20:32:33| Store logging disabled 2006/01/30 17:21:30| Starting Squid Cache version 2.5.STABLE9 for i686-pc-linux-gnu... 2006/01/30 17:21:30| Process ID 7215 2006/01/30 17:21:30| With 1024 file descriptors available 2006/01/30 17:21:30| Performing DNS Tests... 2006/01/30 17:21:30| Successful DNS name lookup tests... 2006/01/30 17:21:30| DNS Socket created at 0.0.0.0, port 32768, FD 5 2006/01/30 17:21:30| Adding nameserver 204.168.2.1 from /etc/resolv.conf 2006/01/30 17:21:30| helperOpenServers: Starting 5 'pam_auth' processes 2006/01/30 17:21:30| Unlinkd pipe opened on FD 15 2006/01/30 17:21:30| Swap maxSize 768000 KB, estimated 59076 objects 2006/01/30 17:21:30| Target number of buckets: 2953 2006/01/30 17:21:30| Using 8192 Store buckets 2006/01/30 17:21:30| Max Mem size: 131072 KB 2006/01/30 17:21:30| Max Swap size: 768000 KB 2006/01/30 17:21:30| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec 2006/01/30 17:21:30| Store logging disabled [EMAIL PROTECTED] ]# service squid restart Shutting down squid: [ OK ] Starting squid:[ OK ] [EMAIL PROTECTED] ]# tail -n 30 /var/log/squid/cache.log 2006/01/30 17:21:30| With 1024 file descriptors available 2006/01/30 17:21:30| Performing DNS Tests... 2006/01/30 17:21:30| Successful DNS name lookup tests... 2006/01/30 17:21:30| DNS Socket created at 0.0.0.0, port 32768, FD 5 2006/01/30 17:21:30| Adding nameserver 204.168.2.1 from /etc/resolv.conf 2006/01/30 17:21:30| helperOpenServers: Starting 5 'pam_auth' processes 2006/01/30 17:21:30| Unlinkd pipe opened on FD 15 2006/01/30 17:21:30| Swap maxSize 768
Re: [squid-users] Can't get pam authorization to work
Mark, See below. Mark Elsen wrote: Hi, Please help: I have a squid.conf file that I will include. squid -k parse returns nothing and I think that is good. I configure firefox to use my gateway proxy on port 3128 When I choose a web page, the "Prompt" pops up requesting a "User Name" & "Password" I enter the correct username & password, but the window just pops back up asking again for the user & password. Please help. I have configured my squid.conf file as such: ... For starters , check access.log for the failed logon. Check any further info in cache.log , if any. M. [EMAIL PROTECTED] ]# tail -n 20 /var/log/squid/access.log 1138586313.999 1 192.168.4.7 TCP_DENIED/407 1747 GET http://boards.fool.com/Messages.asp? - NONE/- text/html 1138586314.509 12 192.168.4.7 TCP_DENIED/407 1747 GET http://boards.fool.com/Messages.asp? - NONE/- text/html 1138586315.100 12 192.168.4.7 TCP_DENIED/407 1747 GET http://boards.fool.com/Messages.asp? - NONE/- text/html 1138586315.676 19 192.168.4.7 TCP_DENIED/407 1747 GET http://boards.fool.com/Messages.asp? - NONE/- text/html 1138586318.764 17 192.168.4.7 TCP_DENIED/407 1747 GET http://boards.fool.com/Messages.asp? - NONE/- text/html 1138586319.325 7 192.168.4.7 TCP_DENIED/407 1747 GET http://boards.fool.com/Messages.asp? - NONE/- text/html 1138586319.776 18 192.168.4.7 TCP_DENIED/407 1747 GET http://boards.fool.com/Messages.asp? - NONE/- text/html 1138586320.202 15 192.168.4.7 TCP_DENIED/407 1747 GET http://boards.fool.com/Messages.asp? - NONE/- text/html 1138586320.677 20 192.168.4.7 TCP_DENIED/407 1747 GET http://boards.fool.com/Messages.asp? - NONE/- text/html 1138586321.120 2 192.168.4.7 TCP_DENIED/407 1747 GET http://boards.fool.com/Messages.asp? - NONE/- text/html 1138586321.533 16 192.168.4.7 TCP_DENIED/407 1747 GET http://boards.fool.com/Messages.asp? - NONE/- text/html 1138586321.928 1 192.168.4.7 TCP_DENIED/407 1747 GET http://boards.fool.com/Messages.asp? - NONE/- text/html 