[squid-users] Squid 3.1.x and authentification against AD Windows 2008R2
Hi there, We may plan to active authorization for users to the internet against Windows AD, running on Windows server 2008R2. I'm running squid on opensuse 11.4 64-bit. I've found some how-to, many of them solve it by ntlm-auth (not in opensuse, but there is a similar named ntlm_smb_lm_auth for squid i suppose). Another choice is over ldap. What is better ? What are your expericiences or recomentations ? And - please - some step-by-step how-to ... Thanks and best regards J.Karliak. -- Ma domena pouziva zabezpeceni a kontrolu SPF (www.openspf.org) a DomainKeys/DKIM (with ADSP) . Pokud mate problemy s dorucenim emailu, zacnete pouzivat metody overeni puvody emailu zminene vyse. Dekuji. My domain use SPF (www.openspf.org) and DomainKeys/DKIM (with ADSP) policy and check. If you've problem with sending emails to me, start using email origin methods mentioned above. Thank you. This message was sent using IMP, the Internet Messaging Program. bin3WTxbKD372.bin Description: Veřejný PGP klíč
[squid-users] Re : [squid-users] Re : [squid-users] Anonymous FTP and login pass url based
Hi Henrik, I try IE8, FF, and squidclient ... and the result is the same. Without Squid proxy, ftp://login:password@siteftp on a ftp site which used anonymous as default and authenticated access, the connexion with login / password is ok. With Squid proxy, ftp://login:password@siteftp only return anonymous access. Regards Guillaume - Mail original - De : Henrik Nordström hen...@henriknordstrom.net À : Al Batard albatar...@yahoo.fr Cc : squid-users@squid-cache.org squid-users@squid-cache.org Envoyé le : Samedi 17 Décembre 2011 3h54 Objet : [squid-users] Re : [squid-users] Anonymous FTP and login pass url based Please try testing this with squidclient or another dumb http client. The major browsers are all pretty braindead in different manners when it comes to non-anonymous FTP URLs and can confuse matters greatly. Regards Henrik
Re: [squid-users] Squid 3.1.x and authentification against AD Windows 2008R2
On 19/12/2011 9:00 p.m., Josef Karliak wrote: Hi there, We may plan to active authorization for users to the internet against Windows AD, running on Windows server 2008R2. I'm running squid on opensuse 11.4 64-bit. I've found some how-to, many of them solve it by ntlm-auth (not in opensuse, but there is a similar named ntlm_smb_lm_auth for squid i suppose Nope. ntlm_smb_lm_auth does does the ancient LM-over-SMB protocol (using HTTP NTLM auth scheme) for with Windows98/CE/ME and similar older software and considered dangerous to use in todays network environment. NTLM is best done using the ntlm_auth helper from Samba project. An even better alternative if you can use it is Kerberos authentication, which is supported by WindowsXP SP2 and later software. ). Another choice is over ldap. What is better ? What are your expericiences or recomentations ? And - please - some step-by-step how-to ... LDAP is just the interface to the credentials database. It can be used with most of the auth schemes in HTTP. The recommendation in this area is to go with whichever AD interface you are most familiar with and can implement securely. Pick the auth scheme(s) to suit your needs, then find which helper(s) plug the two together. http://wiki.squid-cache.org/Features/Authentication has the overview of how auth works for Squid and link for more info and the config examples. Amos
Re: [squid-users] squid 3.2 cache_dir and max-size
From: Saleh Madi saleh.m...@hadara.ps We have a server with Linux 64 Bit OS, 50GB RAM, 4xSSD 120GB and 8xHDD 2TB, we try to configure squid 3.2.0.14 on it with 8 workers, what is the best setting for the cache_dir and max-size for SSD and HDD per worker and what is the best store type aufs or diskd. Memory limits disk's usage, check the How much memory do I need in my Squid server? section: http://wiki.squid-cache.org/SquidFaq/SquidMemory#How_much_memory_do_I_need_in_my_Squid_server.3F JD
Re: [squid-users] Re : [squid-users] Re : [squid-users] Anonymous FTP and login pass url based
