Re: [squid-users] Question about squid-3.5-13849.patch
Hi, On 07-07-2015 11:05, Amos Jeffries wrote: On 8/07/2015 1:37 a.m., dweimer wrote: System is Running on FreeBSD 10.1-RELEASE-p14, using OpenSSL included in base FreeBSD. No, the change is automatic for all Squid built against an OpenSSL library that supports the library API option. If it is not working, then the library you are using probably does not support that option. AFAIK you need at least OpenSSL 0.9.8m for anything related to that vulnerability to be fixable. The latest 1.x libraries do not support the flag we use because they do the rejection internally without needing any help from Squid. Unfortunately this seems not to be the case. I have installed FreeBSD 10.1-RELEASE-p14 in a VM for testing. Running openssl version reports OpenSSL 1.0.1l-freebsd 15 Jan 2015. I was able to reproduce Dean's issue (renegotiation does not get disabled), but I was not able to fix it so far. For OpenSSL version comparison purposes, Debian wheezy (which the patch was able to harden) ships 1.0.1e. Debian jessie (which was already hardened out-of-the-box, without the patch) ships 1.0.1k. It is strange that FreeBSD's more recent OpenSSL version (1.0.1l) presents the issue. The SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS define exists in FreeBSD OpenSSL headers, the relevant code gets compiled in squid executable, SSL_CTX_set_info_callback runs, but *the ssl_info_cb callback is never called* (I tested by inserting a debug message inside the #if defined, just after SSL_CTX_set_info_callback, and another one at the beginning of the callback). Maybe we could try to adapt nginx's solution, but it does not seem to be trivial to do that in the current codebase https://github.com/nginx/nginx/commit/70bd187c4c386d82d6e4d180e0db84f361d1be02 Best regards, Paulo Matias ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] [PATCH] SSL: Add suport for EECDH and disable client-initiated renegotiation
Hi Amos, On 25-05-2015 10:46, Amos Jeffries wrote: Could you subscribe then please and post it (or the updated version after below). This has effects that I'd like our SSL devs to double check. Thank you for your thorough review. I will prepare the updated version and post to the squid-dev mailing list as soon as it is ready. Best regards, Paulo Matias ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
[squid-users] Squid + LDAP
Hi people I having troubles with my two server. Server A - PDC with SAMBA LDAP Works Fine. Server B - Squid without SAMBA LDAP. I need to autenticated all users that has web Access and is login on PDC but it's not working. The Server B tell me this: 2009/12/09 05:16:42| Reconfiguring Squid Cache (version 2.6.STABLE21)... 2009/12/09 05:16:42| FD 15 Closing HTTP connection 2009/12/09 05:16:42| FD 17 Closing ICP connection 2009/12/09 05:16:42| Initialising SSL. 2009/12/09 05:16:42| User-Agent logging is disabled. 2009/12/09 05:16:42| Referer logging is disabled. 2009/12/09 05:16:42| DNS Socket created at 0.0.0.0, port 43588, FD 8 2009/12/09 05:16:42| Adding nameserver 192.168.6.3 from /etc/resolv.conf 2009/12/09 05:16:42| helperOpenServers: Starting 5 'squid_ldap_auth' processes 2009/12/09 05:16:42| Accepting proxy HTTP connections at 0.0.0.0, port 3128, FD 15. 2009/12/09 05:16:42| Accepting ICP messages at 0.0.0.0, port 3130, FD 17. 2009/12/09 05:16:42| WCCP Disabled. 2009/12/09 05:16:42| Loaded Icons. 2009/12/09 05:16:42| Ready to serve requests. squid_ldap_auth: WARNING, could not bind to binddn 'Invalid DN syntax' squid_ldap_auth: WARNING, could not bind to binddn 'Invalid DN syntax' squid_ldap_auth: WARNING, could not bind to binddn 'Invalid DN syntax' the error is when i enter the user pass to web Access. Someone knows what is this ?? Regards.
[squid-users] Squid + LDAp
Hi people, I want to know how to configure a squid server with ldap. Someone can help me. Regards.
