Re: [squid-users] OpenSourceHowTo.org
> Hi Paul, > > Great Work! > > > - -- > > > With best regards and good wishes, > > Yours sincerely, > > Tek Bahadur Limbu > > (TAG/TDG Group) > Jwl Systems Department > > Worldlink Communications Pvt. Ltd. > > Jawalakhel, Nepal > > http://www.wlink.com.np > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.2.2 (FreeBSD) > > iD8DBQFGEgSDVrOl+eVhOvYRAvHsAJ90fVq9iW144qJU0nQCBp2lpWfqYgCgnaKr > sAx7z0cZEVxtSsvHM5S6MS4= > =mRi2 > -END PGP SIGNATURE- Thanks a lot, I appreciate the complement!
RE: [squid-users] OpenSourceHowTo.org
Thanks a lot, I appreciate the complement! > > Thanks to Mr.Paul Matthews for his great work! > > > Best regards, > > Simon Teh > Network and System Administrator > National Advanced IPv6 > Center of Excellence, > School of Computer Science, > Universiti Sains Malaysia > email:[EMAIL PROTECTED] > > > > -Original Message- > From: Tek Bahadur Limbu [mailto:[EMAIL PROTECTED] > Sent: Tuesday, April 03, 2007 4:39 PM > To: [EMAIL PROTECTED] > Cc: squid-users@squid-cache.org > Subject: Re: [squid-users] OpenSourceHowTo.org > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On Mon, 2 Apr 2007 21:43:43 +1000 (EST) > "Paul Matthews" <[EMAIL PROTECTED]> wrote: > >> hi everyone, i've setup a website so that users of open source server >> side >> software can come and look at instructional guides, how-to's, forums, >> wiki's and all sorts of other information about setting up software on >> Linux for both windows and Linux based networks. >> >> I am currently still working on it, adding new screen shots every day, >> hoping to double check a lot of my how-to's once the screen shots are >> added, re-write them to increase keyword density of my articles for >> better >> search engine results & once that is done i will hopefully be added >> streaming video of my how-to articles using either youtube embed code or >> revver embed code. >> >> http://www.opensourcehowto.org - OpenSourceHowTo.org >> >> http://www.opensourcehowto.org/how-to/openldap/setup-openldap.html - >> Setup >> OpenLDAP >> http://www.opensourcehowto.org/how-to/samba/openldap-lam-samba-as-pdc.html >> - OpenLDAP + LAM + Samba as PDC >> > http://www.opensourcehowto.org/how-to/squid/squid-with-ntlm-authentication.h > tml >> - NTLM authentication on squid >> > http://www.opensourcehowto.org/how-to/squid/squid-with-pam-authentication.ht > ml >> - Squid and PAM authentication >> http://www.opensourcehowto.org/how-to/openldap/openssl--openldap.html - >> OpenLDAP and OpenSSL on 636 >> > http://www.opensourcehowto.org/how-to/postfix/postfix-aliases-from-the-activ > e-directory-cn.html >> - Postfix aliases from the Active Directory CN >> http://www.opensourcehowto.org/how-to/fedora/vsftpd--openssl--net2ftp.html >> - vsftpd + OpenSSL + Net2FTP >> > http://www.opensourcehowto.org/how-to/squid/squid1-ntlm---dansguardian---squ > id2-cache.html >> - Squid1(ntlm) => Dansguardian => Squid2(cache) >> > http://www.opensourcehowto.org/how-to/squid/squid-with-pam-authentication--s > quish-download-manager.html >> - Squid, pam authentication & Squish download manager >> http://www.opensourcehowto.org/how-to/squid/squid-and-havp.html - Squid >> and HAVP (http anti virus proxy) >> http://www.opensourcehowto.org/how-to/privoxy/privoxy--squid.html - >> Privoxy & Squid >> > http://www.opensourcehowto.org/how-to/postfix/postfix--clamav--mailscanner-- > dovecot--ilohamail.html >> - Postfix + ClamAV + MailScanner + Dovercot >> > http://www.opensourcehowto.org/how-to/fedora/installing-squidguard-on-fedora > .html >> - Installing SquidGuard On Fedora >> > http://www.opensourcehowto.org/how-to/dansguardian/dansguardian-with-differe > nt-filter-groups.html >> - Dansguardian with different filter groups >> > http://www.opensourcehowto.org/how-to/apache/mambo--mysql--php--apache--ldap > .html >> - Mambo + MySql + PHP + Apache >> http://www.opensourcehowto.org/how-to/fedora/opendc-hub--dcplusplus.html >> - >> OpenDC HUB & DCplusplus >> > http://www.opensourcehowto.org/how-to/postfix/postfix--clamav--mailscanner-- > dovecot--ilohamail.html >> - Poptop VPN Server >> http://www.opensourcehowto.org/how-to/fedora/ddns-and-dhcp.html - DDNS >> using Bind9 and DHCP >> > http://www.opensourcehowto.org/how-to/dovecot/pop3-server-on-fedora-with-ilo > hamail.html >> - pop3 Server On Fedora with IlohaMail >> > http://www.opensourcehowto.org/how-to/ldap/linux-client-to-authenticate-agai > nst-ads-via-pam--ldap.html >> - LDAP linux client with OpenLDAP server >> > http://www.opensourcehowto.org/how-to/ldap/linux-client-to-authenticate-agai > nst-ads-via-pam--ldap.html >> - LDAP linux client with Active Directory Server >> > http://www.opensourcehowto.org/how-to/postfix/dovecot-imap--squirrel-mail--r > etrieve-user-data--active-directory--postfix.html >> - Dovecot, SquirrelMail, Retrieve User Data, Active Directory, Winbind, >> Postfix >> > http://www.opensourcehowto.org/how-to/openldap
[squid-users] OpenSourceHowTo.org
hi everyone, i've setup a website so that users of open source server side software can come and look at instructional guides, how-to's, forums, wiki's and all sorts of other information about setting up software on Linux for both windows and Linux based networks. I am currently still working on it, adding new screen shots every day, hoping to double check a lot of my how-to's once the screen shots are added, re-write them to increase keyword density of my articles for better search engine results & once that is done i will hopefully be added streaming video of my how-to articles using either youtube embed code or revver embed code. http://www.opensourcehowto.org - OpenSourceHowTo.org http://www.opensourcehowto.org/how-to/openldap/setup-openldap.html - Setup OpenLDAP http://www.opensourcehowto.org/how-to/samba/openldap-lam-samba-as-pdc.html - OpenLDAP + LAM + Samba as PDC http://www.opensourcehowto.org/how-to/squid/squid-with-ntlm-authentication.html - NTLM authentication on squid http://www.opensourcehowto.org/how-to/squid/squid-with-pam-authentication.html - Squid and PAM authentication http://www.opensourcehowto.org/how-to/openldap/openssl--openldap.html - OpenLDAP and OpenSSL on 636 http://www.opensourcehowto.org/how-to/postfix/postfix-aliases-from-the-active-directory-cn.html - Postfix aliases from the Active Directory CN http://www.opensourcehowto.org/how-to/fedora/vsftpd--openssl--net2ftp.html - vsftpd + OpenSSL + Net2FTP http://www.opensourcehowto.org/how-to/squid/squid1-ntlm---dansguardian---squid2-cache.html - Squid1(ntlm) => Dansguardian => Squid2(cache) http://www.opensourcehowto.org/how-to/squid/squid-with-pam-authentication--squish-download-manager.html - Squid, pam authentication & Squish download manager http://www.opensourcehowto.org/how-to/squid/squid-and-havp.html - Squid and HAVP (http anti virus proxy) http://www.opensourcehowto.org/how-to/privoxy/privoxy--squid.html - Privoxy & Squid http://www.opensourcehowto.org/how-to/postfix/postfix--clamav--mailscanner--dovecot--ilohamail.html - Postfix + ClamAV + MailScanner + Dovercot http://www.opensourcehowto.org/how-to/fedora/installing-squidguard-on-fedora.html - Installing SquidGuard On Fedora http://www.opensourcehowto.org/how-to/dansguardian/dansguardian-with-different-filter-groups.html - Dansguardian with different filter groups http://www.opensourcehowto.org/how-to/apache/mambo--mysql--php--apache--ldap.html - Mambo + MySql + PHP + Apache http://www.opensourcehowto.org/how-to/fedora/opendc-hub--dcplusplus.html - OpenDC HUB & DCplusplus http://www.opensourcehowto.org/how-to/postfix/postfix--clamav--mailscanner--dovecot--ilohamail.html - Poptop VPN Server http://www.opensourcehowto.org/how-to/fedora/ddns-and-dhcp.html - DDNS using Bind9 and DHCP http://www.opensourcehowto.org/how-to/dovecot/pop3-server-on-fedora-with-ilohamail.html - pop3 Server On Fedora with IlohaMail http://www.opensourcehowto.org/how-to/ldap/linux-client-to-authenticate-against-ads-via-pam--ldap.html - LDAP linux client with OpenLDAP server http://www.opensourcehowto.org/how-to/ldap/linux-client-to-authenticate-against-ads-via-pam--ldap.html - LDAP linux client with Active Directory Server http://www.opensourcehowto.org/how-to/postfix/dovecot-imap--squirrel-mail--retrieve-user-data--active-directory--postfix.html - Dovecot, SquirrelMail, Retrieve User Data, Active Directory, Winbind, Postfix http://www.opensourcehowto.org/how-to/openldap/openldap-master-slave-replication.html - OpenLDAP Replication http://www.opensourcehowto.org/how-to/winbind/authentication-against-active-directories-using-winbind-for-pop3.html - Authentication against Active Directories using winbind for pop3 http://www.opensourcehowto.org/how-to/samba/swat-samba-web-administration-tool.html - SWAT (Samba Web AdministrationTool) http://www.opensourcehowto.org/how-to/postfix/openldap-and-postfix.html - OpenLDAP and postfix http://www.opensourcehowto.org/how-to/openldap/phpldapadmin--openldap.html - phpldapadmin and openldap http://www.opensourcehowto.org/how-to/fedora/xrdp--fedora-core-3.html - xrdp installation from source http://www.opensourcehowto.org/how-to/squid/personalized-denial-page-for-squid.html - Personalized Denial page for squid http://www.opensourcehowto.org/how-to/apache/setup-apache2-with-access-to-home-directories.html - Samba Primary Domain Controller with Group Policies http://www.opensourcehowto.org/how-to/apache/setup-apache2-with-access-to-home-directories.html - Setup Apache 2 with Access to Home Directories http://www.opensourcehowto.org/how-to/apache/setup-apache2-with-openldap-authentication.html - Setup Apache 2 with OpenLDAP Authentication http://www.opensourcehowto.org/how-to/fedora/setup-virtual-ip-address-on-eth01.html - Setup Virtual IP address on eth0:1 http://www.opensourcehowto.org/how-to/apache/setup-apache2-with-openssl.html - Setup Apache 2 with OpenSSL http://www.opensourcehowto.org/how-to/apache/apache2-with-webdav--htpasswd-using-openssl-certs.html - Apa
RE: [squid-users] Squid authentication to a Samba domain controller
Glade to hear you have figured out your problem, but just encase anyone else trys tog et Squid working with NTLM authentication i've writtern a how-to for it on my website. Squid With NTLM authentication http://www.opensourcehowto.org/how-to/squid/squid-with-ntlm-authentication.html >> From: Kinkie [mailto:[EMAIL PROTECTED] >> Sent: Saturday, March 17, 2007 9:11 AM > >> On Sat, 2007-03-17 at 07:56 +0100, Lux wrote: >> > Hi all >> > >> > I'd like Squid to authenticate, possibly transparently with >> ntlm, to a Samba >> > Domain Controller. >> > I found, and used in other cases, plenty of documentation about >> doing this >> > but with a Windows domain, via winbindd and ntlm_auth. But this >> approach >> > seems not to be usable when the Squid box is also a Samba >> domain controller. >> > Any ideas? Pointers to docs are appreciated. >> >> It should work just the same. >> In what ways is your attempt failing? > > You're right. I simply forgot to join the Samba machine to the domain with > net rpc join, so ntlm_auth was failing. > I noticed that the command "wbinfo -u" gives "Error looking up domain > users" > on a Samba DC, whereas it returns the list of usernames when it is issued > on > a member server. I tried this on different Samba domain controllers too. > This led me to think that the Samba domain controller setup was going to > be > different at all. > Now I joined the machine to the domain, and ntlm_auth --username > xxx --password xxx is working good. Unfortunately I'm not able to try the > whole squid functionality with a real browser at the moment, but I think > it's likely to be ok now. > > Thank you. > Luigi > > -- OpenSourceHowTo.org [url]http://www.opensourcehowto.org/[/url] Wiki.OpenSourceHowTo.org [url]http://wiki.opensourcehowto.org/[/url] My ServerSetup Scripts [url]http://evilperson85.110mb.com[/url] Please Support OpenSourceHowTo.org [url]http://www.opensourcehowto.org/how-to/welcome/support-opensourcehowto.org.html[/url]
[squid-users] Sarg on my RHEL4 system with webmin I get this error
When i run Sarg on my RHEL4 system with webmin I get this error SARG: Records in file: 359211, reading: 82.12% SARG: Records in file: 359211, reading: 83.52% SARG: Records in file: 359211, reading: 84.91% SARG: Records in file: 359211, reading: 86.30% SARG: Records in file: 359211, reading: 87.69% SARG: Records in file: 359211, reading: 89.08% SARG: Records in file: 359211, reading: 90.48% SARG: Records in file: 359211, reading: 91.87% SARG: Records in file: 359211, reading: 93.26% SARG: Records in file: 359211, reading: 94.65% SARG: Records in file: 359211, reading: 96.04% SARG: Records in file: 359211, reading: 97.44% SARG: Records in file: 359211, reading: 98.83% sort: open failed: /tmp/sarg/omalleyj.log /tmp/sarg/omalleyj.unsort: No such file or directory SARG: (removetmp) Cannot open file: /tmp/sarg_tmp/2006Jul09-2006Jul12/general SARG: Records in file: 359211, reading: 100.00% .. Sarg failed! See the output above for details. Can anyone tell me why? what have I done wrong?
