[squid-users] Fwd: Problem with squid and Skype 3.5
I have a problem with the interaction between Squid 2.6 and Skype 3.5. The skype 3.5, reconnect the session skype each 2 or 3 hours. The configuration of the squid 2.6: acl NOCACHESKYPE url_regex .skype acl skype url_regex 0:443 1:443 2:443 3:443 4:443 5:443 6:443 7:443 8:443 9:443 cache deny NOCACHESKYPE cache deny skype always_direct allow skype Besides, i installed 3Proxy with sock and this problem persist. sincerely , Ing. Leandro Ferrari
[squid-users] Kill TCP Connection with Skype 3.5
Hello, i have a problem and i think that squid kill tcp connection with skype between 1 or 2 hours in some computer. I saw with tcpdump that squid send a packet TCP with flags [FIN/ACK] to the client. Somebody have the same problem? Sincerely Leandro Ferrari
[squid-users] Squid Kill TCP Connection
Hello, i have a problem and i think that squid kill tcp connection with skype between 1 or 2 hours in some computer. I saw with tcpdump that squid send a packet TCP with flags [FIN/ACK] to the client. Then, Skype reconnect the session again. My configuration is: Dansguardian + Squid 2.6 + Clamv Somebody have the same problem? Sincerely Leandro Ferrari
[squid-users] Squid with auth NTLM
I have configured squid 3.0 with NTLM, and this configuration in squid.conf is: auth_param ntlm program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 30 auth_param ntlm max_challenge_lifetime 2 minutes auth_param basic program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours When a test the ntlm auth, in the Explorer client with a user authenticate in Domain Controller Windows 2003, the explorer or firefox show popup of the basic auth. How to use the ntlm auth with an user of the domain group without auth basic? Sincerely, Leandro Ferrari
Re: [squid-users] Squid with auth NTLM
Hi, yes the command wbinfo -g and -u working perfectly. My configuration is:
krb5.conf:
...
[libdefaults]
default_realm = NEXTIT.LOCAL
dns_lookup_realm = yes
dns_lookup_kdc = yes
[realms]
NEXTIT.LOCAL = {
kdc = vm-ws2003.nextit.local:88
admin_server = vm-ws2003.nextit.local:749
default_domain = NEXTIT
}
[domain_realm]
.nextit.local = NEXTIT.LOCAL
nextit.local = NEXTIT.LOCAL
...
SMB.conf:
[global]
workgroup = NEXTIT
server string = Samba Server
password server = NameOfServer
encrypt passwords = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
realm = NEXTIT.LOCAL
idmap uid = 1-2
idmap gid = 1-2
template shell = /bin/false
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
client ntlmv2 auth = yes
Server Windows Active Directory is Windows 2003 Server
Client Windows is Windows XP
Sincerely
Leandro Ferrari
2007/12/17, Nick Duda <[EMAIL PROTECTED]>:
> Have you joined your box to the domain? What is your krb5.conf file? What is
> your smb.conf file? What is the status of something like wbinfo -g or -u ?
>
> I would troubleshoot your domain connectivity before you worry about squid.
>
>
> -Original Message-
> From: Amos Jeffries [mailto:[EMAIL PROTECTED]
> Sent: Mon 12/17/2007 7:33 PM
> To: Leandro Ferrrari
> Cc: squid-users@squid-cache.org
> Subject: Re: [squid-users] Squid with auth NTLM
>
> > I have configured squid 3.0 with NTLM, and this configuration in
> > squid.conf is:
> >
> > auth_param ntlm program /usr/local/bin/ntlm_auth
> > --helper-protocol=squid-2.5-ntlmssp
> > auth_param ntlm children 30
> > auth_param ntlm max_challenge_lifetime 2 minutes
> >
> > auth_param basic program /usr/local/bin/ntlm_auth
> > --helper-protocol=squid-2.5-basic
> > auth_param basic children 5
> > auth_param basic realm Squid proxy-caching web server
> > auth_param basic credentialsttl 2 hours
> >
> > When a test the ntlm auth, in the Explorer client with a user
> > authenticate in Domain Controller Windows 2003, the explorer or
> > firefox show popup of the basic auth.
> > How to use the ntlm auth with an user of the domain group without auth
> > basic?
>
> Remove the basic configuration to not use it.
> You NTLM is broken by the sound of it if its always falling back on basic.
> Although the login box does not necessarily mean basic is being used. It
> could just be that the browser has no working credentials for the user to
> login NTLM with.
