[squid-users] SARG configuration for auto reports
Dear Users, I have stalled Squid and Sarg over fedora 9, working perfectly. For the reporting i googled and found that the script by Ugo Viti is most popular and perfect for Daily, weekly, monthly reports, available at http://www.initzero.it/products/opensource/sarg-reports/download/sarg-reports But I am confused 1. Where should I copy this script - squid-reports 2. Which is best option crontab or logrotate, and in both case what and where should I made changes. can anyone help me out. regards Arun
[squid-users] slow on 'some' sites
Hello, I hope somebody know this problem: I have a transparent proxy working on my firewall (OpenBSD with Squid transparent flavor). It do the work well, but some sites are very slow. For exemple, the ubuntu-fr.org welcome page took around one minute to load. The squid.conf have been tryed on another machine wich is not the firewall (Debian), and the problem disapear! Any suggestions is wellcome :). Regards Sébastien Serre -- Service informatique IBGC CNRS 1 rue Camille Saint Saens 33077 BORDEAUX CEDEX Tel. +33 (0)5 56 99 90 04 Fax. +33 (0)5 56 99 90 59 http://www.ibgc.cnrs.fr
Re: [squid-users] slow on 'some' sites
sserre wrote: Hello, I hope somebody know this problem: I have a transparent proxy working on my firewall (OpenBSD with Squid transparent flavor). It do the work well, but some sites are very slow. For exemple, the ubuntu-fr.org welcome page took around one minute to load. The squid.conf have been tryed on another machine wich is not the firewall (Debian), and the problem disapear! Any suggestions is wellcome :). Regards Sébastien Serre Some sites do not behave nicely. http://redbot.org/?uri=http%3A%2F%2Fubuntu-fr.org May also be compounded if the site has a lot of page baggage like advertising. Ads usually have these types of problems all on their own. Amos -- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE15 Current Beta Squid 3.1.0.8 or 3.0.STABLE16-RC1
[squid-users] R: [squid-users] next Squid 2.7 release?
Hi, They are alredy many Windows changes to be included, and I think that they should be in a final STABLE 2.7 release. But if 2.7 STABLE6 will be considered the final STABLE 2.7 release, we will build an updated 2.7 STABLE6-2 binary for Windows. But I think also that a new STABLE release could be better and more clear for users. Regards Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 110098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: i...@acmeconsulting.it WWW: http://www.acmeconsulting.it/ -Messaggio originale- Da: Amos Jeffries [mailto:squ...@treenet.co.nz] Inviato: mercoledì 3 giugno 2009 2.13 A: Balaji Ganesan Cc: squid-users@squid-cache.org Oggetto: Re: [squid-users] next Squid 2.7 release? Priorità: Alta On Tue, 2 Jun 2009 16:44:50 -0700, Balaji Ganesan bgane...@venturiwireless.com wrote: Hi, Can anyone please let me know when is the next stable 2.7 release intended. I believe Windows 7 support is on the next release and I would like to have that for my work. Also please let me know which STABLE version will that one be. Thanks Balaji Henrik who maintains Squid-2 and makes these decisions for that branch is taking a long overdue break from squid at present. He will be back at some undefined point in the future. The next numerical release of 2.7 will be 2.7.STABLE7 if it comes out. No release is timelined at present, though I have little doubt there will be one eventually. Meanwhile you should contact Acme Consulting (http://squid.acmeconsulting.it/) about an updated build. Amos
[squid-users] squid 2.7 / 3.0 : delay pools