Re: [squid-users] squid and clamav
Well the two big ones are HAVP & dansguardain AV plugin. i've documented a HAVP installed on Fedora on mywebsite, it should convert over to debian without to much trouble http://www.yourhowto.org/content/view/14/9/ I've been meaning to update it, they have release a few new versions of HAVP after this document was writtern, but i'm sure the basics should work. > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > All People, > In this we last days I come among others reading documentations on the > configuration of squid with clamav softwares. Somebody has experience > with this type of service? Time of reply with many connections has > been good? E recommends some documentation in special? I am using > debian sarg 3.1. > > Debtor, > Márcio Luciano Donada > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.3 (FreeBSD) > > iD8DBQFEaN8NyJq2hZEymxcRAuJ5AJ9ZFy4b1r07wsYd4WQtcZb4Pj7LBwCcCyWR > X6HpzmZUXNRG8Q0MOwOoJT0= > =bExf > -END PGP SIGNATURE- > >
[squid-users] temporary authentication
okay, I currently have pam auth working with squid, what i want to do is setup a page say, http://authentication.domain.com that people inside my domain can go to and they authenticate to the proxy for there login session, or for like 3 hours or something so if they open up there internet browser in that time set they have already authenticated. any ideas ...? -- Paul Matthews I.T Trainee | The Cathedral School Ph (07) 47222 194 | Fax (07) 47222 111 PO Box 944 Aitkenvale Q 4814 E: [EMAIL PROTECTED] W: www.cathedral.qld.edu.au Anglican coeducation | Day and Boarding | Early Childhood to Year 12 Educating for life-long success *** IMPORTANT NOTICE REGARDING CONFIDENTIALITY This electronic email message is intended only for the addressee and may contain confidential information. If you are not the addressee, you are notified that any transmission, distribution or photocopying of this email is strictly prohibited. The confidentiality attached to this email is not waived, lost or destroyed by reasons of a mistaken delivery to you.
[squid-users] digest authentication squid
Hi there everyone, Just a quick question, whats the difference between digest authentication and basic authentication? -- Paul Matthews I.T Trainee | The Cathedral School Ph (07) 47222 194 | Fax (07) 47222 111 PO Box 944 Aitkenvale Q 4814 E: [EMAIL PROTECTED] W: www.cathedral.qld.edu.au Anglican coeducation | Day and Boarding | Early Childhood to Year 12 Educating for life-long success *** IMPORTANT NOTICE REGARDING CONFIDENTIALITY This electronic email message is intended only for the addressee and may contain confidential information. If you are not the addressee, you are notified that any transmission, distribution or photocopying of this email is strictly prohibited. The confidentiality attached to this email is not waived, lost or destroyed by reasons of a mistaken delivery to you.
Re: [squid-users] avg antivirus and squid-2.5.STABLE13 ntlm auth issue
This is something i have run into before, there is a setting in most programs that access the internet to set proxy, port, username, password, etc and in some cases that works, but another option is to add an exeption to the avg download site, i'm not sure what that is, when i ran squid with ntlm for a school with boarders, i had to look through the logs to find out what site the anti virus client was trying access.
Re: [squid-users] Traffic Management
you could try and used squish, i've got a how-to for it writtern on my website http://www.yourhowto.org/content/view/24/9/ > Hi All, > > Is it possible to get squid to manage traffic in terms of bandwidth, > > Either by restricting the total amount of bandwidth available to each IP > (as a default, not actually by knowing their IP) or globally to the > entire squid process. > > This could help prevent the Internet connection from becoming congested > during peak times. > > Many Thanks > > Rachel > >
[squid-users] deny_info, squid, NTLM auth ????
hi there, my setup at the moment is i have squid running with NTLM authencation on my squid proxy server and i'm trying to set it up so that when someone fails to authenicate they get redirected to my explaination website, i've looked into deny_info and the squid ACL's but i just can't seam to get the syntax right. for some reason whenever i make the ACL's look like this acl ntlm proxy_auth REQUIRED deny_info http://machine-hostname/failure NTLM http_access allow ntml and i go to use my browser via my proxy it just keeps redirecting me to that page? can someone help me out and show me the right way of setting it up so when my users fail to authenicate it takes them to the page http://machine-hostname/failure
[squid-users] transparent proxy squid PAM
hi there, i've read that squid wont run transparent proxy with any kind of authenitcation, but i was woundering, if squid was running on port 80 and there was no real redirect just users access the internet normally but happening to go to the port that the proxy i running on with NTLM authenitcation would that work?
