AW: [squid-users] Re: Squid as Protocol changer
We can't use SSH because the "extreme" old system isn't able to support it. Extremly bad I know ! -Ursprüngliche Nachricht- Von: Adam Aube [mailto:[EMAIL PROTECTED] Gesendet: Dienstag, 18. Mai 2004 02:49 An: [EMAIL PROTECTED] Betreff: [squid-users] Re: Squid as Protocol changer Maurer Roland MKG-Bank wrote: > We want to use http over internet to look on an "telnet" UNIX host in our > firm. Squid does not support this. However, you can setup Squid's acls to permit the CONNECT method over port 23, then use a tool that tunnels through proxies using the CONNECT method to connect. Search Google for "tunnel proy CONNECT" for more info. I have to ask, though - why not just use SSH? Adam --- Diese Nachricht ist vertraulich und nur fuer die bezeichneten Empfaenger bestimmt. Wenn Sie nicht der vorgesehene Adressat dieser E-Mail oder dessen Vertreter sein sollten, so beachten Sie bitte, dass jede Form der Kenntnisnahme, Veroeffentlichung, Vervielfaeltigung oder Weitergabe des Inhalts dieser E-Mail unzulaessig ist. Wir bitten Sie, sich in diesem Fall mit dem Absender der E-Mail in Verbindung zu setzen. Wir weisen ausserdem darauf hin, dass E-Mails verloren gehen, veraendert oder verfaelscht werden koennen. Herkoemmliche E-Mails sind nicht gegen den Zugriff von Dritten geschuetzt und deshalb ist auch die Vertraulichkeit unter Umstaenden nicht gewahrt. Der Inhalt der E-Mail ist nur rechtsverbindlich, wenn er unsererseits durch einen Brief entsprechend bestaetigt wird. Sollte trotz der von uns verwendeten Virenschutz-Programme durch die Zusendung von E-Mails ein Virus in Ihre Systeme gelangen, so haften wir nicht fuer eventuell hieraus entstehende Schaeden. The information transmitted is confidential and intended only for the person or entity to which it is addressed. If you are not the intended addressee of this e-mail or his representative, please be aware that any kind of review, publication, reproduction or retransmission of the content of this e-mail is prohibited. In this case your are requested to contact the sender of the e-mail. Furthermore, we point out that e-mails may get lost, be changed or falsified. Normal e-mails are not protected against access by third parties and consequently their confidentiality may not be assured in certain circumstances. The content of this e-mail is only legally binding if it is confirmed by a letter from our side. Should any virus enter your systems in connection with this e-mail despite our use of antivirus software, we cannot be held liable for any possible damages. ---
[squid-users] Squid as Protocol changer
Hello, has anybody an idea to realize following situation. We want to use http over internet to look on an "telnet" UNIX host in our firm. Therefore we want use a squid as reverse proxy and protocol changer. Has anybody an idea if and how it works? Thanks for help RMA --- Diese Nachricht ist vertraulich und nur fuer die bezeichneten Empfaenger bestimmt. Wenn Sie nicht der vorgesehene Adressat dieser E-Mail oder dessen Vertreter sein sollten, so beachten Sie bitte, dass jede Form der Kenntnisnahme, Veroeffentlichung, Vervielfaeltigung oder Weitergabe des Inhalts dieser E-Mail unzulaessig ist. Wir bitten Sie, sich in diesem Fall mit dem Absender der E-Mail in Verbindung zu setzen. Wir weisen ausserdem darauf hin, dass E-Mails verloren gehen, veraendert oder verfaelscht werden koennen. Herkoemmliche E-Mails sind nicht gegen den Zugriff von Dritten geschuetzt und deshalb ist auch die Vertraulichkeit unter Umstaenden nicht gewahrt. Der Inhalt der E-Mail ist nur rechtsverbindlich, wenn er unsererseits durch einen Brief entsprechend bestaetigt wird. Sollte trotz der von uns verwendeten Virenschutz-Programme durch die Zusendung von E-Mails ein Virus in Ihre Systeme gelangen, so haften wir nicht fuer eventuell hieraus entstehende Schaeden. The information transmitted is confidential and intended only for the person or entity to which it is addressed. If you are not the intended addressee of this e-mail or his representative, please be aware that any kind of review, publication, reproduction