[squid-users] Cascading Squid
dear frnds, i m looking to deploy multiple squid servers under windows in such a manner that around 5 squid servers each having 20 clients should get connected to parent squid server having a high bandwidth connection. how to achieve this. the parent squid server ip: 192.168.2.1/255.255.240.0 other 5 squid ips: 192.168.2.2-192.168.2.6/255.255.240.0 Add more friends to your messenger and enjoy! Go to http://messenger.yahoo.com/invite/
[squid-users] How to cache all traffic?
Hello. I would like to know which is a safe mode to have a squid server cache everyhing (http, mp3s, mpegs, jpgs, gifs, and so on). Since most my users visit the same pages I would like to have a big cache and when I need to do some network maintenance I could unplug the internet cable and see if some user can still receive some web content from the squid server. I don't know if that can be done but, that's just a thought. I would like to cache everything though to at least save bandwith. Thanks for your help.
[squid-users] Re: AD authentiction with squid
In more detail the required steps for squid_kerb_auth (from https://sourceforge.net/project/showfiles.php?group_id=196348 or from latest squid distribution) are: 1) Install kerberos client package 2) Install msktutil package from http://dag.wieers.com/rpm/packages/msktutil/ 3) Configure krb5.conf 4) Configure squid by adding auth_param negotiate program /usr/sbin/squid_kerb_auth auth_param negotiate children 10 auth_param negotiate keep_alive on 5) Create keytab for HTTP/fqdn with msktutil. a) kinit administra...@domain b) msktutil -c -b CN=COMPUTERS -s HTTP/fqdn -h fqdn -k /etc/squid/HTTP.keytab --computer-name squid-HTTP --upn HTTP/fqdn --server domain controller --verbose 6) Add the following to thw squid startup script KRB5_KTNAME=/etc/squid/HTTP.keytab export KRB5_KTNAME 7) Done Markus
[squid-users] Subscription question
Is it possible to subscribe to the mailing list without receiving the mails. I would prefer that as I usually go via the gmane news server. Thank you Markus
Re: [squid-users] dns_internal or dnsserver ?
Mikio Kishi wrote: Hi, all On squid 3.0(STABLE13), which do you recommend, dns_internal mode or dnsserver mode ? Internal. External dnssrver helper is obsolete, a blocking process, and very limited in its performance capabilities. Amos -- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE13 Current Beta Squid 3.1.0.6
Re: [squid-users] Cascading Squid
ondemandema...@yahoo.com wrote: dear frnds, i m looking to deploy multiple squid servers under windows in such a manner that around 5 squid servers each having 20 clients should get connected to parent squid server having a high bandwidth connection. how to achieve this. the parent squid server ip: 192.168.2.1/255.255.240.0 other 5 squid ips: 192.168.2.2-192.168.2.6/255.255.240.0 http://wiki.squid-cache.org/SquidFaq/ConfiguringSquid#head-c050a0a0382c01fbfb9da7e9c18d58bafd4eb027 http://www.squid-cache.org/Doc/config/cache_peer/ Amos -- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE13 Current Beta Squid 3.1.0.6
Re: [squid-users] How to cache all traffic?
Wilson Hernandez - MSD, S. A. wrote: Hello. I would like to know which is a safe mode to have a squid server cache everyhing (http, mp3s, mpegs, jpgs, gifs, and so on). Since most my users visit the same pages I would like to have a big cache and when I need to do some network maintenance I could unplug the internet cable and see if some user can still receive some web content from the squid server. I don't know if that can be done but, that's just a thought. I would like to cache everything though to at least save bandwith. Thanks for your help. offline_mode on Amos -- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE13 Current Beta Squid 3.1.0.6
Re: [squid-users] Re: AD authentiction with squid