1138586322.233 6 192.168.4.7 TCP_DENIED/407 1747 GET http://boards.fool.com/Messages.asp? - NONE/- text/html 1138587621.421 4 192.168.4.7 TCP_DENIED/407 1747 GET http://boards.fool.com/Messages.asp? - NONE/- text/html 1138587627.428 10 192.168.4.7 TCP_DENIED/407 1747 GET http://boards.fool.com/Messages.asp? web NONE/- text/html 1138587636.457 9 192.168.4.7 TCP_DENIED/407 1747 GET http://boards.fool.com/Messages.asp? web NONE/- text/html 1138587900.322 11 192.168.4.7 TCP_DENIED/407 1747 GET http://boards.fool.com/Messages.asp? - NONE/- text/html 1138587955.351 14 192.168.4.7 TCP_DENIED/407 1747 GET http://boards.fool.com/Messages.asp? - NONE/- text/html 1138664617.969 12 192.168.4.7 TCP_DENIED/407 1747 GET http://boards.fool.com/Messages.asp? - NONE/- text/html 1138664627.374 57 192.168.4.7 TCP_DENIED/407 1747 GET http://boards.fool.com/Messages.asp? ajt NONE/- text/html [EMAIL PROTECTED] ]# The last two lines above were done just now. Above those were done yesterday. Here's my cache.log: [EMAIL PROTECTED] ]# tail -n 20 /var/log/squid/cache.log 2006/01/29 20:32:33| Max Mem size: 131072 KB 2006/01/29 20:32:33| Max Swap size: 768000 KB 2006/01/29 20:32:33| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec 2006/01/29 20:32:33| Store logging disabled 2006/01/30 17:21:30| Starting Squid Cache version 2.5.STABLE9 for i686-pc-linux-gnu... 2006/01/30 17:21:30| Process ID 7215 2006/01/30 17:21:30| With 1024 file descriptors available 2006/01/30 17:21:30| Performing DNS Tests... 2006/01/30 17:21:30| Successful DNS name lookup tests... 2006/01/30 17:21:30| DNS Socket created at 0.0.0.0, port 32768, FD 5 2006/01/30 17:21:30| Adding nameserver 204.168.2.1 from /etc/resolv.conf 2006/01/30 17:21:30| helperOpenServers: Starting 5 'pam_auth' processes 2006/01/30 17:21:30| Unlinkd pipe opened on FD 15 2006/01/30 17:21:30| Swap maxSize 768000 KB, estimated 59076 objects 2006/01/30 17:21:30| Target number of buckets: 2953 2006/01/30 17:21:30| Using 8192 Store buckets 2006/01/30 17:21:30| Max Mem size: 131072 KB 2006/01/30 17:21:30| Max Swap size: 768000 KB 2006/01/30 17:21:30| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec 2006/01/30 17:21:30| Store logging disabled [EMAIL PROTECTED] ]# service squid restart Shutting down squid: [ OK ] Starting squid:[ OK ] [EMAIL PROTECTED] ]# tail -n 30 /var/log/squid/cache.log 2006/01/30 17:21:30| With 1024 file descriptors available 2006/01/30 17:21:30| Performing DNS Tests... 2006/01/30 17:21:30| Successful DNS name lookup tests... 2006/01/30 17:21:30| DNS Socket created at 0.0.0.0, port 32768, FD 5 2006/01/30 17:21:30| Adding nameserver 204.168.2.1 from /etc/resolv.conf 2006/01/30 17:21:30| helperOpenServers: Starting 5 'pam_auth' processes 2006/01/30 17:21:30| Unlinkd pipe opened on FD 15 2006/01/30 17:21:30| Swap maxSize 76
[squid-users] Internet page accelerator and squid
Hi I'm trying to setup squid to be used as a Proxy Cache Server for a group of computers connected to Internet via a Satellite link. My provider is using Internet Page Accelerator(IPA) software, who runs in all my peers. The first one is the RPA (Remote Page Accelerator), this software runs on the remote side (port 9877) and works as a proxy server to the client PCs, its main function is to ask the HPA (Hub Page Accelerator, a software running at the HUB (port 9876)or ISP provider) to download an specific Web Page and assemble all the pieces , and send them all together in a few data streams in order to optimize space bandwith use (minimizing the quantity