On 17/12/2011 2:24 a.m., Al Batard wrote: Hi, This is the log of the ftp connection to ftp site that accepts anonymous and login/pass (ftp://login:pass@ftpsite in url). Only Anonymous is used. Not my login / password. On a ftp site with anonymous login denied, user / password appear in log. - log of the ftp site with anonymous and login / pass authorized : 2011/12/16 13:46:53.474| ftp 220 FTP Server ready. 2011/12/16 13:46:53.474| ftp USER anonymous snip 2011/12/16 13:46:53.653| ftp 150 Opening ASCII mode data connection for file list 2011/12/16 13:46:53.744| ftp 226 Transfer complete 2011/12/16 13:46:53.744| ftp QUIT 2011/12/16 13:46:53.771| ftp 221 Goodbye. This is a successful transfer. The data got to Squid using anonymous access. There is no problem with auth here. Do you have a trace from this server when requesting something from the login-required area of the site? - log of the ftp site with login / pass authorized only : 2011/12/16 13:50:09.781| ftp 220 FTP 2011/12/16 13:50:09.781| ftp USER login I think there is some trace missing here. An earlier connect attempt to the FTP server using anon access, which fails. Either way, auth happened and the object was fetched. Again, no problem with auth here. Amos
[squid-users] getting assertion failed: CommCalls.h:165: dp squid 3.2.0.14
Chaps, Getting the following on squid 3.2.0.14 systems Shutdown: NTLM authentication. 2011/12/19 13:17:38 kid9| Shutdown: Negotiate authentication. 2011/12/19 13:17:38 kid9| Shutdown: Digest authentication. 2011/12/19 13:17:38 kid9| Shutdown: Basic authentication. 2011/12/19 13:18:09 kid9| Shutting down... 2011/12/19 13:18:09 kid9| assertion failed: CommCalls.h:165: dp FATAL: Received Segment Violation...dying. 2011/12/19 13:18:09 kid9| Not currently OK to rewrite swap log. 2011/12/19 13:18:09 kid9| storeDirWriteCleanLogs: Operation aborted.
[squid-users] getting assertion failed: mem.cc:205: MemPools[type] in squid 3.2.0.14
Configuring Sibling wwwcache2-east.hull.ac.uk/3128/4827 2011/12/19 13:26:05 kid9| Configuring Sibling wwwcache1- west.hull.ac.uk/3128/4827 2011/12/19 13:26:05 kid9| Configuring Sibling slb-realsrv1- east.hull.ac.uk/3128/4827 2011/12/19 13:26:05 kid9| Configuring Sibling wwwcache3- west.hull.ac.uk/3128/4827 2011/12/19 13:26:20 kid9| assertion failed: mem.cc:205: MemPools[type] 2011/12/19 13:26:23 kid9| Starting Squid Cache version 3.2.0.14 for i686-pc-linux-gnu... == Time for another Macmillan Cancer Support event. This time its the 12 day Escape to Africa challenge View route at http://maps.google.co.uk/maps/ms?ie=UTF8hl=enmsa=0msid=203779866436035016780.00049e867720273b73c39z=8 Please sponsor me at http://www.justgiving.com/Alex-Sharaz
Re: [squid-users] getting assertion failed: CommCalls.h:165: dp squid 3.2.0.14
On 20/12/2011 2:27 a.m., Alex Sharaz wrote: Chaps, Getting the following on squid 3.2.0.14 systems Shutdown: NTLM authentication. 2011/12/19 13:17:38 kid9| Shutdown: Negotiate authentication. 2011/12/19 13:17:38 kid9| Shutdown: Digest authentication. 2011/12/19 13:17:38 kid9| Shutdown: Basic authentication. 2011/12/19 13:18:09 kid9| Shutting down... 2011/12/19 13:18:09 kid9| assertion failed: CommCalls.h:165: dp FATAL: Received Segment Violation...dying. 2011/12/19 13:18:09 kid9| Not currently OK to rewrite swap log. 2011/12/19 13:18:09 kid9| storeDirWriteCleanLogs: Operation aborted. http://bugs.squid-cache.org/show_bug.cgi?id=3447 Amos
Re: [squid-users] getting assertion failed: mem.cc:205: MemPools[type] in squid 3.2.0.14
On 20/12/2011 2:28 a.m., Alex Sharaz wrote: Configuring Sibling wwwcache2-east.hull.ac.uk/3128/4827 2011/12/19 13:26:05 kid9| Configuring Sibling wwwcache1-west.hull.ac.uk/3128/4827 2011/12/19 13:26:05 kid9| Configuring Sibling slb-realsrv1-east.hull.ac.uk/3128/4827 2011/12/19 13:26:05 kid9| Configuring Sibling wwwcache3-west.hull.ac.uk/3128/4827 2011/12/19 13:26:20 kid9| assertion failed: mem.cc:205: MemPools[type] 2011/12/19 13:26:23 kid9| Starting Squid Cache version 3.2.0.14 for i686-pc-linux-gnu... Ensure you are building with clean sources (no objects from earlier builds, including the auto-tools config cache). Run configure again and rebuild. If the assert remains after that we will need to know your ./configure build options and the value of the variable type. Amos
Re: [squid-users] Squid with Kerberos auth