Hi, i am trying the following delay pool settings: === maximum_object_size 0 KB delay_pools 2 # default pool, full power delay_class 1 1 delay_parameters 1 -1/-1 delay_access 1 allow from_evil delay_access 1 deny all # pool 500 B/s # match csdev/adbdev delay_class 2 2 delay_parameters 2 -1/-1 500/12000 delay_access 2 allow all === ie. 12kB bucket and 500B/s 1) with 2.7 STABLE6, squid is performing correctly, the 12kB burst is there, and 500B/s limition too. The bucket goes negative but never less than -5. $ ab -c 3 -n 20 http://test/test-1K.data Requests per second:1.08 [#/sec] (mean) Transfer rate: 0.91 [Kbytes/sec] received = more than 0.5 KB/s but the bucket was not empty 2) with 3.0 STABLE15 and 512kB file, i can query as much as i want and the Current counter goes mad. $ ab -c 3 -n 300 http://test/test-512.data Requests per second:694.01 [#/sec] (mean) Transfer rate: 667.80 [Kbytes/sec] received $ ab -c 3 -n 300 http://test/test-1K.data Requests per second: 744.40 [#/sec] (mean) Transfer rate: 564.28 [Kbytes/sec] received from cachemgr.cgi: === Pool: 2 Class: 2 Aggregate: Disabled. Individual: Max: 12000 Restore: 500 Current: 11:-257223 === Question: did i missed a parameter ? -- Fabien
Re: [squid-users] Security of NTLM authentication
Hi, At 01.59 03/06/2009, Amos Jeffries wrote: On Tue, 02 Jun 2009 19:44:03 -0300, Leonardo Rodrigues leolis...@solutti.com.br wrote: Hello Guys, a simple question . i know that basic authentication schemas transmit username/password in cleartext over the wire. It' base64 encoded, but it's trivially detected and decoded, which make them not the most secure ones to use. do NTLM authentication schemas are more secure than basic ones, i mean, do NTLM authentication schema transmit cleartext (or simply encoded) username/passwords over the wire ? NTLM uses a side channel directly between the domain control server and the machine needing to check auth. I'm not sure how that is coded. The HTTP side of the triangle includes a hash of the credentials. One thing to be wary of is that NTLM hash strength is pretty much limited by the Windows releases involved. The older versions used by Win9x are hashes which are now trivially broken, none are completely secure. The latest windows releases have deprecated it in favor of the much more secure Kerberos (but that won't work with anything much older than XP and IE6). Just some more explanation here: There are two flavors of NTLM: V1 (the windows 9x version) and V2. Squid is able to use both, but V2 is more secure. On the Kerberos side, you need the negotiate authentication schema, but there are some requirements to meet Browser: - Internet Explorer 7.0 or later - Firefox 1.5 or later OS: - Windows 2000 or later So on Windows 2000 you can use Negotiate with Firefox only, while on XP/2003 you need to Install at least IE7 or Firefox. Regards Guido - Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: guido.seras...@acmeconsulting.it WWW: http://www.acmeconsulting.it/
Re: [squid-users] Security of NTLM authentication
Guido Serassio escreveu: Just some more explanation here: There are two flavors of NTLM: V1 (the windows 9x version) and V2. Squid is able to use both, but V2 is more secure. On the Kerberos side, you need the negotiate authentication schema, but there are some requirements to meet Browser: - Internet Explorer 7.0 or later - Firefox 1.5 or later OS: - Windows 2000 or later So on Windows 2000 you can use Negotiate with Firefox only, while on XP/2003 you need to Install at least IE7 or Firefox. Hi Guido, thanks for the extra informations. is it possible to configure squid to use only NTLM v2 ? I'm actually doing the basic: auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 50 auth_param ntlm keep_alive on external_acl_type ad_group ttl=1800 children=50 %LOGIN /usr/bin/wbinfo_group.pl -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: [squid-users] R: [squid-users] next Squid 2.7 release?