of TCP connections that must be opened for each HTTP object). The RPA then receives this few streams and pass them to the client PC. I had been trying to configure squid with following directives but it seems that the requests from all my clients doesnt pass trought it. In my clients browsers I activated the proxy with IP 192.168.30.150 port 9877. In my squid I have: cache_peer 192.168.30.150 parent 9877 0 no-query default acl src all 0.0.0.0/0.0.0.0 always_direct deny all never_direct allow all Can you help me please? Maybe i need an iptables rule in order tu redirect port 9877 to 3128? My network: satellital modem---firewall/proxy-192.168.1.1---hub---network 192.168.1.x Thanks in advance. Juan --
Re: [squid-users] File Descriptor limit in Windows binary
Hi, At 10.32 30/01/2006, Joost de Heer wrote: Hello, The current Windows binary provided by Guido Serassio has a 2048 file descriptor limit. I'd like to increase this to 4096. Is the current an OS limit or can this be changed? This is not an OS limit, but is a Microsoft's hard coded limit into the MS C Runtime libraries (msvcrt.dll). You can increase this limit rebuilding from sources the runtime libraries. I have got in the past some successful user's report about this. Using MSYS+MinGW don't change the problem, because MinGW is based on msvcrt.dll. Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: [EMAIL PROTECTED] WWW: http://www.acmeconsulting.it/
[squid-users] DNS Fail-over Problem Squid does not realize chrashed webservers
Hi list, searched the internet for a while, but did not find an answer to my problem. We use several IP's in the DNS for our webservers utilizing round-robin and fail-over. DNS will send all IP's to the client at request time. The client then make his connection to these different host. If one webserver crashes the clients only need 1-3 seconds to realize which server is down and redirect all other requests to the remaining ones. Tested with Firefox, Opera and IE. Squid reacts different. It does not realize that one server is down, so the user will receive a lot of web time-outs and has to reload every page serveral times till the proxies has fetched all objects from the remaing servers. Does anybody has a solution. You may also take a look at http://cr.yp.to/djbdns/balance.html for additional instructions. ___ Telefonate ohne weitere Kosten vom PC zum PC: http://messenger.yahoo.de
Re: [squid-users] 2 auth mechanisms
> Friends, > > I´m using squid with auth_ntlm against Microsoft AD, and it s working > pretty fine (with IE, at least). It does not work with Firefox, though. > I´ve tried using auth_msnt, wich worked fine, but I need IE user to use > pass-through authenticantion. Is there anyway to use two auth mechanisms > in one running copy of Squid? I´ve tried a few combinations, whitout > success. Could anybody give some help? > http://squidwiki.kinkie.it/SquidFaq/ProxyAuthentication#head-4fa68e1a751de826ec620c625c3a256e5fb16744 M.
Re: [squid-users] SNATing connections of a transparent proxy to their original IPs
> This question has probably been asked before but I can't find anything > relevant. > I'm looking for a way to SNAT the connections that a transparent squid cache > makes back to their original IPs. > > client(IP: a.b.c.d)->squid machine(a.b.c.e)->site server(w.x.y.z) (I want > this server to see a.b.c.d instead of the a.b.c.e IP) > > Is there a plugin for squid that can work with netfilter to do this? (kernel > 2.6) > > Thanks > > http://www.squid-cache.org/Doc/FAQ/FAQ-7.html#ss7.13 M.