or retransmission of the content of this e-mail is prohibited. In this case your are requested to contact the sender of the e-mail. Furthermore, we point out that e-mails may get lost, be changed or falsified. Normal e-mails are not protected against access by third parties and consequently their confidentiality may not be assured in certain circumstances. The content of this e-mail is only legally binding if it is confirmed by a letter from our side. Should any virus enter your systems in connection with this e-mail despite our use of antivirus software, we cannot be held liable for any possible damages. ---
[squid-users] Virus problem
Hey, we have a problem in the interaction between squid and the "parent" proxy finjan Surfing gate. The Surfing gate scans the http data for virus. The detection and the blocking of "test" viruses (www.eicar.com) works fine. The Squid proxy seems to try a second (direct) way the into the internet and load the blocked HTML Webpages directly into the cache. How must I configure the squid, so it will allways use the "parent proxy" ? R. Maurer --- Diese Nachricht ist vertraulich und nur fuer die bezeichneten Empfaenger bestimmt. Wenn Sie nicht der vorgesehene Adressat dieser E-Mail oder dessen Vertreter sein sollten, so beachten Sie bitte, dass jede Form der Kenntnisnahme, Veroeffentlichung, Vervielfaeltigung oder Weitergabe des Inhalts dieser E-Mail unzulaessig ist. Wir bitten Sie, sich in diesem Fall mit dem Absender der E-Mail in Verbindung zu setzen. Wir weisen ausserdem darauf hin, dass E-Mails verloren gehen, veraendert oder verfaelscht werden koennen. Herkoemmliche E-Mails sind nicht gegen den Zugriff von Dritten geschuetzt und deshalb ist auch die Vertraulichkeit unter Umstaenden nicht gewahrt. Der Inhalt der E-Mail ist nur rechtsverbindlich, wenn er unsererseits durch einen Brief entsprechend bestaetigt wird. Sollte trotz der von uns verwendeten Virenschutz-Programme durch die Zusendung von E-Mails ein Virus in Ihre Systeme gelangen, so haften wir nicht fuer eventuell hieraus entstehende Schaeden. The information transmitted is confidential and intended only for the person or entity to which it is addressed. If you are not the intended addressee of this e-mail or his representative, please be aware that any kind of review, publication, reproduction or retransmission of the content of this e-mail is prohibited. In this case your are requested to contact the sender of the e-mail. Furthermore, we point out that e-mails may get lost, be changed or falsified. Normal e-mails are not protected against access by third parties and consequently their confidentiality may not be assured in certain circumstances. The content of this e-mail is only legally binding if it is confirmed by a letter from our side. Should any virus enter your systems in connection with this e-mail despite our use of antivirus software, we cannot be held liable for any possible damages. ---
[squid-users] Download Time - Out with large files
Hy, I get timeouts from the clients by downloading large files (greater than 25 MB). Do naybody Know which parameter I must turn, to - get a longer Timeperiode to wait. - bypass the cache for a non - caching download. Thanks R. Maurer
[squid-users] ldap_auth
Hey, I have a problem wirth the ldap_auth We have two locations build up in the ldap tree ou=People,dc=location1,dc=firm,dc=de and ou=People,dc=location2,dc=firm,dc=de To authenticate ONE location it is easy.. /usr/sbin/squid_ldap_auth -b "ou=People,dc=location1,dc=firm,dc=de" -s "sub" -h 192.168.1.152 -u "uid" This is LDAP search works. But I can't authenticate anyone from location2. How can I do this ? When I cut the base to "dc=firm,dc=de" the LDAP search/bind is incorrect uid=test,dc=firm,dc=de This doesn't works ! How can I authenticate both ? Roland Maurer MKG Bank
AW: AW: [squid-users] squid_ldap_group