>
>
> Amos
>
>
>
Re: [squid-users] Squid with auth NTLM
Squid -v:
Squid Cache: Version 3.0.STABLE1
configure options: '-prefix=/usr/local/squid'
'-exec-prefix=/usr/local/squid' '-enable-delay-pools'
'-enable-cache-digests' '-enable-poll' '-disable-ident-lookups'
'-enable-truncate' '-enable-removal-policies'
'--enable-follow-x-forwarded-for' '--enable-ssl'
'--enable-large-cache-file' '--enable-snmp' '--enable-auth=basic,ntlm'
'--enable-basic-auth-helpers=LDAP,MSNT,multi-domain-NTLM'
'--enable-digest-auth-helpers=password'
'--enable-external-acl-helpers=ip_user,ldap_group'
'--enable-removal-policies=heap,lru' '--enable-x-accelerator-vary'
'--enable-err-languages=Spanish'
'LDFLAGS=-L/usr/local/BerkeleyDB.4.2/lib'
2007/12/18, Nick Duda <[EMAIL PROTECTED]>:
> Whats your "squid -v"
>
>
>
> From: Leandro Ferrrari [mailto:[EMAIL PROTECTED]
> Sent: Tue 12/18/2007 5:43 AM
> To: Nick Duda
> Cc: Amos Jeffries; squid-users@squid-cache.org
> Subject: Re: [squid-users] Squid with auth NTLM
>
>
>
> Hi, yes the command wbinfo -g and -u working perfectly. My configuration is:
>
> krb5.conf:
> ...
> [libdefaults]
> default_realm = NEXTIT.LOCAL
> dns_lookup_realm = yes
> dns_lookup_kdc = yes
>
> [realms]
> NEXTIT.LOCAL = {
> kdc = vm-ws2003.nextit.local:88
> admin_server = vm-ws2003.nextit.local:749
> default_domain = NEXTIT
> }
>
> [domain_realm]
> .nextit.local = NEXTIT.LOCAL
> nextit.local = NEXTIT.LOCAL
> ...
>
> SMB.conf:
>
> [global]
> workgroup = NEXTIT
> server string = Samba Server
> password server = NameOfServer
> encrypt passwords = yes
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> realm = NEXTIT.LOCAL
>idmap uid = 1-2
>idmap gid = 1-2
>template shell = /bin/false
>winbind enum users = yes
>winbind enum groups = yes
>winbind use default domain = yes
>client ntlmv2 auth = yes
>
>
> Server Windows Active Directory is Windows 2003 Server
> Client Windows is Windows XP
>
> Sincerely
> Leandro Ferrari
>
>
>
>
> 2007/12/17, Nick Duda <[EMAIL PROTECTED]>:
> > Have you joined your box to the domain? What is your krb5.conf file? What
> > is your smb.conf file? What is the status of something like wbinfo -g or -u
> > ?
> >
> > I would troubleshoot your domain connectivity before you worry about squid.
> >
> >
> > -Original Message-
> > From: Amos Jeffries [mailto:[EMAIL PROTECTED]
> > Sent: Mon 12/17/2007 7:33 PM
> > To: Leandro Ferrrari
> > Cc: squid-users@squid-cache.org
> > Subject: Re: [squid-users] Squid with auth NTLM
> >
> > > I have configured squid 3.0 with NTLM, and this configuration in
> > > squid.conf is:
> > >
> > > auth_param ntlm program /usr/local/bin/ntlm_auth
> > > --helper-protocol=squid-2.5-ntlmssp
> > > auth_param ntlm children 30
> > > auth_param ntlm max_challenge_lifetime 2 minutes
> > >
> > > auth_param basic program /usr/local/bin/ntlm_auth
> > > --helper-protocol=squid-2.5-basic
> > > auth_param basic children 5
> > > auth_param basic realm Squid proxy-caching web server
> > > auth_param basic credentialsttl 2 hours
> > >
> > > When a test the ntlm auth, in the Explorer client with a user
> > > authenticate in Domain Controller Windows 2003, the explorer or
> > > firefox show popup of the basic auth.
> > > How to use the ntlm auth with an user of the domain group without auth
> > > basic?
> >
> > Remove the basic configuration to not use it.
> > You NTLM is broken by the sound of it if its always falling back on basic.
> > Although the login box does not necessarily mean basic is being used. It
> > could just be that the browser has no working credentials for the user to
> > login NTLM with.