+1 for a new STABLE, also in case most of the changes were to be windows-specific On 6/3/09, Guido Serassio guido.seras...@acmeconsulting.it wrote: Hi, They are alredy many Windows changes to be included, and I think that they should be in a final STABLE 2.7 release. But if 2.7 STABLE6 will be considered the final STABLE 2.7 release, we will build an updated 2.7 STABLE6-2 binary for Windows. But I think also that a new STABLE release could be better and more clear for users. Regards Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 110098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: i...@acmeconsulting.it WWW: http://www.acmeconsulting.it/ -Messaggio originale- Da: Amos Jeffries [mailto:squ...@treenet.co.nz] Inviato: mercoledì 3 giugno 2009 2.13 A: Balaji Ganesan Cc: squid-users@squid-cache.org Oggetto: Re: [squid-users] next Squid 2.7 release? Priorità: Alta On Tue, 2 Jun 2009 16:44:50 -0700, Balaji Ganesan bgane...@venturiwireless.com wrote: Hi, Can anyone please let me know when is the next stable 2.7 release intended. I believe Windows 7 support is on the next release and I would like to have that for my work. Also please let me know which STABLE version will that one be. Thanks Balaji Henrik who maintains Squid-2 and makes these decisions for that branch is taking a long overdue break from squid at present. He will be back at some undefined point in the future. The next numerical release of 2.7 will be 2.7.STABLE7 if it comes out. No release is timelined at present, though I have little doubt there will be one eventually. Meanwhile you should contact Acme Consulting (http://squid.acmeconsulting.it/) about an updated build. Amos -- /kinkie
Re: [squid-users] Sharepoint/SQUID
Accidently sent this directly to Amos: The version of squid I'm using is 2.7STABLE3 - I have pretty much narrowed down the issue. When I am using the proxy the url that is passed back to sharepoint for the search is: http://sp.myfqdn.com/nwpcadm/KB/_layouts/searchresults.aspx?k=jdau=http%3A%2F%2Fsp%2Emyfqdn%2Ecom%2Fnwpcadm%2FKB Which ends up failing on the search - if I do not use the proxy the url that is passed is: http://sp/nwpcadm/KB/_layouts/searchresults.aspx?k=jdau=http%3A%2F%2Fsp%2Fnwpcadm%2FKB Which does work. Any suggestions would be greatly appreciated. On Tue, Jun 2, 2009 at 6:22 PM, Amos Jeffries squ...@treenet.co.nz wrote: On Tue, 2 Jun 2009 16:16:43 -0500, spookrat spook...@gmail.com wrote: Recently setup SQUID and while was testing discovered that while using the built in search for sharepoint that I would get a message from it like this; The Web application at http://mysharepointsite could not be found. Verify that you have typed the URL correctly. If the URL should be serving existing content, the system administrator may need to add a new request URL mapping to the intended application. When I shutoff the SQUID proxy this functionality does work. I receive the following messages in the SQUID 1243961498.622 32 mymachinename.mydomainname.com TCP_MISS/404 1044 GET http://mysharepointsite/nwpcadm/KB/_themes/CustomJet/topnavselected_jet.gif - NONE/- - 1243961498.627 34 mymachinename.mydomainname.com TCP_MISS/401 2239 GET http://mysharepointsite/nwpcadm/KB/_themes/CustomJet/navshape_jet.jpg - DIRECT/10.0.2.135 text/html 1243961498.653 62 mymachinename.mydomainname.com TCP_MISS/404 1044 GET http://mysharepointsite/nwpcadm/KB/_themes/CustomJet/topnavunselected_jet.gif - NONE/- - 1243961498.656 33 mymachinename.mydomainname.com TCP_MISS/401 2239 GET http://mysharepointsite/nwpcadm/KB/_themes/CustomJet/pagebackgrad_jet.gif - NONE/- text/html 1243961498.657 62 mymachinename.mydomainname.com TCP_MISS/404 1044 GET http://mysharepointsite/nwpcadm/KB/_themes/CustomJet/siteactionsmenugrad_jet.gif - DIRECT/10.0.2.135 - 1243961498.657 30 mymachinename.mydomainname.com TCP_MISS/401 2239 GET http://mysharepointsite/nwpcadm/KB/_themes/CustomJet/pageTitleBKGD_jet.gif - DIRECT/10.0.2.135 text/html 1243961498.690 35 mymachinename.mydomainname.com TCP_MISS/404 1044 GET http://mysharepointsite/nwpcadm/KB/_themes/CustomJet/navshape_jet.jpg - NONE/- - 1243961498.690 32 mymachinename.mydomainname.com TCP_MISS/404 1044 GET http://mysharepointsite/KB/_themes/CustomJet/pagebackgrad_jet.gif - NONE/- - 1243961498.709 50 mymachinename.mydomainname.com TCP_MISS/404 1044 GET http://mysharepointsite/nwpcadm/KB/_themes/CustomJet/pageTitleBKGD_jet.gif - NONE/- - First I thought maybe it was because it was attempting to cache .aspx pages from sharepoint. So I threw an always_direct into my squid.conf file without much luck. Any thoughts on where I might be a bit on the misguided side? Well its very hard to tell whats going on since you omit any details of how you setup squid. 'mysharepointsite' is not a proper domain name. That may be the problem. Amos
RE: [squid-users] next Squid 2.7 release?