FW: [squid-users] Squid with Anti-virus.
you could try HTTP ANTI VIRUS PROXY, H.A.V.P. there is a how-to for it at my website http://www.yourhowto.org it seams to be down at the moment ... but when it comes back up just search for 'havp'
[squid-users] squid multiple instances
hi there, http://www.yourhowto.org/content/view/22/9/ i've followed the above how-to step by step and i just can't get two instances fo squid running on the same machine. correct my if i'm wrong, but isn't it as easy as changing two lines in the squid.conf squid.conf http_port 3128 pid_filename /var/run/squid.pid squid-cache.conf http_port 3030 pid_filename /var/run/squid-cache.pid and then starting them by /usr/sbin/squid -f /etc/squid/squid-cache.conf /usr/sbin/squid-cache -f /etc/squid/squid.conf ??? it's been driving me batty all day.
[squid-users] Max downloadable file
hi there, i'm trying to set squid to only allow files smaller than 300 megs to be able to be downloaded. rather than get to 300 megs of a 700 meg file and then drop out i'd like it to be able to assess the size of the file and if it is to large use the deny_info function to redirect the users to a page explaining that the file there trying to download it too large. anyone know how to do this?
RE: [squid-users] need help with squid ACL's
Hi there everyone, Just an update on my current squish situation, I seam to have got everything installed and found all the configuration files and information I needed after a few days. But now my problem is getting it working, or at least figure out if it is working. I think the key is in the squid ACLs, Ive found the /etc/squid/squish.conf file Ive set the download limits to 2mgs in a day and Ive passed that easily passed that, but still I keep surfing with no worries so Ive looked at the squid.conf ACLs and they appear to not be working, they originally looked like this acl SQUISHLOC dst fedora.school.cathedral.qld.edu.au acl SQUISHED1 proxy_auth "/etc/squid/squished" acl SQUISHED2 ident "/etc/squid/squished" acl SQUISHED3 src"/etc/squid/squished" deny_info http://fedora.school.cathedral.qld.edu.au /squish/?squished& SQUISHED1 deny_info http://fedora.school.cathedral.qld.edu.au /squish/?squished& SQUISHED2 deny_info http://fedora.school.cathedral.qld.edu.au /squish/?squished& SQUISHED3 http_access allow SQUISHLOC http_access deny SQUISHED1 http_access deny SQUISHED2 http_access deny SQUISHED3 Now I use NTLM authentication, with two instances of squid and Dansguardian. (see how I have it setup here http://tlug.dnho.net/?q=node/174#comment-210 ) Ive changed it to reflect how I think it should look, something like this acl SQUISHLOC dst fedora.school.cathedral.qld.edu.au acl SQUISHED1 proxy_auth "/etc/squid/squished" acl SQUISHED3 src"/etc/squid/squished" deny_info http://fedora.school.cathedral.qld.edu.au/squish/?squished&; SQUISHED1 deny_info http://fedora.school.cathedral.qld.edu.au/squish/?squished&; SQUISHED3 http_access allow SQUISHLOC http_access deny SQUISHED1 http_access deny SQUISHED3 now my problem everytime I go to use the net, I get redirected to this deny_info website (and its not even there). The way I have setup squish is also shown on the above website http://tlug.dnho.net/?q=node/174#comment-212 ) this looks like a fantastic program and Ive been making posts all over the internet today from linuxquestions.org, fedoaforum.org & even to the company that made the program and the guy that wrote the program trying to get someone with some information on it and so far no such luck, if you can help me out in setting this up and understanding it Ill get a good how-to together for people to read about it and read about how to set it up. i've attached a screen shot of the problem i'm getting and in the '/etc/squid/squished/' file you see mentition above is nothing but the netmask '255.255.254.0'. I really do need some help, hopefully youll respond to this. <>
[squid-users] need help with squid ACL's
hi there, i've made a post about a program called squish and i'm in the middle of trying to get it all working and write a how-to for it seeing as there isn't one out there, but i'm having some problems. squish writes some ACL's and http_access rules into squid and there causing error's when i start squid. can someone explain to me what there talking doing so i can delete the ones i don't need and keep the ones i do need. /etc/squid/squid.conf # added by squish (begin) acl SQUISHLOC dst fedora.directory.server acl SQUISHED1 proxy_auth "/etc/squid/squished" acl SQUISHED2 ident "/etc/squid/squished" acl SQUISHED3 src"/etc/squid/squished" deny_info [url]http://fedora.directory.server[/url] /squish/?squished& SQUISHED1 deny_info [url]http://fedora.directory.server[/url] /squish/?squished& SQUISHED2 deny_info [url]http://fedora.directory.server[/url] /squish/?squished& SQUISHED3 http_access allow SQUISHLOC http_access deny SQUISHED1 http_access deny SQUISHED2 http_access deny SQUISHED3 # added by squish (end) also the rules like this [url]http://fedora.directory.server[/url] /squish/?squished& SQUISHED1 they are on seperate lines, should they be on the same line like below [url]http://fedora.directory.server/squish/?squished&[/url] QUISHED1 ?? these are the error's i get when restarting [EMAIL PROTECTED] squish-0.0.12]# /etc/init.d/squid restart Stopping squid: 2005/12/21 13:23:00| squid.conf line 1847: acl SQUISHED2 ident "/etc/squid/squished" 2005/12/21 13:23:00| aclParseAclLine: Invalid ACL type 'ident' 2005/12/21 13:23:00| squid.conf line 1849: deny_info [url]http://fedora.directory.server[/url] 2005/12/21 13:23:00| aclParseDenyInfoLine: deny_info line contains no ACL's, skipping 2005/12/21 13:23:00| parseConfigFile: line 1850 unrecognized: '/squish/?squished& SQUISHED1' 2005/12/21 13:23:00| squid.conf line 1851: deny_info [url]http://fedora.directory.server[/url] 2005/12/21 13:23:00| aclParseDenyInfoLine: deny_info line contains no ACL's, skipping 2005/12/21 13:23:00| parseConfigFile: line 1852 unrecognized: '/squish/?squished& SQUISHED2' 2005/12/21 13:23:00| squid.conf line 1853: deny_info [url]http://fedora.directory.server[/url] 2005/12/21 13:23:00| aclParseDenyInfoLine: deny_info line contains no ACL's, skipping 2005/12/21 13:23:00| parseConfigFile: line 1854 unrecognized: '/squish/?squished& SQUISHED3' 2005/12/21 13:23:00| squid.conf line 1857: http_access deny SQUISHED2 2005/12/21 13:23:00| aclParseAccessLine: ACL name 'SQUISHED2' not found. 2005/12/21 13:23:00| squid.conf line 1857: http_access deny SQUISHED2 2005/12/21 13:23:00| aclParseAccessLine: Access line contains no ACL's, skipping . [ OK ] Starting squid: . [ OK ]
[squid-users] change access denied squid page
Hi there, At the moment Ive setup my Squid1(NTLM) => Dansguardian => Squid2(cache) so it gets my Active directory usernames, now Ive installed squish that is monitoring my downloads, but unfortunately once you have passed your download the screen just comes up with the basic Cache Access Denied rather than being redirect to a website stating that youve passed your download limit. I was wondering if there was a way to make a personalize squid page?