Re: [squid-users] http 1.0
> ok, thanks > > then i've to some otehr investiagtions. my core problem is, that i've upgraded > from squid 2.4 to 2.5. with 2.4 every thing works as expected. requests are > handed over to the upsream proxy (genugate, a comercial firewall) and pages > are displayed as expected. with squid 2.5 on many pages there are missing > several pictures - Check squid´s access.log for these missing objects. - Try setting client_persistent_connections to ´off´ > and when there is a http redirect on a pagessquid 2.5 stats: > (111) connection refused. - Check access.log for this request. Identify the attempted-port for the http connection. - Make sure your firewall rules are correct; in all cases. > > i've posted this http 1.0 question, as the firewall vendor told me, that this > is often a http 1.1 issue ... > > any suggestions ? > - Which version 2.5 version are you using ? M.
Re: [squid-users] http 1.0
Am Montag 30 Januar 2006 15:10 schrieb Mark Elsen: > > hi, > > > > i requiere squid to talk to it's upstraem proxy only http 1.0. if it > > forces webbrowsers to talk http 1.0 too, this is ok too. how can i > > configure this ? > > This is a none use, because currently SQUID supports http1.0 only. > > M. ok, thanks then i've to some otehr investiagtions. my core problem is, that i've upgraded from squid 2.4 to 2.5. with 2.4 every thing works as expected. requests are handed over to the upsream proxy (genugate, a comercial firewall) and pages are displayed as expected. with squid 2.5 on many pages there are missing several pictures and when there is a http redirect on a pagessquid 2.5 stats: (111) connection refused. i've posted this http 1.0 question, as the firewall vendor told me, that this is often a http 1.1 issue ... any suggestions ? TIA -- Matthias Henze [EMAIL PROTECTED] Use PGP!! http://www.mhcsoftware.de/MatthiasHenze.asc - - - - - - - - - - - - - - - - - - - - - - - - - - - MHC SoftWare GmbH voice: +49-(0)9533-92006-0 Fichtera 17 fax: +49-(0)9533-92006-6 96274 Itzgrund/Germany e-Mail: [EMAIL PROTECTED] - - - - - - - - - - - - - - - - - - - - - - - - - - -
Re: [squid-users] Can't get pam authorization to work
I won't be at my machine until approx. 6pm EST tonight. I remember checking those logs and found failed login attempts in the access.log For the cache.log, it looked to me like it was okay, but later this afternoon, I'll submit the tail end of those files for you. I thank you, Joe >> Hi, >> >> Please help: >> I have a squid.conf file that I will include. >> squid -k parse >> returns nothing and I think that is good. >> I configure firefox to use my gateway proxy on port 3128 >> When I choose a web page, the "Prompt" pops up requesting a "User >> Name" & "Password" >> I enter the correct username & password, but the window just pops back >> up asking again >> for the user & password. >> Please help. >> I have configured my squid.conf file as such: >> >> >>... > > For starters , check access.log for the failed logon. > > Check any further info in cache.log , if any. > > M.
Re: [squid-users] timeout when downloading pdf
> Hello, > > One of our users has a problem downloading a generated on the fly PDF > file from a financial institution. Access is through our squid proxy > server and it appears to be timing out because the file takes a while > to generate and download. > > What timeout setting in Squid could I adjust to prevent the timeout > from occuring. Please note that the error recieved by the user is not > a squid error but a typical browser timeout error. > Also check squid´s access.log for this request. M.
Re: [squid-users] Can't get pam authorization to work
> Hi, > > Please help: > I have a squid.conf file that I will include. > squid -k parse > returns nothing and I think that is good. > I configure firefox to use my gateway proxy on port 3128 > When I choose a web page, the "Prompt" pops up requesting a "User Name" > & "Password" > I enter the correct username & password, but the window just pops back > up asking again > for the user & password. > Please help. > I have configured my squid.conf file as such: > > >... For starters , check access.log for the failed logon. Check any further info in cache.log , if any. M.
Re: [squid-users] http 1.0
> hi, > > i requiere squid to talk to it's upstraem proxy only http 1.0. if it forces > webbrowsers to talk http 1.0 too, this is ok too. how can i configure this ? > > This is a none use, because currently SQUID supports http1.0 only. M.