Thanks Amos and Guido. Guido, Do we have any timeline on when we can expect this? Thanks again. Thanks Balaji -Original Message- From: Guido Serassio [mailto:guido.seras...@acmeconsulting.it] Sent: Wednesday, June 03, 2009 4:16 AM To: Amos Jeffries; Balaji Ganesan Cc: squid-users@squid-cache.org Subject: R: [squid-users] next Squid 2.7 release? Hi, They are alredy many Windows changes to be included, and I think that they should be in a final STABLE 2.7 release. But if 2.7 STABLE6 will be considered the final STABLE 2.7 release, we will build an updated 2.7 STABLE6-2 binary for Windows. But I think also that a new STABLE release could be better and more clear for users. Regards Guido Serassio Acme Consulting S.r.l. - Microsoft Certified Partner Via Lucia Savarino, 110098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: i...@acmeconsulting.it WWW: http://www.acmeconsulting.it/ -Messaggio originale- Da: Amos Jeffries [mailto:squ...@treenet.co.nz] Inviato: mercoledì 3 giugno 2009 2.13 A: Balaji Ganesan Cc: squid-users@squid-cache.org Oggetto: Re: [squid-users] next Squid 2.7 release? Priorità: Alta On Tue, 2 Jun 2009 16:44:50 -0700, Balaji Ganesan bgane...@venturiwireless.com wrote: Hi, Can anyone please let me know when is the next stable 2.7 release intended. I believe Windows 7 support is on the next release and I would like to have that for my work. Also please let me know which STABLE version will that one be. Thanks Balaji Henrik who maintains Squid-2 and makes these decisions for that branch is taking a long overdue break from squid at present. He will be back at some undefined point in the future. The next numerical release of 2.7 will be 2.7.STABLE7 if it comes out. No release is timelined at present, though I have little doubt there will be one eventually. Meanwhile you should contact Acme Consulting (http://squid.acmeconsulting.it/) about an updated build. Amos
Re: [squid-users] Re: Squid + Kerberos + Active Directory
Dear Markus, Really thanks for your suggestions... i didnt understand few of them... anyway the following is my reply to your queries... kindly assist me to keep the things up and running... FQDN -- linuxproxy.panasonic.com HOSTNAME -- linuxproxy [r...@linuxproxy ~]# klist -kt Keytab name: FILE:/etc/squid/HTTP.keytab KVNO Timestamp Principal - 4 06/02/09 18:05:36 HTTP/linuxproxy.panasonic@panasonic.com 4 06/02/09 18:05:36 HTTP/linuxproxy.panasonic@panasonic.com 4 06/02/09 18:05:36 HTTP/linuxproxy.panasonic@panasonic.com 3 06/02/09 18:05:23 HTTP/linuxproxy.panasonic@panasonic.com 3 06/02/09 18:05:23 HTTP/linuxproxy.panasonic@panasonic.com 3 06/02/09 18:05:23 HTTP/linuxproxy.panasonic@panasonic.com [r...@linuxproxy ~]# Does you startup script set the KRB5_KTNAME environment variable ? [r...@linuxproxy ~]# head -23 /etc/rc.d/init.d/squid #!/bin/bash ### BEGIN INIT INFO # Provides: squid # chkconfig: - 90 25 # pidfile: /var/run/squid.pid # config: /etc/squid/squid.conf # Short-Description: starting and stopping Squid Internet Object Cache # Description: Squid - Internet Object Cache. Internet object caching is \ # a way to store requested Internet objects (i.e., data available \ # via the HTTP, FTP, and gopher protocols) on a system closer to the \ # requesting site than to the source. Web browsers can then use the \ # local Squid cache as a proxy HTTP server, reducing access time as \ # well as bandwidth consumption. ### END INIT INFO KRB5_KTNAME=/etc/squid/HTTP.keytab PATH=/usr/bin:/sbin:/bin:/usr/sbin export PATH KRB5_KTNAME # Source function library. . /etc/rc.d/init.d/functions # Source networking configuration. [r...