RE: [squid-users] need help with writing a how-to
Well my problem was that I need to tell squid to use a different .pid file and logging file in the squid-cache.conf file. Here is the finished how-to if anyone's interested http://tlug.dnho.net/?q=node/174#comment-210 -Original Message- From: Mark Elsen [mailto:[EMAIL PROTECTED] Sent: Wednesday, 21 December 2005 12:52 To: Paul Matthews Cc: squid-users@squid-cache.org Subject: Re: [squid-users] need help with writing a how-to > hi there, > > I'm trying to run a second instance of squid at the moment but I'm not > having much luck, has anyone got a good how-to on what i need to do to > run two copies of squid? What I've done (it clearly isn't right is > attached as a text file). > > I'm trying to get my squid1(ntlm) => DG => squid2(cache) working, and so > far I've got a few questions one I've already sent to you about, but > if someone would have a look at this text document and tell me what I'm > doing wrong it'd be great. > > and just for some incentive, if i can get this working I'll post it on > my blog and then this mailing list can have a how-to that you can just > point people to that are asking about dansguardian, squid & NTLM. > > > Exactly; what´s the problem ? Which errors are seen; where..., and so on ? M.
[squid-users] anyone with any experience using squish?
Hi there, Ive just installed squish on my squid server machines and Im looking at limiting downloads for each of my users, although I have it kinda working there is VERY LITTLE documentation for it anywhere, I was wondering if anyone else on the list has used it before and can point me in the direction of some documentation or at least answer a few questions for me. 1. Can I get it to display usernames only, not ip address? 2. How can I set the download limit? 3. Is there a squish.conf or equivalent somewhere Im missing?
RE: [squid-users] how to disable caching in squid
Thats not the way I have it setup unfortunately. My cache peer for squid1 is Dansguardian and Dansguardian forwards it onto squid2. Will it work if I make Dansguardian 'proxy-only' seeing as it is then forwarding it onto squid2? I'd appreciate some help with anyone with experience in the Dansguardian NTLM with 2 squids get-around. -Original Message- From: Dieter Bloms [mailto:[EMAIL PROTECTED] Sent: Tuesday, 20 December 2005 5:30 To: squid-users@squid-cache.org Subject: Re: [squid-users] how to disable caching in squid Hi Paul, On Tue, Dec 20, Paul Matthews wrote: > just i'm working on getting squid1 ==> DG ==> squid2 and wondering, how > do i disable caching in squid1? it is documented in the configurationfile (section "cache_peer"): --snip-- #use 'proxy-only' to specify objects fetched #from this cache should not be saved locally. --snip-- when you use this option on squid1, it will not save any objects from squid2. -- Gruß Dieter -- I do not get viruses because I do not use MS software. If you use Outlook then please do not put my email address in your address-book so that WHEN you get a virus it won't use my address in the >From field.
[squid-users] need help with writing a how-to
hi there,
I'm trying to run a second instance of squid at the moment but I'm not
having much luck, has anyone got a good how-to on what i need to do to
run two copies of squid? What I've done (it clearly isn't right is
attached as a text file).
I'm trying to get my squid1(ntlm) => DG => squid2(cache) working, and so
far I've got a few questions one I've already sent to you about, but
if someone would have a look at this text document and tell me what I'm
doing wrong it'd be great.
and just for some incentive, if i can get this working I'll post it on
my blog and then this mailing list can have a how-to that you can just
point people to that are asking about dansguardian, squid & NTLM.
1. download webmin from http://www.webmin.com/download/
2. login into webming at http://webmin-server-ip-address:1
3. go to 'webmin' section, then to 'Webmin Configuration' & then choose 'Webmin
Modules', after that click on the 'Clone Module' button
4. Clone the 'squid proxy server' module and call it 'Squid Proxy Server Cache'
5. prepare the second instance of squid
cp /etc/squid/squid.conf /etc/squid/squid-cache.conf
cp /usr/sbin/squid /usr/sbin/squid-cache
mkdir /var/spool/squid-cache
mkdir /var/log/squid-cache
chown squid:squid /var/spool/squid-cache
chown squid:squid /var/log/squid-cache
6. now setup the second instance of squid, to to webmin again, then click on
the 'servers' section and once there go to the 'Squid Proxy Server Cache'
module and press the 'Module Config' link and fill in the details.
Full path to squid config file: /etc/squid/squid-cache.conf
Command to start squid: /usr/sbin/squid-cache -f
/etc/squid/squid-cache.conf
Command to stop squid: /usr/sbin/squid-cache -k shutdown
Command to apply changes: /usr/sbin/squid-cache -k reconfigure
Squid executable: /usr/sbin/squid-cache
Full path to PID file: /var/run/squid-cache.pid
Full path to squid cache directory: /var/spool/squid-cache
Full path to squid log directory: /var/log/squid-cache
7. download DansGuardian from http://www.dansguardian.com/download/
8. install DansGuardian
'rpm -ivh DansGuardian.rpm'
9. download the DansGuardian webmin module
sourceforge.net/projects/dgwebminmodule/
10. install DansGuardian webmin module, go to webmin, select the 'webmin' icon,
then go to 'Webmin Configuration' & then choose 'Webmin Modules' and choose
'install Module'
11. lets set the the instances of squid to run on different ports
'nano /etc/squid/squid.conf'
http_port 3128
'nano /etc/squid/squid-cache.conf'
http_port 3030
12. set the following information in your, '
/etc/dansguardian/dansguardian.conf' file
usernameidmethodproxyauth = on
filterip = 127.0.0.1
filterport = 8080
proxyip = 127.0.0.1
proxyport = 3030
13. Now it's time to setup NTLM authentication in the first squid. edit the
'/etc/squid/squid.conf' file
add the following lines
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 5
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
auth_param ntlm use_ntlm_negotiate off
auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
14. once the NTLM authentication programs have been set it's time to set the
http_acess & the acl rules
(in the acl's area)
acl ntlm proxy_auth REQUIRED
(in the http_access area)
http_acess allow localhost
http_access allow ntlm
make sure that the http_access rules are the first in the list.