Amos, how can I check if the keep alive is really working? Another thing, is it normal behavior the cpu usage being hit 98% usage during one domain download page? Could it be just hardware limitation? If so, this is a very awkward situation because there's no severe load upon squid cause only I using it. Regards, Wladner 2011/12/14 Amos Jeffries squ...@treenet.co.nz: On Wed, 14 Dec 2011 13:22:38 -0200, Wladner Klimach wrote: Hello, i'm running squid with kerberos authentication. The problem is that it's runing too slow. Looks like squid is negotiating with AD every URL it tries to get. Anyone could point me a way out? A few things: * Double-check that you have connection persistence (keep-alive) operating on all connections (both client and server). * Ensure that your squid is as recent as you can use, we have had ongoing small fixes to improve persistence across all releases this past year. * Check that the auth packets are not failing over into NTLM or older protocols in apps which are supposed to be on Kerberos. * Maybe also check that DNS lookups Kerberos depends on for DC location are responding fast with reasonable TTL. Amos
[squid-users] integrating with wlc
Hi all, We have a Cisco WLC controlling our local wireless network, I would like it for squid to know which user is associated with the IP of the wireless client, so that I can implement user based restrictions/freedoms for our wireless network as well. So far my searches haven't turned up anything useful so I was wondering if anyone here had made that link in the past. We use the WLCs' built in web-auth (shows a webpage to the user where they need to authenticate), at the moment it authenticates against a Radius server. Thanks, Eli
[squid-users] After reloading squid3, takes about 2 minutes to serve pages?
Hi All. I just installed squid3 after running squid2.5 for a number of years. I find after reloading squid3 and trying to access the internet on a proxy client it takes about 2 minutes until pages load. For example, if I reload squid3 and try to access a page, such as www.tsn.ca it will try to load for a minute or 2 until it finally displays. I understand I shouldn't need to reload squid3 too much, but is there something I am missing to make this happen? I am not using it for cacheing just for monitoring/website control. Here is the log from when I was trying to access the mentioned site: 1324310991.377 2 192.168.70.97 TCP_DENIED/407 2868 GET http://www.tsn.ca/ - NONE/- text/html [Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-shockwave-flash, application/xaml+xml, application/vnd.ms-xpsdocument, application/x-ms-xbap, application/x-ms-application, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*\r\nAccept-Language: en-us\r\nUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; InfoPath.1)\r\nAccept-Encoding: gzip, deflate\r\nProxy-Connection: Keep-Alive\r\nHost: www.tsn.ca\r\nCookie: TSN=NameKey={ffc1186b-54bb-47ef-b072-097f5fafc5f2}; __utma=54771374.1383136889.1323806167.1324305925.1324309890.7; __utmz=54771374.1323806167.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(n one); __utmb=54771374.1.10.1324309890\r\n] [HTTP/1.0 407 Proxy Authentication Required\r\nServer: squid/3.0.STABLE19\r\nMime-Version: 1.0\r\nDate: Mon, 19 Dec 2011 16:09:51 GMT\r\nContent-Type: text/html\r\nContent-Length: 2485\r\nX-Squid-Error: ERR_CACHE_ACCESS_DENIED 0\r\nProxy-Authenticate: NTLM\r\n\r] 1324310991.447 5 192.168.70.97 TCP_DENIED/407 3244 GET http://www.tsn.ca/ - NONE/- text/html [Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-shockwave-flash, application/xaml+xml, application/vnd.ms-xpsdocument, application/x-ms-xbap, application/x-ms-application, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*\r\nAccept-Language: en-us\r\nUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; InfoPath.1)\r\nAccept-Encoding: gzip, deflate\r\nProxy-Connection: Keep-Alive\r\nCookie: TSN=NameKey={ffc1186b-54bb-47ef-b072-097f5fafc5f2}; __utma=54771374.1383136889.1323806167.1324305925.1324309890.7; __utmz=54771374.1323806167.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(n one); __utmb=54771374.1.10.1324309890\r\nProxy-Authorization: NTLM TlRMTVNTUAABB4IIogAFASgKDw==\r\nHost: www.tsn.ca\r\n] [HTTP/1.0 407 Proxy Authentication Required\r\nServer: squid/3.0.STABLE19\r\nMime-Version: 1.0\r\nDate: Mon, 19 Dec 2011 16:09:51 GMT\r\nContent-Type: text/html\r\nContent-Length: 2583\r\nX-Squid-Error: ERR_CACHE_ACCESS_DENIED 0\r\nProxy-Authenticate: NTLM TlRMTVNTUAACEgASADAFgomid3FHZLqI7WsAAIoAigBCQwBPAE4A VgBFAEMAVABPAFIAAgASAEMATwBOAFYARQBDAFQATwBSAAEACgBTAFEAVQBJAEQABAAmAGEA cwBzAG8AYwBpAGEAdABlAGQAYgByAGEAbgBkAHMALgBjAGEAAwA0AHUAYgB1AG4AdAB1AC4A YQBzAHMAbwBjAGkAYQB0AGUAZABiAHIAYQBuAGQAcwAuAGMAYQAA\r\n\r]
Re: [squid-users] After reloading squid3, takes about 2 minutes to serve pages?