[squid-users] Re: Weird statistics from snmp
Thank you very much for your clarification guys. I'd love to help the squid developers to document this and what represents exactly each oid, but I'm afraid I don't have the needed knowledge to do this. Thanks again. Matias. Henrik Nordstrom wrote: mån 2009-09-21 klockan 10:27 +0200 skrev Matias: Hi, I'm monitoring the oids: 1.3.6.1.4.1.3495.1.4.1.3 (cacheHits) and 1.3.6.1.4.1.3495.1.4.1.6 (cacheMisses) Those two are squid.cacheNetwork.cacheIpCache.cacheIpHits and squid.cacheNetwork.cacheIpCache.cacheIpMisses What you are looking for are squid.cachePerf.cacheProtoStats.cacheProtoAggregateStats.cacheHttpHits .1.3.6.1.4.1.3495.1.3.2.1.2 and squid.cachePerf.cacheProtoStats.cacheProtoAggregateStats.cacheProtoClientHttpRequests .1.3.6.1.4.1.3495.1.3.2.1.1 there is no SNMP variable for the number of misses, but you can calculate it by substracting the hits from reqeusts. For some reason, the first one increases much more than the latter one. I'm watching the access_log, and most of the results are TCP_MISS. It should. You are looking into the IP cache where Squid internally caches DNS lookups. Regards Henrik
[squid-users] Weird statistics from snmp
Hi, I'm monitoring the oids: 1.3.6.1.4.1.3495.1.4.1.3 (cacheHits) and 1.3.6.1.4.1.3495.1.4.1.6 (cacheMisses) For some reason, the first one increases much more than the latter one. I'm watching the access_log, and most of the results are TCP_MISS. So, how must I interpret the fact that I'm seeing over snmp more HITS than MISSES? I must be missing something, but I don't know what. Thanks!
[squid-users] Re: Weird statistics from snmp
Amos Jeffries wrote: Matias wrote: Hi, I'm monitoring the oids: 1.3.6.1.4.1.3495.1.4.1.3 (cacheHits) and 1.3.6.1.4.1.3495.1.4.1.6 (cacheMisses) For some reason, the first one increases much more than the latter one. I'm watching the access_log, and most of the results are TCP_MISS. So, how must I interpret the fact that I'm seeing over snmp more HITS than MISSES? I must be missing something, but I don't know what. Thanks! What version of Squid? Amos # squid3 -v Squid Cache: Version 3.0.STABLE8 configure options: '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--libexecdir=${prefix}/lib/squid3' '--disable-maintainer-mode' '--disable-dependency-tracking' '--srcdir=.' '--datadir=/usr/share/squid3' '--sysconfdir=/etc/squid3' '--mandir=/usr/share/man' '--with-cppunit-basedir=/usr' '--enable-inline' '--enable-async-io=8' '--enable-storeio=ufs,aufs,coss,diskd,null' '--enable-removal-policies=lru,heap' '--enable-delay-pools' '--enable-cache-digests' '--enable-underscores' '--enable-icap-client' '--enable-follow-x-forwarded-for' '--enable-auth=basic,digest,ntlm' '--enable-basic-auth-helpers=LDAP,MSNT,NCSA,PAM,SASL,SMB,YP,getpwnam,multi-domain-NTLM' '--enable-ntlm-auth-helpers=SMB' '--enable-digest-auth-helpers=ldap,password' '--enable-external-acl-helpers=ip_user,ldap_group,session,unix_group,wbinfo_group' '--with-filedescriptors=65536' '--with-default-user=proxy' '--enable-epoll' '--enable-linux-netfilter' 'build_alias=x86_64-linux-gnu' 'CC=cc' 'CFLAGS=-g -O2 -g -Wall -O2' 'LDFLAGS=' 'CPPFLAGS=' 'CXX=g++' 'CXXFLAGS=-g -O2 -g -Wall -O2' 'FFLAGS=-g -O2'
[squid-users] snmp oid explanation/description
Hi, Is there any place where I can get an explanation of what is the meaning of each of the SNMP oids provided by squid? Thanks a lot!
[squid-users] Re: snmp oid explanation/description
Amos Jeffries wrote: Matias wrote: Hi, Is there any place where I can get an explanation of what is the meaning of each of the SNMP oids provided by squid? Thanks a lot! The mib.txt installed to squid data directory I think. Wherever that is on your system. (maybe /usr/local/shared/squid/?) We have not gotten around to converting the MIB for each major release to a nice table yet, sorry. Loading the MIB into snmpwalk should apparently give you a textual representation of the OIDs. Amos Thanks, I though there was something else.But for the moment, this seems enough.