15. now that the first squid server is set do use ntlm authentication it's time
to winbind to authenticate against Active Directory. stop both winbind and
samba services
'/etc/init.d/smb stop'
'/etc/init.d/winbind stop'
17. edit Kerberos files to have the right configuration
/etc/krb5.conf
[libdefaults]
default_realm = WINDOWS.SERVER.INT
[realms]
WINDOWS.SERVER.INT = {
kdc = mc1.windows.server.int
default_domain = WINDOWS.SERVER.INT
kpasswd_server = mc1.windows.server.int
admin_server = mc1.windows.server.int
}
[domain_realm]
.windows.server.int = WINDOWS.SERVER.INT
18. edit Samba files to have the right configuration
/etc/samba/smb.conf
workgroup = server
security = ads
realm = WINDOWS.SERVER.INT
encrypt passwords = yes
username map = /etc/samba/smbusers
winbind uid = 1-2
winbind gid = 1-2
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
19. now it's time to join the domain
'net ads join -U administrator -S mc1'
20. now it's time to start both winbind and samba services
'/etc/init.d/smb start'
'/etc/init.d/winbind start'
21. now hopefully all that went well, to test it out lets try this comand
'/usr/bin/wbinfo -g'
this should display all the groups in your active directory structure.
[squid-users] how to disable caching in squid
hi there, just i'm working on getting squid1 ==> DG ==> squid2 and wondering, how do i disable caching in squid1?
RE: [squid-users] NTLM auth kinda works depends on what type of auth is on top
The nearest I can figure is the NTLM authentication isn't working, and the basic is, can anyone think of a reason why the NTLM authentication wouldn't work? -Original Message----- From: Paul Matthews [mailto:[EMAIL PROTECTED] Sent: Monday, 19 December 2005 5:19 To: squid-users@squid-cache.org Subject: [squid-users] NTLM auth kinda works depends on what type of auth is on top Hi there, I know that this mailing list seams to get a lot of squid NTLM questions but I got one more. For some reason when I have the basic authentication on the top of the configuration file like so. # ntlm auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 5 auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 2 hour auth_param ntlm use_ntlm_negotiate on # basic auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic children 5 auth_param basic realm webserver realm auth_param basic credentialsttl 2 hour auth_param basic casesensitive off I can not authenticate against NTLM, the authentication box appears but no matter what password/username I put in it wont accept it. The authentication box also says, 'connecting to ip-address'. Wear as when I have it the other day around it kinda works. # basic auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic children 5 auth_param basic realm webserver realm auth_param basic credentialsttl 2 hour auth_param basic casesensitive off # ntlm auth_param ntlm program /usr/bin/ntlm_auth i-helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 5 auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 2 hour auth_param ntlm use_ntlm_negotiate on I can authenticate against basic, the authentication box appears but I enter a Active directory password/username and it accepts it. The authentication box also says, 'connecting to squid web caching proxy server'. Anyone have any idea's as to what's going on?
[squid-users] NTLM auth kinda works depends on what type of auth is on top
Hi there, I know that this mailing list seams to get a lot of squid NTLM questions but I got one more. For some reason when I have the basic authentication on the top of the configuration file like so. # ntlm auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 5 auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 2 hour auth_param ntlm use_ntlm_negotiate on # basic auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic children 5 auth_param basic realm webserver realm auth_param basic credentialsttl 2 hour auth_param basic casesensitive off I can not authenticate against NTLM, the authentication box appears but no matter what password/username I put in it wont accept it. The authentication box also says, connecting to ip-address. Wear as when I have it the other day around it kinda works. # basic auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic children 5 auth_param basic realm webserver realm auth_param basic credentialsttl 2 hour auth_param basic casesensitive off # ntlm auth_param ntlm program /usr/bin/ntlm_auth i-helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 5 auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 2 hour auth_param ntlm use_ntlm_negotiate on I can authenticate against basic, the authentication box appears but I enter a Active directory password/username and it accepts it. The authentication box also says, connecting to squid web caching proxy server. Anyone have any ideas as to whats going on?
[squid-users] download limits using squid
Hi there, Im looking for a way to limit the download usage of my users. What Im really looking for is a way to set a limit, for example each user can download 500 meg a month and once the month is up the users limit is reset and they can start downloading again. If they have passed there download limit I want every time they try and access the internet to redirect them to an internal webpage basically saying, youve passed your download limit. Does anyone know of any problems that would allow me to do this or anyway squid can do this?
RE: [squid-users] virus check for squid?
http://tlug.dnho.net/?q=node/174#comment-203 HAVP (HTTP anti-virus Proxy) -Original Message- From: Ralf Hildebrandt [mailto:[EMAIL PROTECTED] Sent: Tuesday, 13 December 2005 2:58 To: squid-users@squid-cache.org Subject: Re: [squid-users] virus check for squid? * Christian Ricardo dos Santos <[EMAIL PROTECTED]>: > There are some pay box that you can do this task for u. > > A 3 years the company where I work use a trend solution called Interscan > Viruswall --> http://www.trendmicro.com/download/product.asp?productid=13 DansGuardian also works well and doesn't cost anything -- Ralf Hildebrandt (i.A. des IT-Zentrums) [EMAIL PROTECTED] Charite - Universitätsmedizin BerlinTel. +49 (0)30-450 570-155 Gemeinsame Einrichtung von FU- und HU-BerlinFax. +49 (0)30-450 570-962 IT-Zentrum Standort CBF send no mail to [EMAIL PROTECTED]
RE: [squid-users] Dansguardian Squid NTLM
Just an update on this message I've got it running ... kinda I've got firebox beta installed on my machine and when I run it threw my squid proxy server with ntlm, it shows up with domain\username in my log files, but when I run IE with the same settings it shows up with a '-' in my log files? When I log onto a machine not attached to the domain and try an access my proxy server it doesn't ask for authentication. In my DansGuardian configuration file I have Usernameidmethodproxyauth = on And my squid ALC 's acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 563 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT acl ntlm_auth proxy_auth REQUIRED acl localnet src 192.168.0.0/255.255.254.0 my squid http_access rules http_access allow localhost http_access allow ntlm_auth NTLM authentication rules auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 5 auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 2 minute auth_param ntlm use_ntlm_negotiate on auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hour auth_param basic casesensitive off -----Original Message- From: Paul Matthews [mailto:[EMAIL PROTECTED] Sent: Friday, 14 October 2005 10:21 To: squid-users@squid-cache.org Subject: [squid-users] Dansguardian Squid NTLM Hi there I've got my RHEL 4 box to authenticate using NTLM. Now I want to run DansGuardian, I have edited in the '/etc/dansguardian/dansguardian.conf' file to say usernameidmethodproxyauth = on I have DansGuardian running on 8080 and squid on 3128. when I run IE via 3128 all is good, but when I run it via 8080 I get ' The page cannot be displayed' - ' Cannot find server or DNS Error Internet Explorer'?? Does anyone have a good setup, or how to guide or running these two programs together using NTLM? Do I need to change some ACL's to run squid/ntlm with squid? When I place the 'http_access allow localhost' before the 'http_access allow ntlm_auth' then DansGuardian works, but in the DansGuardian log file is does not log the domain\username.