2011/12/19 Terry Dobbs tdo...@associatedbrands.com: Hi All. I just installed squid3 after running squid2.5 for a number of years. I find after reloading squid3 and trying to access the internet on a proxy client it takes about 2 minutes until pages load. For example, if I reload squid3 and try to access a page, such as www.tsn.ca it will try to load for a minute or 2 until it finally displays. I understand I shouldn't need to reload squid3 too much, but is there something I am missing to make this happen? I am not using it for cacheing just for monitoring/website control. Here is the log from when I was trying to access the mentioned site: Do you mean reload or restart? Squid3 has quite a long shutdown by default (30s iirc) during which it does not accept connections. The error below is proxy auth required, are you doing authentication? Could it be that it's taking a while to establish a connection with your authentication server? Good luck, Eli 1324310991.377 2 192.168.70.97 TCP_DENIED/407 2868 GET http://www.tsn.ca/ - NONE/- text/html [Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-shockwave-flash, application/xaml+xml, application/vnd.ms-xpsdocument, application/x-ms-xbap, application/x-ms-application, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*\r\nAccept-Language: en-us\r\nUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; InfoPath.1)\r\nAccept-Encoding: gzip, deflate\r\nProxy-Connection: Keep-Alive\r\nHost: www.tsn.ca\r\nCookie: TSN=NameKey={ffc1186b-54bb-47ef-b072-097f5fafc5f2}; __utma=54771374.1383136889.1323806167.1324305925.1324309890.7; __utmz=54771374.1323806167.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(n one); __utmb=54771374.1.10.1324309890\r\n] [HTTP/1.0 407 Proxy Authentication Required\r\nServer: squid/3.0.STABLE19\r\nMime-Version: 1.0\r\nDate: Mon, 19 Dec 2011 16:09:51 GMT\r\nContent-Type: text/html\r\nContent-Length: 2485\r\nX-Squid-Error: ERR_CACHE_ACCESS_DENIED 0\r\nProxy-Authenticate: NTLM\r\n\r] 1324310991.447 5 192.168.70.97 TCP_DENIED/407 3244 GET http://www.tsn.ca/ - NONE/- text/html [Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-shockwave-flash, application/xaml+xml, application/vnd.ms-xpsdocument, application/x-ms-xbap, application/x-ms-application, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*\r\nAccept-Language: en-us\r\nUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; InfoPath.1)\r\nAccept-Encoding: gzip, deflate\r\nProxy-Connection: Keep-Alive\r\nCookie: TSN=NameKey={ffc1186b-54bb-47ef-b072-097f5fafc5f2}; __utma=54771374.1383136889.1323806167.1324305925.1324309890.7; __utmz=54771374.1323806167.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(n one); __utmb=54771374.1.10.1324309890\r\nProxy-Authorization: NTLM TlRMTVNTUAABB4IIogAFASgKDw==\r\nHost: www.tsn.ca\r\n] [HTTP/1.0 407 Proxy Authentication Required\r\nServer: squid/3.0.STABLE19\r\nMime-Version: 1.0\r\nDate: Mon, 19 Dec 2011 16:09:51 GMT\r\nContent-Type: text/html\r\nContent-Length: 2583\r\nX-Squid-Error: ERR_CACHE_ACCESS_DENIED 0\r\nProxy-Authenticate: NTLM TlRMTVNTUAACEgASADAFgomid3FHZLqI7WsAAIoAigBCQwBPAE4A VgBFAEMAVABPAFIAAgASAEMATwBOAFYARQBDAFQATwBSAAEACgBTAFEAVQBJAEQABAAmAGEA cwBzAG8AYwBpAGEAdABlAGQAYgByAGEAbgBkAHMALgBjAGEAAwA0AHUAYgB1AG4AdAB1AC4A YQBzAHMAbwBjAGkAYQB0AGUAZABiAHIAYQBuAGQAcwAuAGMAYQAA\r\n\r]
Re: [squid-users] After reloading squid3, takes about 2 minutes to serve pages?