[squid-users] Can't get pam authorization to work
Hi, Please help: I have a squid.conf file that I will include. squid -k parse returns nothing and I think that is good. I configure firefox to use my gateway proxy on port 3128 When I choose a web page, the "Prompt" pops up requesting a "User Name" & "Password" I enter the correct username & password, but the window just pops back up asking again for the user & password. Please help. I have configured my squid.conf file as such: [EMAIL PROTECTED] ]# cat /etc/squid/squid.conf # /etc/squid/squid.conf: OpenNA, Inc. (last updated 2003 Aug 27) icp_port 0 ssl_unclean_shutdown on hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY cache_mem 128 MB cache_replacement_policy heap GDSF memory_replacement_policy heap GDSF cache_dir diskd /var/spool/squid 750 16 256 cache_store_log none log_fqdn on auth_param basic program /usr/lib/squid/pam_auth auth_param basic children 5 auth_param basic realm Squid Proxy-Caching Web Server auth_param basic credentialsttl 2 hours acl authenticated proxy_auth REQUIRED acl localnet src 192.168.4.0/255.255.255.0 acl localhost src 127.0.0.1/255.255.255.255 acl SSL_ports port 443 563 acl Safe_ports port 80 21 443 563 70 210 1025-65535 280 488 591 777 acl CONNECT method CONNECT acl PURGE method PURGE acl all src 0.0.0.0/0.0.0.0 http_access allow authenticated http_access allow localnet http_access allow localhost http_access allow PURGE localhost http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access deny CONNECT http_access deny PURGE http_access deny all cache_mgr [EMAIL PROTECTED] cache_effective_user squid cache_effective_group squid logfile_rotate 0 log_icp_queries off visible_hostname r2d2 cachemgr_passwd my-secret-pass all buffered_logs on [EMAIL PROTECTED] ]#
[squid-users] timeout when downloading pdf
Hello, One of our users has a problem downloading a generated on the fly PDF file from a financial institution. Access is through our squid proxy server and it appears to be timing out because the file takes a while to generate and download. What timeout setting in Squid could I adjust to prevent the timeout from occuring. Please note that the error recieved by the user is not a squid error but a typical browser timeout error. Thanks, Rod
[squid-users] http 1.0
hi, i requiere squid to talk to it's upstraem proxy only http 1.0. if it forces webbrowsers to talk http 1.0 too, this is ok too. how can i configure this ? TIA -- Matthias Henze [EMAIL PROTECTED] Use PGP!! http://www.mhcsoftware.de/MatthiasHenze.asc - - - - - - - - - - - - - - - - - - - - - - - - - - - MHC SoftWare GmbH voice: +49-(0)9533-92006-0 Fichtera 17 fax: +49-(0)9533-92006-6 96274 Itzgrund/Germany e-Mail: [EMAIL PROTECTED] - - - - - - - - - - - - - - - - - - - - - - - - - - -
Re: [squid-users] File Descriptor limit in Windows binary
On Mon, 2006-01-30 at 10:32 +0100, Joost de Heer wrote: > Hello, > > The current Windows binary provided by Guido Serassio has a 2048 file > descriptor limit. I'd like to increase this to 4096. Is the current an OS > limit or can this be changed? And if it can be changed, could anyone > provide me with information how to do this? AFAIK it's a limitation in the MingW runtime that can't be worked around. There are a few ideas floating around to have an improved filedescriptor abstraction layer in squid-3 which would enable MSWin32 handles and thus native MS Windows I/O (completion ports and everything), but I don't think anything has been coded yet. Any takers? Kinkie
[squid-users] Using squid as a cache and an HTTP accel
Hello to everyone. I'm currently running squid as a simple proxy. It works perfectly :-) I'm currently looking for a solution to setup a failover for my internal webserver (www). Here is my network [ www ] [ Squid ] // --> [ Web ] ||| ||| [ www2 ] So, on the squid server i've started to setup an http_accel (not finished). I've also setup monitoring script to enable/disable transparent proxying through http_accel. Well, I'm now trying to force squid to always fetch the same document (ie: index.html). But I don't know how to acheive this. Should I use a redirector programm ? Can it be in conflict with another one ? Should I declare some specials ACL/regex in squid.conf to do this ? Thanks in advance. Aurélien Requiem System administrator +33.1.40.34.88.39
Re: [squid-users] Squid sizing for url filtering and lots of users
On Sun, 2006-01-29 at 18:34 +0100, Mark Elsen wrote: > I have never uses loadbalancing so I can't advise I have. For that kind of load I highly advise that you do use it. It changes the requirements from one (very) high-end box to two mid-end boxes. As for balancers, there's a few options you can use: - a specially-crafted proxy autoconfiguration file - one (two for extreme high-availability) low-to-mid-end boxes running Linux Virtual Server - an hardware load balancer (high-performance but expensive) There's some hints in the Squid FAQ, I'll try to add more as soon as I can. Kinkie
Re: [squid-users] Will NTLM enhance logfiles from ssh connections?