[squid-users] Dansguardian Squid NTLM
Hi there I've got my RHEL 4 box to authenticate using NTLM. Now I want to run DansGuardian, I have edited in the '/etc/dansguardian/dansguardian.conf' file to say usernameidmethodproxyauth = on I have DansGuardian running on 8080 and squid on 3128. when I run IE via 3128 all is good, but when I run it via 8080 I get ' The page cannot be displayed' - ' Cannot find server or DNS Error Internet Explorer'?? Does anyone have a good setup, or how to guide or running these two programs together using NTLM? Do I need to change some ACL's to run squid/ntlm with squid? When I place the 'http_access allow localhost' before the 'http_access allow ntlm_auth' then DansGuardian works, but in the DansGuardian log file is does not log the domain\username.
[squid-users] Seamless bandwidth monitor
Im looking at setting up a certain megabit download limit on my users, Im currently using squid as my proxy server and I was wondering if there was any way of doing this seamlessly? Such as once a user has passed his/her limit when he visited the internet he is redirected to a web page explaining that he/her has surpassed there bandwidth for the month.
RE: [squid-users] winbind --with-winbind-auth-challenge
[EMAIL PROTECTED] /]# wbinfo -a mydomain\\myusername%mypassword plaintext password authentication succeeded challenge/response password authentication succeeded -Original Message- From: Henrik Nordstrom [mailto:[EMAIL PROTECTED] Sent: Thursday, 29 September 2005 4:47 To: Paul Matthews Cc: Squid Users Subject: RE: [squid-users] winbind --with-winbind-auth-challenge On Thu, 29 Sep 2005, Paul Matthews wrote: > What is step 6? I have the squid FAQ up > > http://www.squid-cache.org/Doc/FAQ/FAQ-23.html > > and I see 23 & 23.1 but I'm not sure what step your talking about, as far as > I can tell I've done everything. Squid FAQ 23.5 How do I use the Winbind authenticators? http://www.squid-cache.org/Doc/FAQ/FAQ-23.html#ss23.5> subsection "Test Samba's winbindd". Regards Henrik
RE: [squid-users] winbind --with-winbind-auth-challenge
What is step 6? I have the squid FAQ up http://www.squid-cache.org/Doc/FAQ/FAQ-23.html and I see 23 & 23.1 but I'm not sure what step your talking about, as far as I can tell I've done everything. -Original Message- From: Henrik Nordstrom [mailto:[EMAIL PROTECTED] Sent: Thursday, 29 September 2005 9:44 To: Paul Matthews Cc: squid-users@squid-cache.org Subject: RE: [squid-users] winbind --with-winbind-auth-challenge On Thu, 29 Sep 2005, Paul Matthews wrote: > I have checked everything like that, here is my previous post > > http://www.squid-cache.org/mail-archive/squid-users/200509/0463.html In this message you only verified the trust RPC (step 5 in the Squid FAQ om winbind), not actual authentication (step 6). Regards Henrik
RE: [squid-users] winbind --with-winbind-auth-challenge
I have checked everything like that, here is my previous post http://www.squid-cache.org/mail-archive/squid-users/200509/0463.html now I'm trying to look into something else, like maybe my samba is configured properly, it is just a basic RHEL install, if anyone has any idea's I'd like to hear them. -Original Message- From: Henrik Nordstrom [mailto:[EMAIL PROTECTED] Sent: Thursday, 29 September 2005 8:46 To: Paul Matthews Cc: squid-users@squid-cache.org Subject: Re: [squid-users] winbind --with-winbind-auth-challenge On Wed, 28 Sep 2005, Paul Matthews wrote: > > http://www.squid-cache.org/mail-archive/squid-dev/200206/0084.html > > it says i need to have '--with-winbind-auth-challenge' enabled on > samba, how do i know weather it is enabled or not. This thread is from June 2002 and applies to Samba-2.2.X. Samba-3.X always have this enabled. First thing is to verify your squid.conf "auth_param ntlm" settings, and that "squid -k parse" is happy with everything. Second is to verify that your Samba has properly joined the domain and can verify accounts. This is done using wbinfo. See the Squid FAQ on winbind for details. If both of the above is successful then please provide additional information on your squid.conf settings. Regards Henrik