On 19/12/2011 19:12, Terry Dobbs wrote: it's an old issue from squid 3.1 to 3.2 there is nothing yet as far as i know that solves this issue. Regards Eliezer Hi All. I just installed squid3 after running squid2.5 for a number of years. I find after reloading squid3 and trying to access the internet on a proxy client it takes about 2 minutes until pages load. For example, if I reload squid3 and try to access a page, such as www.tsn.ca it will try to load for a minute or 2 until it finally displays. I understand I shouldn't need to reload squid3 too much, but is there something I am missing to make this happen? I am not using it for cacheing just for monitoring/website control. Here is the log from when I was trying to access the mentioned site: 1324310991.377 2 192.168.70.97 TCP_DENIED/407 2868 GET http://www.tsn.ca/ - NONE/- text/html [Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-shockwave-flash, application/xaml+xml, application/vnd.ms-xpsdocument, application/x-ms-xbap, application/x-ms-application, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*\r\nAccept-Language: en-us\r\nUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; InfoPath.1)\r\nAccept-Encoding: gzip, deflate\r\nProxy-Connection: Keep-Alive\r\nHost: www.tsn.ca\r\nCookie: TSN=NameKey={ffc1186b-54bb-47ef-b072-097f5fafc5f2}; __utma=54771374.1383136889.1323806167.1324305925.1324309890.7; __utmz=54771374.1323806167.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(n one); __utmb=54771374.1.10.1324309890\r\n] [HTTP/1.0 407 Proxy Authentication Required\r\nServer: squid/3.0.STABLE19\r\nMime-Version: 1.0\r\nDate: Mon, 19 Dec 2011 16:09:51 GMT\r\nContent-Type: text/html\r\nContent-Length: 2485\r\nX-Squid-Error: ERR_CACHE_ACCESS_DENIED 0\r\nProxy-Authenticate: NTLM\r\n\r] 1324310991.447 5 192.168.70.97 TCP_DENIED/407 3244 GET http://www.tsn.ca/ - NONE/- text/html [Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-shockwave-flash, application/xaml+xml, application/vnd.ms-xpsdocument, application/x-ms-xbap, application/x-ms-application, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*\r\nAccept-Language: en-us\r\nUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; InfoPath.1)\r\nAccept-Encoding: gzip, deflate\r\nProxy-Connection: Keep-Alive\r\nCookie: TSN=NameKey={ffc1186b-54bb-47ef-b072-097f5fafc5f2}; __utma=54771374.1383136889.1323806167.1324305925.1324309890.7; __utmz=54771374.1323806167.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(n one); __utmb=54771374.1.10.1324309890\r\nProxy-Authorization: NTLM TlRMTVNTUAABB4IIogAFASgKDw==\r\nHost: www.tsn.ca\r\n] [HTTP/1.0 407 Proxy Authentication Required\r\nServer: squid/3.0.STABLE19\r\nMime-Version: 1.0\r\nDate: Mon, 19 Dec 2011 16:09:51 GMT\r\nContent-Type: text/html\r\nContent-Length: 2583\r\nX-Squid-Error: ERR_CACHE_ACCESS_DENIED 0\r\nProxy-Authenticate: NTLM TlRMTVNTUAACEgASADAFgomid3FHZLqI7WsAAIoAigBCQwBPAE4A VgBFAEMAVABPAFIAAgASAEMATwBOAFYARQBDAFQATwBSAAEACgBTAFEAVQBJAEQABAAmAGEA cwBzAG8AYwBpAGEAdABlAGQAYgByAGEAbgBkAHMALgBjAGEAAwA0AHUAYgB1AG4AdAB1AC4A YQBzAHMAbwBjAGkAYQB0AGUAZABiAHIAYQBuAGQAcwAuAGMAYQAA\r\n\r]
Re: [squid-users] Squid with Kerberos auth