On Sat, 2006-01-28 at 07:49 -0800, spcatch55 wrote: > I'm trying to get the squid logfiles to differentiate > between requests from different ssh logins that > forward port 3128 into the squid server (right now > they all show up from IP 127.0.0.1) > > Will NTLM authentication help for this? I read that > NTLM authentication will enable squid logfiles to log > a userid rather than an IP address. Any form of authentication will log both an username along with an ip address; it doesn't need to be NTLM. Kinkie
Re: [squid-users] Best Way to use Proxy Authentication
On Fri, 2006-01-27 at 14:52 -0200, Fernando Lujan wrote: > Hi all, > > I'm trying to find the best solution to authenticate Samba + Squid. I > successfully configured winbindd and ntlm_auth. But I need to create > acl's using group authentication. Which is the best solution? openLdap > appears to be very difficult. :( You can have some insights by looking at http://squidwiki.kinkie.it/SquidFaq/ProxyAuthentication Kinkie
Re: [squid-users] help for virtual-host logfile
On 30.01 18:28, bend chen wrote: > Hi,squid friedns. > I am a squid newbei. > I have tow linux-box run some virtual-host,I will > add a linux-box run squid provide cache service for > these virtual-host . > but I have a question: > I need squid for eache virtual-host have each other > logfile (or: expediently analyzed logfile for eache > virtual-host ) squid does not know anything about your virtual hosts. It even can't know about them. SQUID only knows about URI's so you will have to split the logfile yourself. You can make a script for that. -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Your mouse has moved. Windows NT will now restart for changes to take to take effect. [OK]
[squid-users] help for virtual-host logfile
Hi,squid friedns. I am a squid newbei. I have tow linux-box run some virtual-host,I will add a linux-box run squid provide cache service for these virtual-host . but I have a question: I need squid for eache virtual-host have each other logfile (or: expediently analyzed logfile for eache virtual-host ) Thanks your help. bend chen ___ 无限容量雅虎相册,原图等大下载,超快速度,赶快抢注! http://cn.photos.yahoo.com
[squid-users] 2 auth mechanisms
Friends, I´m using squid with auth_ntlm against Microsoft AD, and it s working pretty fine (with IE, at least). It does not work with Firefox, though. I´ve tried using auth_msnt, wich worked fine, but I need IE user to use pass-through authenticantion. Is there anyway to use two auth mechanisms in one running copy of Squid? I´ve tried a few combinations, whitout success. Could anybody give some help? Thank you all! Talora -- Esta mensagem foi verificada pelo sistema de antivírus e acredita-se estar livre de perigo.