Markus Moeller wrote: In more detail the required steps for squid_kerb_auth (from https://sourceforge.net/project/showfiles.php?group_id=196348 or from latest squid distribution) are: 1) Install kerberos client package 2) Install msktutil package from http://dag.wieers.com/rpm/packages/msktutil/ 3) Configure krb5.conf 4) Configure squid by adding auth_param negotiate program /usr/sbin/squid_kerb_auth auth_param negotiate children 10 auth_param negotiate keep_alive on 5) Create keytab for HTTP/fqdn with msktutil. a) kinit administra...@domain b) msktutil -c -b CN=COMPUTERS -s HTTP/fqdn -h fqdn -k /etc/squid/HTTP.keytab --computer-name squid-HTTP --upn HTTP/fqdn --server domain controller --verbose 6) Add the following to thw squid startup script KRB5_KTNAME=/etc/squid/HTTP.keytab export KRB5_KTNAME 7) Done Markus Thank you. I was going to ask you for this soon. Added to the wiki: http://wiki.squid-cache.org/ConfigExamples/Authenticate/Kerberos Is there anything we can/should add to the krb5.conf section? Amos -- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE13 Current Beta Squid 3.1.0.6
[squid-users] Re: Re: AD authentiction with squid
- Original Message - From: Amos Jeffries squ...@treenet.co.nz To: Markus Moeller hua...@moeller.plus.com Cc: squid-users@squid-cache.org Sent: Sunday, March 22, 2009 12:28 AM Subject: Re: [squid-users] Re: AD authentiction with squid Markus Moeller wrote: In more detail the required steps for squid_kerb_auth (from https://sourceforge.net/project/showfiles.php?group_id=196348 or from latest squid distribution) are: 1) Install kerberos client package 2) Install msktutil package from http://dag.wieers.com/rpm/packages/msktutil/ 3) Configure krb5.conf 4) Configure squid by adding auth_param negotiate program /usr/sbin/squid_kerb_auth auth_param negotiate children 10 auth_param negotiate keep_alive on 5) Create keytab for HTTP/fqdn with msktutil. a) kinit administra...@domain b) msktutil -c -b CN=COMPUTERS -s HTTP/fqdn -h fqdn -k /etc/squid/HTTP.keytab --computer-name squid-HTTP --upn HTTP/fqdn --server domain controller --verbose 6) Add the following to thw squid startup script KRB5_KTNAME=/etc/squid/HTTP.keytab export KRB5_KTNAME 7) Done Markus Thank you. I was going to ask you for this soon. Added to the wiki: http://wiki.squid-cache.org/ConfigExamples/Authenticate/Kerberos Is there anything we can/should add to the krb5.conf section? Regarding krb5.conf it might be good to mention that rc4-hmac should be listed as encryption type. A minimal setup without DNS resolution of AD servers would be [libdefaults] default_realm = WIN2003R2.HOME dns_lookup_kdc = no dns_lookup_realm = no default_keytab_name = /etc/krb5.keytab default_tgs_enctypes = rc4-hmac des-cbc-crc des-cbc-md5 default_tkt_enctypes = rc4-hmac des-cbc-crc des-cbc-md5 permitted_enctypes = rc4-hmac des-cbc-crc des-cbc-md5 [realms] WIN2003R2.HOME = { kdc = w2k3r2.win2003r2.home admin_server = w2k3r2.win2003r2.home } [domain_realm] .linux.home = WIN2003R2.HOME .win2003r2.home = WIN2003R2.HOME win2003r2.home = WIN2003R2.HOME [logging] kdc = FILE:/var/log/kdc.log admin_server = FILE:/var/log/kadmin.log default = FILE:/var/log/krb5lib.log In IE the proxy must be specified as fqdn not as an IP-address Amos -- Regards Markus Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE13 Current Beta Squid 3.1.0.6
Re: [squid-users] Re: Re: AD authentiction with squid
Markus Moeller wrote: - Original Message - From: Amos Jeffries squ...@treenet.co.nz To: Markus Moeller hua...@moeller.plus.com Cc: squid-users@squid-cache.org Sent: Sunday, March 22, 2009 12:28 AM Subject: Re: [squid-users] Re: AD authentiction with squid Markus Moeller wrote: In more detail the required steps for squid_kerb_auth (from https://sourceforge.net/project/showfiles.php?group_id=196348 or from latest squid distribution) are: 1) Install kerberos client package 2) Install msktutil package from http://dag.wieers.com/rpm/packages/msktutil/ 3) Configure krb5.conf 4) Configure squid by adding auth_param negotiate program /usr/sbin/squid_kerb_auth auth_param negotiate children 10 auth_param negotiate keep_alive on 5) Create keytab for HTTP/fqdn with msktutil. a) kinit administra...@domain b) msktutil -c -b CN=COMPUTERS -s HTTP/fqdn -h fqdn -k /etc/squid/HTTP.keytab --computer-name squid-HTTP --upn HTTP/fqdn --server domain controller --verbose 6) Add the following to thw squid startup script KRB5_KTNAME=/etc/squid/HTTP.keytab export KRB5_KTNAME 7) Done Markus Thank you. I was going to ask you for this soon. Added to the wiki: http://wiki.squid-cache.org/ConfigExamples/Authenticate/Kerberos Is there anything we can/should add to the krb5.conf section? Regarding krb5.conf it might be good to mention that rc4-hmac should be listed as encryption type. A minimal setup without DNS resolution of AD servers would be snip Done. Than you. Amos -- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE13 Current Beta Squid 3.1.0.6