[squid-users] Re: snmp oid explanation/description
Matias wrote: Amos Jeffries wrote: Matias wrote: Hi, Is there any place where I can get an explanation of what is the meaning of each of the SNMP oids provided by squid? Thanks a lot! The mib.txt installed to squid data directory I think. Wherever that is on your system. (maybe /usr/local/shared/squid/?) We have not gotten around to converting the MIB for each major release to a nice table yet, sorry. Loading the MIB into snmpwalk should apparently give you a textual representation of the OIDs. Amos Thanks, I though there was something else.But for the moment, this seems enough. I've also find this: http://www.oidview.com/mibs/3495/SQUID-MIB.html Very useful for me.
[squid-users] How to tell if request is cached
Hi! How can I tell by reading the log files if a certain request is returned to the browser from cache or from the internet? Thanks!
Re: [squid-users] squid and http 1.0 VS. http 1.1
Have you tried unchecking on your browser configuration Use HTTP 1.1 when connecting thru proxy? About avoiding the proxy-cache for special sites, the only way I know is to put exceptions on the client browser config. You can do this with GPO also. On Fri, Nov 28, 2008 at 7:06 AM, Joar Jegleim [EMAIL PROTECTED] wrote: thnx for your reply Matus Matus UHLAR - fantomas wrote: On 27.11.08 15:02, Joar Jegleim wrote: I've been debugging a problem with a soap app (cognos planning) which brakes when being run through our squid 3.0 proxy . After tcpdumping the whole session and investigating with wireshark it seems to me that the following happens 1. client performs a 'GET' in HTTP 1.1 to the proxy 2. the proxy then performs this GET against the app server, but now it's in HTTP 1.0 Yes, because squid only supports HTTP/1.0 3. the app server replies in HTTP 1.1 which in turn squid The application is broken, because it must not answer in HTTP/1.1 for HTTP/1.0 request further investigation shows that a HTTP/1.1 request from the client is stopped at squid with a 411 error in access.log. This request never reaches the app server. I suspect the client using chunked encoding and squid replies with a 411 'try again with content length'. 2.: I thought by configuring squid to 'always_direct' sessions to the app server that squid is transparent in between the client and the app server. As of now it seems to me that, even with bypassing squid, squid fiddles with the HTTP version in the GET's being performed resulting in the application breaking. E.G. to make this work the application must be rewritten to support giving 'content length' in those GET's where squid gives a 411 you aren't bypassing squid with always_direct. the always_direct is SQUID directive not to use any parent proxies, but the squid is already processing the request. ok, but is there any directive in squid to just pass on requests without changing the original request ? regards Joar Jegleim
Re: [squid-users] NTLM Auth and not authenticated pages
Chris, Thanks, that pretty much cleared my doubt. On Wed, Nov 26, 2008 at 6:33 PM, Chris Robertson [EMAIL PROTECTED] wrote: Matias Chris wrote: Hello All, Im currently in the process of changing the way we authenticate users from LDAP to NTLMSSP. Now we are in test phase and while ntlm auth is working fine and allowing all users that are already logged to the AD Domain to access the web without asking for their credentials, Im seeing a lot of denied attempts at the log. Is like for every page visited I have now two log entries, one is denied, and the other one is allowed. That's due to the design of NTLM. See http://devel.squid-cache.org/ntlm/client_proxy_protocol.html Is there any way to tweak squid to avoid doing this? AD DC is on the same phisycal LAN. I suppose you could refrain from logging 407 responses... 1227614260.463 0 127.0.0.1 TCP_DENIED/407 2083 POST http://mail.google.com/a/matiaschris.com.ar/channel/bind? - NONE/- text/html 1227614261.218188 127.0.0.1 TCP_MISS/200 351 POST http://mail.google.com/a/matiaschris.com.ar/channel/bind? mchrist DIRECT/66.102.9.18 text/html Any help will be much appreciated. Thanks. Chris
Re: [squid-users] squid_ldap_auth and passwords in clear text
Henrik, I have tried LDAP authentication in the past and stop using it becouse of the passwords being sent in clear text. I read about TLS but then I would need my DC to be a CA and that is not feasible at the moment. So Im testing NTLMSSP now, but is not being very stable and also read that is not recommended for networks with more than 200 users. Is this the end of the road? Is there any other method Im missing to authenticate users against AD?Transparently? Thanks, On Tue, Nov 18, 2008 at 6:59 AM, Henrik Nordstrom [EMAIL PROTECTED] wrote: On fre, 2008-11-14 at 10:31 -0600, Johnson, S wrote: I just got the squid_ldap_auth working ok on my segment but when watching the protocol analyzer I see that the auth requests against the AD are coming in as clear text passwords. Is there anyway we can encrypt the ldap domain requests? By AD do you refer to Microsoft AD? In such case use NTLM authentication instead of LDAP. You can also TLS encrypt the LDAP communication, but this does not protect the credentials sent by browsers to Squid, just the communication squid-LDAP. Regards Henrik