AW: [squid-users] Doku and question: Squid + squid_ldap_auth + Tru64
Thanks für your hint, but it does not work: /usr/local/squid/libexec/squid_ldap_auth \ -h \ -D "cn=,cn=Users,dc=emea,dc=zf-world,dc=com" \ -w "" \ -b "dc=emea,dc=zf-world,dc=com" \ -f sAMAccountName=%s , , are really correct. Entering a valid user / password:miller secret still gives squid_ldap_auth: WARNING, could not bind to binddn 'Invalid credentials' ERR Success Why "ERR Success"? What tests can I further do? Werner Rost >>-Ursprüngliche Nachricht- >>Von: Ghislain Garcon [mailto:[EMAIL PROTECTED] >>Gesendet: Freitag, 27. Januar 2006 17:19 >>An: Rost Werner ZFBE GMT-ISN; squid-users@squid-cache.org >>Betreff: Re: [squid-users] Doku and question: Squid + >>squid_ldap_auth + Tru64 >> >> >>Response 1 : You have two -b option. Keep only this one : >> >>-b "dc=emea,dc=zf-world,dc=com" >> >> >>Is your ldap server accept simple connexions? >>Check password and your bind dn. >> >>Response 2 : Yes >> >>>It would be nice if someone can give me sone hints how I can test >>>squid_ldap_auth interactive without squid. >>> >>>I tried: >>> >>>/usr/local/squid/libexec/squid_ldap_auth \ >>> -b o= \ >>> -h \ >>> -D "cn=,cn=Users,dc=emea,dc=zf-world,dc=com" \ >>> -w "" \ >>> -b "dc=emea,dc=zf-world,dc=com" -f sAMAccountName=%s >>> >>>and entered >>> >>> miller secret >>> >>>In all cases this leads to >>> >>> squid_ldap_auth: WARNING, could not bind to binddn >>'Invalid credentials' >>> ERR Success >>> >>> >>>Question 1: Something wrong with the syntax above? >>> >>>Question 2: Is it ok to enter ? >>> >>> >>>Werner Rost >>> >>> >>> >> >> >>
[squid-users] SNATing connections of a transparent proxy to their original IPs
This question has probably been asked before but I can't find anything relevant. I'm looking for a way to SNAT the connections that a transparent squid cache makes back to their original IPs. client(IP: a.b.c.d)->squid machine(a.b.c.e)->site server(w.x.y.z) (I want this server to see a.b.c.d instead of the a.b.c.e IP) Is there a plugin for squid that can work with netfilter to do this? (kernel 2.6) Thanks
[squid-users] File Descriptor limit in Windows binary
Hello, The current Windows binary provided by Guido Serassio has a 2048 file descriptor limit. I'd like to increase this to 4096. Is the current an OS limit or can this be changed? And if it can be changed, could anyone provide me with information how to do this? Joost
AW: AW: [squid-users] Squid with SquidGuard
You didn't forget to create the entry S99squid in /sbin/rc3.d using the command "ln -s ..."? Werner Rost >>-Ursprüngliche Nachricht- >>Von: Mark Sansome [mailto:[EMAIL PROTECTED] >>Gesendet: Freitag, 27. Januar 2006 19:13 >>An: Rost Werner ZFBE GMT-ISN >>Cc: [EMAIL PROTECTED]; squid-users@squid-cache.org; Mark Elsen >>Betreff: Re: AW: [squid-users] Squid with SquidGuard >> >> >>[EMAIL PROTECTED] wrote: >> >>>Suqid and squidguard work fine for me. >>> >>>There are 2 scripts: >>> >>>/sbin/init.d/squid (yep, OS is Tru64): >>> >>> case $1 in >>> >>> 'start') >>>echo "Starting SQUID ..." >>>nohup /sbin/init.d/squid_start >>>;; >>> >>> >>>and /sbin/init.d/squid_start: >>> >>> #!/bin/sh >>> su - squid -c '/usr/local/squid/sbin/squid -D' >>> >>> >>>and an entry in /sbin/rc3.d: >>> >>> lrwxrwxrwx 1 root bin 15 Aug 20 2002 >>S99squid -> ../init.d/squid >>> >>> >>>Voila, this works. After a reboot squid and squidguard are running. >>> >>>Hope this helps a little bit. >>> >>>Werner Rost >>>GMT-FIR - Netzwerk >>> >>> >>Well I had high hopes for this. I worked through it >>step-by-step changing the relevant file locations to match my >>system - even putting in some "echo" comments to trace where >>I was and, Hey Presto! It worked from the command line... >>Note: I had to change the /etc/rc.d/init.d/squid_start script >>to read su >>- squid --command=`/usr/sbin/squid -D` (with backticks) for >>it to work (Although I think the -D switch is unnecessary >>because, if I read my init.d/squid script correctly, it calls >>/etc/sysconfig/squid which sets it as default). >> >>So. Now I can run "/sbin/service squid start" and squid will >>start together with squidGuard. >> >>Full of hope, I rebooted (having first removed the entry from >>/etc/rc.d/rc.local). >> >>No joy... >> >>still the same error. >> >>To use the vernacular - This is doing my head in! >> >>Thanks and best regards >> >>Mark >> >> >>