@linuxproxy ~]# Can you do a successful kinit -k squid.keytab HTTP/hostname ? (i didnt understand how to issue this command, any way i tried the followig); [r...@linuxproxy ~]# ls /etc/squid/HTTP.keytab(i am using HTTP.keytab file name, i think u mentioned squid.keytab, am i right?) /etc/squid/HTTP.keytab [r...@linuxproxy ~]# [r...@linuxproxy ~]# kinit -k HTTP.keytab HTTP/linuxproxy Extra arguments (starting with HTTP/linuxproxy). Usage: kinit [-5] [-4] [-V] [-l lifetime] [-s start_time] [-r renewable_life] [-f | -F] [-p | -P] [-a | -A] [-v] [-R] [-k [-t keytab_file]] [-c cachename] [-S service_name] [principal] options: valid with Kerberos: -5 Kerberos 5 (available) -4 Kerberos 4 (available) (Default behavior is to try Kerberos 5) -V verboseEither 4 or 5 -l lifetime Either 4 or 5 -s start time 5 -r renewable lifetime 5 -f forwardable5 -F not forwardable5 -p proxiable 5 -P not proxiable 5 -a include addresses 5 -A do not include addresses 5 -v validate 5 -R renew 5, or both 5 and 4 -k use keytab 5, or both 5 and 4 -t filename of keytab to use 5, or both 5 and 4 -c Kerberos 5 cache name 5 -S service5, or both 5 and 4 [r...@linuxproxy ~]# Can you add a -d to squid_kerb_auth and send me the output ? where i want add this -d ? you mean in the squid.conf? if so, from where i will get the output? in stdout? or in any of the log message? please clarify... Did you use the fqdn in IE to point to squid ? i tried FQDN after your mail, but the same resut. Cache Access Denied!!! before i had given the IP, and the result is same. (i am eager to know, this will not work, if i am specifying IP? or is it a mandatory that i should specify the fqdn? The command which i used to create the computer account in the active directory from the squid proxy machine; msktutil -c -b OU=Servers -s HTTP/linuxproxy.panasonic.com -h linuxproxy -k /etc/squid/HTTP.keytab --computer-name SQUIDPROXY --upn HTTP/linuxproxy.panasonic.com --server pana001.panasonic.com --verbose where my hostname = linuxproxy fqdn = linuxproxy.panasonic.com (resolvable in DNS) SAM client name specified = Squidproxy Actice Directory Server (DC) = pana001.panasonic.com (resolvable in DNS) Here is my krb5.conf; [r...@linuxproxy ~]# cat /etc/krb5.conf [libdefaults] default_realm = PANASONIC.COM dns_lookup_kdc = no dns_lookup_realm = no default_keytab_name =
Re: [squid-users] Sharepoint/SQUID
David Thonet wrote: On Tue, Jun 2, 2009 at 6:22 PM, Amos Jeffries squ...@treenet.co.nz wrote: Well its very hard to tell whats going on since you omit any details of how you setup squid. 