> >
> >
> > Amos
> >
> >
> >
>
>
>
Re: [squid-users] Squid with auth NTLM
Thank, I am going to compile again, but this parameter
--enable-external-acl-helpers=wbinfo_group' with
'--enable-auth=ntlm,basic'
Sincerely,
Leandro Ferrari
2007/12/18, Nick Duda <[EMAIL PROTECTED]>:
> Wow lots of options...I cant speak for your external helper but i use
> '--enable-external-acl-helpers=wbinfo_group' with '--enable-auth=ntlm,basic'
> and it runs peachy
>
> - Nick
>
>
>
> From: Leandro Ferrrari [mailto:[EMAIL PROTECTED]
> Sent: Tue 12/18/2007 7:07 AM
> To: Nick Duda
> Cc: Amos Jeffries; squid-users@squid-cache.org
> Subject: Re: [squid-users] Squid with auth NTLM
>
>
>
> Squid -v:
>
> Squid Cache: Version 3.0.STABLE1
> configure options: '-prefix=/usr/local/squid'
> '-exec-prefix=/usr/local/squid' '-enable-delay-pools'
> '-enable-cache-digests' '-enable-poll' '-disable-ident-lookups'
> '-enable-truncate' '-enable-removal-policies'
> '--enable-follow-x-forwarded-for' '--enable-ssl'
> '--enable-large-cache-file' '--enable-snmp' '--enable-auth=basic,ntlm'
> '--enable-basic-auth-helpers=LDAP,MSNT,multi-domain-NTLM'
> '--enable-digest-auth-helpers=password'
> '--enable-external-acl-helpers=ip_user,ldap_group'
> '--enable-removal-policies=heap,lru' '--enable-x-accelerator-vary'
> '--enable-err-languages=Spanish'
> 'LDFLAGS=-L/usr/local/BerkeleyDB.4.2/lib'
>
> 2007/12/18, Nick Duda <[EMAIL PROTECTED]>:
> > Whats your "squid -v"
> >
> >
> >
> > From: Leandro Ferrrari [mailto:[EMAIL PROTECTED]
> > Sent: Tue 12/18/2007 5:43 AM
> > To: Nick Duda
> > Cc: Amos Jeffries; squid-users@squid-cache.org
> > Subject: Re: [squid-users] Squid with auth NTLM
> >
> >
> >
> > Hi, yes the command wbinfo -g and -u working perfectly. My configuration is:
> >
> > krb5.conf:
> > ...
> > [libdefaults]
> > default_realm = NEXTIT.LOCAL
> > dns_lookup_realm = yes
> > dns_lookup_kdc = yes
> >
> > [realms]
> > NEXTIT.LOCAL = {
> > kdc = vm-ws2003.nextit.local:88
> > admin_server = vm-ws2003.nextit.local:749
> > default_domain = NEXTIT
> > }
> >
> > [domain_realm]
> > .nextit.local = NEXTIT.LOCAL
> > nextit.local = NEXTIT.LOCAL
> > ...
> >
> > SMB.conf:
> >
> > [global]
> > workgroup = NEXTIT
> > server string = Samba Server
> > password server = NameOfServer
> > encrypt passwords = yes
> > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> > realm = NEXTIT.LOCAL
> >idmap uid = 1-2
> >idmap gid = 1-2
> >template shell = /bin/false
> >winbind enum users = yes
> >winbind enum groups = yes
> >winbind use default domain = yes
> >client ntlmv2 auth = yes
> >
> >
> > Server Windows Active Directory is Windows 2003 Server
> > Client Windows is Windows XP
> >
> > Sincerely
> > Leandro Ferrari
> >
> >
> >
> >
> > 2007/12/17, Nick Duda <[EMAIL PROTECTED]>:
> > > Have you joined your box to the domain? What is your krb5.conf file? What
> > > is your smb.conf file? What is the status of something like wbinfo -g or
> > > -u ?
> > >
> > > I would troubleshoot your domain connectivity before you worry about
> > > squid.
> > >
> > >
> > > -Original Message-
> > > From: Amos Jeffries [mailto:[EMAIL PROTECTED]
> > > Sent: Mon 12/17/2007 7:33 PM
> > > To: Leandro Ferrrari
> > > Cc: squid-users@squid-cache.org
> > > Subject: Re: [squid-users] Squid with auth NTLM
> > >
> > > > I have configured squid 3.0 with NTLM, and this configuration in
> > > > squid.conf is:
> > > >
> > > > auth_param ntlm program /usr/local/bin/ntlm_auth
> > > > --helper-protocol=squid-2.5-ntlmssp
> > > > auth_param ntlm children 30
> > > > auth_param ntlm max_challenge_lifetime 2 minutes
> > > >
> > > > auth_param basic program /usr/local/bin/ntlm_auth
> > > > --helper-protocol=squid-2.5-basic
> > > > auth_param basic children 5
> > > > auth_param basic realm Squid proxy-caching web server
> > > > auth_param basic credentialsttl 2 hours
> > > >
> > > > When a test the ntlm auth, in the Explorer client with a user
> > > > authenticate in Domain Controller Windows 2003, the explorer or
> > > > firefox show popup of the basic auth.
> > > > How to use the ntlm auth with an user of the domain group without auth
> > > > basic?
> > >
> > > Remove the basic configuration to not use it.
> > > You NTLM is broken by the sound of it if its always falling back on basic.
> > > Although the login box does not necessarily mean basic is being used. It
> > > could just be that the browser has no working credentials for the user to
> > > login NTLM with.
> > >
> > >
> > > Amos
> > >
> > >
> > >
> >
> >
> >
>
>
>