[squid-users] NTLM Auth and not authenticated pages
Hello All, Im currently in the process of changing the way we authenticate users from LDAP to NTLMSSP. Now we are in test phase and while ntlm auth is working fine and allowing all users that are already logged to the AD Domain to access the web without asking for their credentials, Im seeing a lot of denied attempts at the log. Is like for every page visited I have now two log entries, one is denied, and the other one is allowed. Is there any way to tweak squid to avoid doing this? AD DC is on the same phisycal LAN. 1227614260.463 0 127.0.0.1 TCP_DENIED/407 2083 POST http://mail.google.com/a/matiaschris.com.ar/channel/bind? - NONE/- text/html 1227614261.218188 127.0.0.1 TCP_MISS/200 351 POST http://mail.google.com/a/matiaschris.com.ar/channel/bind? mchrist DIRECT/66.102.9.18 text/html Any help will be much appreciated. Thanks.
Re: [squid-users] Re: Squid Issues and Problems
We are affected by this problem, IWSS is telling: 2008/07/30 11:05:35 GMT-03:00 18297:19575 WARNING: X-TE trailers not found, ICAP client does NOT support trickling for this type of transaction When trying to download a large file. Is there any plan on making a modification on Squid for this to work? Or is something Trendmicro will need to modify? Thanks On Mon, Jul 7, 2008 at 2:07 PM, Henrik Nordstrom [EMAIL PROTECTED] wrote: It's Trend Micro way of telling the ICAP server (IWSS) that the ICAP client (the proxy) is capable of forwarding the response from the ICAP server before the entire object has been sent to the ICAP Server. Most others assume this by default without requiring the private X-TE: trailers header. The ICAP standard do not cover explicit how ICAP clients should behave in this regard. This is used by IWSS both for showing a download progress bar, and also in trickle mode where the data is slowly sent to the requestor while scanned for viruses. I do not know who proposed the X-TE: trailers name. It's a very odd name for the feature as it a) Does not have anything to do with transfer encoding (TE) b) Does not have anything to do with trailers. But with it being an X-* header it's free to mean anyting implementation specific, as long as everyone involved privately agrees on what the meaning actually is... Regards Henrik On mån, 2008-07-07 at 11:01 -0400, Jeremy Hall wrote: What do X-TE headers do? _J [EMAIL PROTECTED] 7/7/2008 5:28 AM Hi there all, Firstly many thanks for all your work on Squid thus far :) I have been testing Squid 3.0 since PRE6 in various configurations, and one of the more notable issues I have found is that when Squid is running in ICAP mode, coupled with Trend Micro IWSx (InterScan Web Security) - IWSx reports that Squid does not support the X-TE trailers for data trickling. The error is usually logged when dealing with video from CNN (at first I thought all flash video, but YouTube is unaffected) and downloading certain MS Hotfixes. There might be other triggers as well - but these seem to be the main ones. When I configure IWSx to use a different ICAP server - say NetCache or other, there is no issue or error logged and things work as expected. A quick search of the squid source provided no answers, however a search of the archives show that there was a patch for Squid 2.5 ICAP dealing with X-TE trailers: http://www.squid-cache.org/mail-archive/squid-dev/200311/att-0018/squid-icap -2_5-x-auth-user.diff http://www.squid-cache.org/~hno/changesets/squid/patches/7972.patch http://www.squid-cache.org/%7Ehno/changesets/squid/patches/7972.patch Looking at ICAPModXact.cc I can see that there are some similar references to the area's above, however most certainly the code is above my level of expertise to have a play around with to cobble something together. I was wondering if there were any plans to include support for X-TE trailers in this version? If you could let me know that would be greatly appreciated. Best Regards, Jerome http://websecurity.trendmicro.com/ Jerome Law | Solutions Architect, Regional Marketing EMEA Pacific House, Third Avenue, Globe Business Park, Marlow Buckinghamshire, SL7 1YL, United Kingdom Office: +44 (0) 1628 400586 | Mobile: +44 (0) 7979 99 33 77 http://feeds.feedburner.com/~r/Anti-MalwareBlog/~6/2 === TREND MICRO EMAIL NOTICE Trend Micro (UK) Limited, a Limited Liability Company. Registered in England No. 3698292. Registered Office: Pacific House, Third Avenue, Globe Business Park, Marlow, Bucks, SL7 1YL Telephone: +44 1628 400500 Facsimile: +44 1628 400511. The information contained in this email and any attachments is confidential and may be subject to copyright or other intellectual property protection. If you are not the intended recipient, you are not authorized to use or disclose this information, and we request that you notify us by reply mail or telephone and delete the original message from your mail system.