'mysharepointsite' is not a proper domain name. That may be the problem. Amos Accidently sent this directly to Amos: The version of squid I'm using is 2.7STABLE3 That's a start... but you STILL omit any details of how you set up Squid. - I have pretty much narrowed down the issue. When I am using the proxy the url that is passed back to sharepoint for the search is: http://sp.myfqdn.com/nwpcadm/KB/_layouts/searchresults.aspx?k=jdau=http%3A%2F%2Fsp%2Emyfqdn%2Ecom%2Fnwpcadm%2FKB Which ends up failing on the search - if I do not use the proxy the url that is passed is: http://sp/nwpcadm/KB/_layouts/searchresults.aspx?k=jdau=http%3A%2F%2Fsp%2Fnwpcadm%2FKB Again, sp is not a proper domain name. That STILL might be the problem. Which does work. Any suggestions would be greatly appreciated. My suggestion would be to supply more details. My request would be, please don't top post. Chris
[squid-users] Re: Squid + Kerberos + Active Directory
- Original Message - From: Truth Seeker truth_seeker_3...@yahoo.com To: Markus Moeller hua...@moeller.plus.com Cc: Squid maillist squid-users@squid-cache.org Sent: Wednesday, June 03, 2009 7:39 PM Subject: Re: [squid-users] Re: Squid + Kerberos + Active Directory Dear Markus, Really thanks for your suggestions... i didnt understand few of them... anyway the following is my reply to your queries... kindly assist me to keep the things up and running... FQDN -- linuxproxy.panasonic.com HOSTNAME -- linuxproxy [r...@linuxproxy ~]# klist -kt Keytab name: FILE:/etc/squid/HTTP.keytab KVNO Timestamp Principal - 4 06/02/09 18:05:36 HTTP/linuxproxy.panasonic@panasonic.com 4 06/02/09 18:05:36 HTTP/linuxproxy.panasonic@panasonic.com 4 06/02/09 18:05:36 HTTP/linuxproxy.panasonic@panasonic.com 3 06/02/09 18:05:23 HTTP/linuxproxy.panasonic@panasonic.com 3 06/02/09 18:05:23 HTTP/linuxproxy.panasonic@panasonic.com 3 06/02/09 18:05:23 HTTP/linuxproxy.panasonic@panasonic.com [r...@linuxproxy ~]# Does you startup script set the KRB5_KTNAME environment variable ? [r...@linuxproxy ~]# head -23 /etc/rc.d/init.d/squid #!/bin/bash ### BEGIN INIT INFO # Provides: squid # chkconfig: - 90 25 # pidfile: /var/run/squid.pid # config: /etc/squid/squid.conf # Short-Description: starting and stopping Squid Internet Object Cache # Description: Squid - Internet Object Cache. Internet object caching is \ # a way to store requested Internet objects (i.e., data available \ # via the HTTP, FTP, and gopher protocols) on a system closer to the \ # requesting site than to the source. Web browsers can then use the \ # local Squid cache as a proxy HTTP server, reducing access time as \ # well as bandwidth consumption. ### END INIT INFO KRB5_KTNAME=/etc/squid/HTTP.keytab PATH=/usr/bin:/sbin:/bin:/usr/sbin export PATH KRB5_KTNAME # Source function library. . /etc/rc.d/init.d/functions # Source networking configuration. [r...@linuxproxy ~]# Can you do a successful kinit -k squid.keytab HTTP/hostname ? (i didnt understand how to issue this command, any way i tried the followig); [r...@linuxproxy ~]# ls /etc/squid/HTTP.keytab(i am using HTTP.keytab file name, i think u mentioned squid.keytab, am i right?) /etc/squid/HTTP.keytab [r...@linuxproxy ~]# [r...