Look at this: Every 2.0s: lsof -i :3128 Mon Dec 19 16:38:22 2011 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME squid 20367 squid 12u IPv6 2474452 0t0 TCP trotsky.redecamara.camara.gov.br:squid-cainf-269642.redecamara.camara.gov.br:4225 (ESTABLISHED) squid 20367 squid 18u IPv6 2473286 0t0 TCP trotsky.redecamara.camara.gov.br:squid-cainf-269642.redecamara.camara.gov.br:4202 (ESTABLISHED) squid 20367 squid 22u IPv6 2474474 0t0 TCP trotsky.redecamara.camara.gov.br:squid-cainf-269642.redecamara.camara.gov.br:4229 (ESTABLISHED) squid 20367 squid 24u IPv6 2473304 0t0 TCP trotsky.redecamara.camara.gov.br:squid-cainf-269642.redecamara.camara.gov.br:4204 (ESTABLISHED) squid 20367 squid 28u IPv6 2473756 0t0 TCP trotsky.redecamara.camara.gov.br:squid-cainf-269642.redecamara.camara.gov.br:4210 (ESTABLISHED) squid 20367 squid 34u IPv6 2474462 0t0 TCP trotsky.redecamara.camara.gov.br:squid-cainf-269642.redecamara.camara.gov.br:4227 (ESTABLISHED) squid 20367 squid 38u IPv6 2474457 0t0 TCP trotsky.redecamara.camara.gov.br:squid-cainf-269642.redecamara.camara.gov.br:4226 (ESTABLISHED) squid 20367 squid 42u IPv6 2474467 0t0 TCP trotsky.redecamara.camara.gov.br:squid-cainf-269642.redecamara.camara.gov.br:4228 (ESTABLISHED) squid 20367 squid 44u IPv6 2474477 0t0 TCP trotsky.redecamara.camara.gov.br:squid-cainf-269642.redecamara.camara.gov.br:4230 (ESTABLISHED) squid 20367 squid 156u IPv6 2472223 0t0 TCP *:squid (LISTEN) Is only has IPV6 conection types. Is this a problem or point a possible bottleneck ? 2011/12/19 Wladner Klimach wlad...@gmail.com: Amos, how can I check if the keep alive is really working? Another thing, is it normal behavior the cpu usage being hit 98% usage during one domain download page? Could it be just hardware limitation? If so, this is a very awkward situation because there's no severe load upon squid cause only I using it. Regards, Wladner 2011/12/14 Amos Jeffries squ...@treenet.co.nz: On Wed, 14 Dec 2011 13:22:38 -0200, Wladner Klimach wrote: Hello, i'm running squid with kerberos authentication. The problem is that it's runing too slow. Looks like squid is negotiating with AD every URL it tries to get. Anyone could point me a way out? A few things: * Double-check that you have connection persistence (keep-alive) operating on all connections (both client and server). * Ensure that your squid is as recent as you can use, we have had ongoing small fixes to improve persistence across all releases this past year. * Check that the auth packets are not failing over into NTLM or older protocols in apps which are supposed to be on Kerberos. * Maybe also check that DNS lookups Kerberos depends on for DC location are responding fast with reasonable TTL. Amos
[squid-users] Re: Squid 3.1.x and authentification against AD Windows 2008R2
On 12/19/2011 9:00 AM, Josef Karliak wrote: Hi there, We may plan to active authorization for users to the internet against Windows AD, running on Windows server 2008R2. I'm running squid on opensuse 11.4 64-bit. I've found some how-to, many of them solve it by ntlm-auth (not in opensuse, but there is a similar named ntlm_smb_lm_auth for squid i suppose). Another choice is over ldap. What is better ? What are your expericiences or recomentations ? And - please - some step-by-step how-to ... May be this could be of any help? http://sichent.wordpress.com/2011/12/15/web-filtering-on-squid-3-with-quintolabs-content-security-1-4-and-windows-active-directory-integration-kerberos/ Best regards, sich
[squid-users] Tool for calculating the object-freshness
Hi I have found the following web-based tool to calculate the objects freshness: http://web.forret.com/tools/squid.asp If it's useful for others too, can a site-admin publish this url on squid-cache.org (perhaps 'Related Software')? Thanks and regards, Tom