[squid-users] External ACL - LDAP Authentication
Hi there, this might be seen as offtopic but is part of our proxy solution, there is some silly problem Im stuck with... I need to authenticate users with LDAP against a group called Domain Users with the space in the middle. Is this possible? Im using squid_ldap_group scritp on the command line(for testing), if I try with a one-word group like Internet it gives me a OK, but if I try with Domain Users I allways receive an ERR even If i send the group between . Is there any way to authenticate against a group called with more than one word? Thanks!
[squid-users] Squid 3.0 STABLE2 LDAP Authentication Failing
Hi There, This is my first message to the list. I had been working with Squid for the last 3 months and until now I could do everything I wanted without help. Now I have a problem and so far could not resolve it by myself, hope someone here knows how to solve it.. I just upgraded from 2.6Stable5 to 3.0Stable2. I was authenticating users using LDAP, and this stopped working since I did the upgrade. If I take out all the related commands about LDAP from the config, the Squid runs OK. I tried manually to execute squid_ldap_group and is working fine also. The symptom is that the authentication popup never comes up, I just receive a Denied Access message. Here is what I have configured: auth_param basic program /usr/local/squid/libexec/squid_ldap_auth -d -v 3 -b dc=[host],dc=[domain],dc=com -D cn=squid,cn=users,dc=[host],dc=[domain],dc=com -w [password] -f sAMAccountName=%s -h Server_IP auth_param basic children 5 auth_param basic realm X auth_param basic credentialsttl 5 minutes external_acl_type busca_el_grupo %LOGIN /usr/local/squid/libexec/squid_ldap_group -v 3 -R -b dc=[host],dc=[domain],dc=com -D cn=squid,cn=users,dc=[host],dc=[domain],dc=com -w [password] -f ((objectclass=person)(sAMAccountName=%v)(memberof=CN=%a,CN=Users,dc=[host],dc=[domain],dc=com)) -h Server IP acl Internet external busca_el_grupo [group] acl ldap_auth proxy_auth REQUIRED http_access allow Internet http_access allow ldap_auth Debug (ALL,5): 2008/03/14 08:25:16.238| ACLChecklist::preCheck: 0xd44368 checking 'http_access allow Internet' 2008/03/14 08:25:16.239| ACLList::matches: checking Internet 2008/03/14 08:25:16.239| ACL::checklistMatches: checking 'Internet' 2008/03/14 08:25:16.239| authenticateValidateUser: Auth_user_request was NULL! 2008/03/14 08:25:16.239| authenticateAuthenticate: broken auth or no proxy_auth header. Requesting auth header. 2008/03/14 08:25:16.239| aclMatchAcl: returning 0 sending authentication challenge. 2008/03/14 08:25:16.239| aclMatchExternal: busca_el_grupo user not authenticated (0) 2008/03/14 08:25:16.239| ACL::ChecklistMatches: result for 'Internet' is 0 2008/03/14 08:25:16.239| ACLList::matches: result is false 2008/03/14 08:25:16.240| aclmatchAclList: 0xd44368 returning false (AND list entry failed to match) 2008/03/14 08:25:16.241| ACLChecklist::markFinished: 0xd44368 checklist processing finished 2008/03/14 08:25:16.241| aclmatchAclList: async=1 nodeMatched=0 async_in_progress=0 lastACLResult() = 0 finished() = 1 2008/03/14 08:25:16.241| ACLChecklist::check: 0xd44368 match found, calling back with 2 2008/03/14 08:25:16.241| ACLChecklist::checkCallback: 0xd44368 answer=2 2008/03/14 08:25:16.241| The request GET http://www.gmail.com/ is DENIED, because it matched 'Internet' 2008/03/14 08:25:16.241| Access Denied: http://www.gmail.com/ 2008/03/14 08:25:16.241| AclMatchedName = Internet 2008/03/14 08:25:16.241| Proxy Auth Message = null 2008/03/14 08:25:16.243| storeCreateEntry: 'http://www.gmail.com/' 2008/03/14 08:25:16.244| store.cc(366) new StoreEntry 0xbde8498 2008/03/14 08:25:16.244| MemObject.cc(76) new MemObject 0x9cf80ec 2008/03/14 08:25:16.246| storeKeyPrivate: GET http://www.gmail.com/ 2008/03/14 08:25:16.246| StoreEntry::hashInsert: Inserting Entry 0xbde8498 key '4701868D6A5B27EE086C4E1DA47B76D2' 2008/03/14 08:25:16.247| StoreEntry::setReleaseFlag: '4701868D6A5B27EE086C4E1DA47B76D2' 2008/03/14 08:25:16.247| Creating an error page for entry 0xb7de8498 with errorstate 0x9d97a98 page id 20 Any help will be much apreciated. Thanks in advance! Matias.