Thanks it works, but now I have a new problem. The squid is running and I remove someone out of the group and add someone new. This changes are not acvtice since I start the squid new. Are these informations cached ? Or do the squid read the group once at the start ? Roland Maurer -Ursprüngliche Nachricht- Von: Henrik Nordstrom [mailto:[EMAIL PROTECTED] Gesendet: Donnerstag, 20. November 2003 13:42 An: Maurer Roland MKG-Bank Cc: [EMAIL PROTECTED]; 'Henrik Nordstrom' Betreff: Re: AW: [squid-users] squid_ldap_group On Thu, 20 Nov 2003, Maurer Roland MKG-Bank wrote: > First question > When I try the squid_ldap_group in the command line, the programm is waiting > for input. > > Where can I find the form fpor the input > > ??? login group > Most times the LDAP is not contacted and the programs tells me, that the > answer is "ERR" Only if you did not give correct input. > I build up the call like > > squid_ldap_group -b "ou=Groups,dc=floersheim,dc=myfirm,dc=de" -f > "(&(objectClass=univentionGroup)(cn=internet*))" -F "(uid=%u)" -B > "ou=People,dc=floersheim,dc=myfirm,dc=de" -h 192.168.22.230 The group filter does not look correct.. there should be a %g in there somewhere for referencing the requested group name and a %u for the user login or DN (depending on if -F is used or not). > Where do I check if the user is in the group ? This is the job of the -f filter. The -f filter searches the LDAP directory for a matching group object where the user is listed as member. Before this the -F filter is responsible for translating the login entered in the browser into a DN suitable for LDAP group membership lookup. This option is usually identical to the -f flag of squid_ldap_auth so both programs locate the user in the same manner. Regards Henrik
AW: [squid-users] squid_ldap_group
I am sorry, but I don't understand your advise First question When I try the squid_ldap_group in the command line, the programm is waiting for input. Where can I find the form fpor the input ??? Most times the LDAP is not contacted and the programs tells me, that the answer is "ERR" Second question I build up the call like squid_ldap_group -b "ou=Groups,dc=floersheim,dc=myfirm,dc=de" -f "(&(objectClass=univentionGroup)(cn=internet*))" -F "(uid=%u)" -B "ou=People,dc=floersheim,dc=myfirm,dc=de" -h 192.168.22.230 Nothing happens on the LDAP only the ERR is shown! How do I have to structure the input ? Where do I check if the user is in the group ? R. Maurer -Ursprüngliche Nachricht- Von: Henrik Nordstrom [mailto:[EMAIL PROTECTED] Gesendet: Mittwoch, 19. November 2003 18:10 An: Maurer Roland MKG-Bank Cc: '[EMAIL PROTECTED]' Betreff: Re: [squid-users] squid_ldap_group On Wed, 19 Nov 2003, Maurer Roland MKG-Bank wrote: > uniqueMember: uid=rma,ou=People,dc=floersheim,dc=myfirm,dc=de > uniqueMember: uid=test,ou=People,dc=floersheim,dc=myfirm,dc=de > > The query in the squid _ldap_group is > > squid_ldap_group -b "ou=Groups,dc=floersheim,dc=myfirm,dc=de" -f > "(&(objectClass=univentionGroup)(cn=internet*)(uniqueMember=uid=%u))" -h > 192.168.22.230 You probably need to use the user search mode of the helper (-F flag) to first locate the users DN, then match this to the group. The uniqueMember attribute is using full DN values. > In the question I just want to select a "uid" out of the group. You might be able to do so by searching for "uid=%u,*", but if the group is large then first looking up the users DN is quite likely a lot faster for the LDAP server to process.. Regards Henrik
[squid-users] squid_ldap_group
Hello, I want to get an external ACL via squid_ldap_group. But I can not select an uniqueMember out of a Group. Whre is my error ? This is the LDAP Group # internetzugriff, Groups, floersheim.myfirm.de dn: cn=internetzugriff,ou=Groups,dc=floersheim,dc=myfirm,dc=de objectClass: top objectClass: posixGroup objectClass: univentionGroup cn: internetzugriff gidNumber: 7789 uniqueMember: uid=rma,ou=People,dc=floersheim,dc=myfirm,dc=de uniqueMember: uid=test,ou=People,dc=floersheim,dc=myfirm,dc=de The query in the squid _ldap_group is squid_ldap_group -b "ou=Groups,dc=floersheim,dc=myfirm,dc=de" -f "(&(objectClass=univentionGroup)(cn=internet*)(uniqueMember=uid=%u))" -h 192.168.22.230 In the question I just want to select a "uid" out of the group. In the Commandline I send test internetzugriff to the LDAP, but I just get ERR as an answer. Roland Maurer