@linuxproxy ~]# kinit -k HTTP.keytab HTTP/linuxproxy Sorry I forgot the -t. It should have been: kinit -k -t HTTP.keytab HTTP/linuxproxy.panasonic.com This is to proof that the keytab entry is valid. Extra arguments (starting with HTTP/linuxproxy). Usage: kinit [-5] [-4] [-V] [-l lifetime] [-s start_time] [-r renewable_life] [-f | -F] [-p | -P] [-a | -A] [-v] [-R] [-k [-t keytab_file]] [-c cachename] [-S service_name] [principal] options: valid with Kerberos: -5 Kerberos 5 (available) -4 Kerberos 4 (available) (Default behavior is to try Kerberos 5) -V verboseEither 4 or 5 -l lifetime Either 4 or 5 -s start time 5 -r renewable lifetime 5 -f forwardable5 -F not forwardable5 -p proxiable 5 -P not proxiable 5 -a include addresses 5 -A do not include addresses 5 -v validate 5 -R renew 5, or both 5 and 4 -k use keytab 5, or both 5 and 4 -t filename of keytab to use 5, or both 5 and 4 -c Kerberos 5 cache name 5 -S service5, or both 5 and 4 [r...@linuxproxy ~]# Can you add a -d to squid_kerb_auth and send me the output ? where i want add this -d ? you mean in the squid.conf? if so, from where i will get the output? in stdout? or in any of the log message? please clarify... Yes in the squid.conf (e.g. auth_param negotiate program /usr/lib/squid/squid_kerb_auth -d The output goes to cache.log Did you use the fqdn in IE to point to squid ? i tried FQDN after your mail, but the same resut. Cache Access Denied!!! before i had given the IP, and the result is same. (i am eager to know, this will not work, if i am specifying IP? or is it a mandatory that i should specify the fqdn? I remember IE needed the fqdn. The command which i used to create the computer account in the active directory from the squid proxy machine; msktutil -c -b OU=Servers -s HTTP/linuxproxy.panasonic.com -h linuxproxy -k /etc/squid/HTTP.keytab --computer-name SQUIDPROXY --upn HTTP/linuxproxy.panasonic.com --server pana001.panasonic.com --verbose where my hostname =
Re: [squid-users] client_side_request.cc
Hi Gontzal, My SG version is pretty old, 1.2.1. I will upgrade it to latest version. Thanks for your advise. Thx Rgds, Wong - Original Message - From: Gontzal gontz...@gmail.com To: Squid-users squid-users@squid-cache.org Sent: Tuesday, June 02, 2009 22:42 Subject: [squid-users] client_side_request.cc Hi Wong, Wich version of squidGuard are you running? I had the same problem and i resolved it updating from squidGuard 1.3 to 1.4. Never more that error... Gontzal 2009/6/2 Wong wongb...@telkom.net Wong wrote: Dear All, I experienced messages below and squid exiting abnormally. Squid version 3S15 Need your advise help. Thx Rgds, Wong ---snip--- 2009/06/01 08:29:27| client_side_request.cc(825) redirecting body_pipe 0x85fd94c*1 from request 0x8525c90 to 0x886bcd0 These are normal. Visible only because of the level of debug_options. snip 2009/06/01 10:05:51| Preparing for shutdown after 67188 requests 2009/06/01 10:05:51| Waiting 5 seconds for active connections to finish 2009/06/01 10:05:51| FD 25 Closing HTTP connection 2009/06/01 10:05:51| WARNING: redirector #1 (FD 10) exited snip 2009/06/01 10:05:51| WARNING: redirector #9 (FD 18) exited 2009/06/01 10:05:51| Too few redirector processes are running 2009/06/01 10:05:51| Starting new helpers 2009/06/01 10:05:51| helperOpenServers: Starting 9/15 'squidGuard' processes 2009/06/01 10:05:52| WARNING: redirector #10 (FD 19) exited snip I assume the problem you are reporting is the redirectors starting up again during a shutdown. Is this correct? Amos -- Yes Amos, you're absolutely correct. How can I solve this problem? Now I increase the redirector and monitoring progress. Thx Rgds, Wong