Re: [squid-users] question about filesystems and directories for cache.
Tony Dodd wrote: Matias Lopez Bergero wrote: Hello, snip I'm being reading the wiki and the mailing list to know, which is the best filesystem to use, for now I have chose ext3 based on comments on the list, also, I have passed the nodev,nosuid,noexec,noatime flags to fstab in order to get a security and faster performance. snip Hi Matias, I'd personally recommend against ext3, and point you towards reiserfs. ext3 is horribly slow for many small files being read/written at the same time. I'd also recommend maximizing your disk throughput, by splitting the raid, and having a cache-dir on each disk; though of course, you'll loose redundancy in the event of a disk failure. I wrote a howto that revolves around maximizing squid performance, take a look at it, you may find it helpful: http://blog.last.fm/2007/08/30/squid-optimization-guide Thank you I'll try that! Regards, Matías.
[squid-users] question about filesystems and directories for cache.
Hello, I'm installing a new squid server (I have a couple running already), but this is going to server as gateway for about 450 clients. I have a good piece of hardware for it, but I have just two hard discs RAID 1 mirrored. I'll like to get the best performance of this servers, and I think that the iowait would be the bottle neck of this setup. So, I'm looking forward to configure the system in the most optimums way... I'm being reading the wiki and the mailing list to know, which is the best filesystem to use, for now I have chose ext3 based on comments on the list, also, I have passed the nodev,nosuid,noexec,noatime flags to fstab in order to get a security and faster performance. I am not sure how to setup the caching directories what would be better to have one directory for store the cache, or have more than one... to use ufs, aufs or diskd. For now based on comments at the wiki, I have chose to have four directories using diskd. I would like to know, what you guys think about this, or if you have some comments or experience about this little tweaks to improve performance. Any comments are welcome, BR, Matías
[squid-users] Squid benchmarks
Hi! I'm looking for a way to make some basic benchmarks of squid. I'm mostly interested in see how many requests/second my squid setup is able to handle. ¿in wich order of magnitude those numbers should be? ¿How much requests a normal (out of the box?) installation of squid is able to handle with and without caching? Thanks a lot.
[squid-users] NTLM AUTH + SquidGuard
Hello: By one way,I have squid working ok with ntlm auth and squidguard, but in squidguard i have some other user in diferents subnets that are not in the ntlm group and can only access some urls. the problem is that the proxy keeps asking for the ntlm auth in this users. is there any way to jump the ntlm auth and allow users to access this few urls and keep the rest of the user validate via NTLM ? sorry for my english. thanks El contenido de este mail y cualquier archivo adjunto son confidenciales. Está dirigido solo a los destinatarios. Cualquier divulgación, distribucion o copia de esta comunicación o cualquiera de sus contenidos está prohibida. Si Ud. ha recibido este mail por error por favor reenvíelo al remitente inmediatamente, borre el original y cualquier copia que resida en su computadora.