[squid-users] winbind --with-winbind-auth-challenge
hi there, I'm having some trouble getting squid to authenticate against ADS with ntlm authentication. basically what happens is no matter what browser i use (IE or firefox) i get a popup authentication box. from what i understand about this, is it's doing basic authentication and not NTLM. so something must be wrong with the NTLM helper (i think so anyway) if anyone has any idea on this please help me out, but for the time being i think i have a solution but i have to find out weather it's right first and i don't know how to. one website i've found that might be my answer. http://www.squid-cache.org/mail-archive/squid-dev/200206/0084.html it says i need to have '--with-winbind-auth-challenge' enabled on samba, how do i know weather it is enabled or not. if it is not enabled can someone tell me how to enable it? i'm using RHEL samba-common-3.0.9-1.3E.3 squid-2.5.STABLE3-6.3E.14 this is the read out of the following command. ./usr/sbin/smbd -b Build environment: Built by: [EMAIL PROTECTED] Built on: Thu Mar 3 19:33:02 EST 2005 Built using: i386-redhat-linux-gcc Build host: Linux bugs.build.redhat.com 2.4.21-23.ELsmp #1 SMP Thu Oct 28 20:10:03 EDT 2004 i686 i686 i386 GNU/Linux SRCDIR: /usr/src/build/532911-i386/BUILD/samba-3.0.9/source BUILDDIR: /usr/src/build/532911-i386/BUILD/samba-3.0.9/source Paths: SBINDIR: /usr/sbin BINDIR: /usr/bin SWATDIR: /usr/share/swat CONFIGFILE: /etc/samba/smb.conf LOGFILEBASE: /var/log/samba LMHOSTSFILE: /etc/samba/lmhosts LIBDIR: /usr/lib/samba SHLIBEXT: so LOCKDIR: /var/cache/samba PIDDIR: /var/run SMB_PASSWD_FILE: /etc/samba/smbpasswd PRIVATE_DIR: /etc/samba System Headers: HAVE_SYS_ACL_H HAVE_SYS_CAPABILITY_H HAVE_SYS_CDEFS_H HAVE_SYS_FCNTL_H HAVE_SYS_IOCTL_H HAVE_SYS_IPC_H HAVE_SYS_MMAN_H HAVE_SYS_MOUNT_H HAVE_SYS_PARAM_H HAVE_SYS_QUOTA_H HAVE_SYS_RESOURCE_H HAVE_SYS_SELECT_H HAVE_SYS_SHM_H HAVE_SYS_SOCKET_H HAVE_SYS_STATFS_H HAVE_SYS_STATVFS_H HAVE_SYS_STAT_H HAVE_SYS_SYSCALL_H HAVE_SYS_SYSLOG_H HAVE_SYS_SYSMACROS_H HAVE_SYS_TIME_H HAVE_SYS_TYPES_H HAVE_SYS_UNISTD_H HAVE_SYS_VFS_H HAVE_SYS_WAIT_H HAVE_SYS_XATTR_H Headers: HAVE_ARPA_INET_H HAVE_ASM_TYPES_H HAVE_ATTR_XATTR_H HAVE_COM_ERR_H HAVE_CTYPE_H HAVE_DIRENT_H HAVE_DLFCN_H HAVE_EXECINFO_H HAVE_FCNTL_H HAVE_GLOB_H HAVE_GRP_H HAVE_GSSAPI_GSSAPI_GENERIC_H HAVE_GSSAPI_GSSAPI_H HAVE_INTTYPES_H HAVE_KRB5_H HAVE_LANGINFO_H HAVE_LASTLOG_H HAVE_LBER_H HAVE_LDAP_H HAVE_LIMITS_H HAVE_LOCALE_H HAVE_MEMORY_H HAVE_MNTENT_H HAVE_NETINET_IN_SYSTM_H HAVE_NETINET_IP_H HAVE_NETINET_TCP_H HAVE_NET_IF_H HAVE_NSS_H HAVE_POLL_H HAVE_READLINE_HISTORY_H HAVE_READLINE_READLINE_H HAVE_RPCSVC_NIS_H HAVE_RPCSVC_YPCLNT_H HAVE_RPCSVC_YP_PROT_H HAVE_RPC_RPC_H HAVE_SECURITY_PAM_APPL_H HAVE_SECURITY_PAM_MODULES_H HAVE_SECURITY__PAM_MACROS_H HAVE_SHADOW_H HAVE_STDARG_H HAVE_STDINT_H HAVE_STDLIB_H HAVE_STRINGS_H HAVE_STRING_H HAVE_STROPTS_H HAVE_SYSCALL_H HAVE_SYSLOG_H HAVE_TERMIOS_H HAVE_TERMIO_H HAVE_UNISTD_H HAVE_UTIME_H UTMP Options: HAVE_GETUTMPX HAVE_UTMPX_H HAVE_UTMP_H HAVE_UT_UT_ADDR HAVE_UT_UT_EXIT HAVE_UT_UT_HOST HAVE_UT_UT_ID HAVE_UT_UT_NAME HAVE_UT_UT_PID HAVE_UT_UT_TIME HAVE_UT_UT_TV HAVE_UT_UT_TYPE HAVE_UT_UT_USER PUTUTLINE_RETURNS_UTMP WITH_UTMP HAVE_* Defines: HAVE_ADDRTYPE_IN_KRB5_ADDRESS HAVE_AP_OPTS_USE_SUBKEY HAVE_ASPRINTF HAVE_ASPRINTF_DECL HAVE_ATEXIT HAVE_BACKTRACE_SYMBOLS HAVE_BER_SCANF HAVE_C99_VSNPRINTF HAVE_CHMOD HAVE_CHOWN HAVE_CHROOT HAVE_COMPILER_WILL_OPTIMIZE_OUT_FNS HAVE_CONNECT HAVE_CREAT64 HAVE_CRYPT HAVE_CUPS HAVE_DEVICE_MAJOR_FN HAVE_DEVICE_MINOR_FN HAVE_DIRENT_D_OFF HAVE_DLCLOSE HAVE_DLERROR HAVE_DLOPEN HAVE_DLSYM HAVE_DUP2 HAVE_ENDMNTENT HAVE_ENDNETGRENT HAVE_ERRNO_DECL HAVE_EXECL HAVE_EXPLICIT_LARGEFILE_SUPPORT HAVE_FCHMOD HAVE_FCHOWN HAVE_FCNTL_LOCK HAVE_FCVT HAVE_FGETXATTR HAVE_FLISTXATTR HAVE_FOPEN64 HAVE_FREMOVEXATTR HAVE_FSEEKO64 HAVE_FSETXATTR HAVE_FSTAT HAVE_FSTAT64 HAVE_FSYNC HAVE_FTELLO64 HAVE_FTRUNCATE HAVE_FTRUNCATE64 HAVE_FTRUNCATE_EXTEND HAVE_FUNCTION_MACRO HAVE_GETCWD HAVE_GETDIRENTRIES HAVE_GETGRENT HAVE_GETGRNAM HAVE_GETMNTENT HAVE_GETNETGRENT HAVE_GETRLIMIT HAVE_GETSPNAM HAVE_GETTIMEOFDAY_TZ HAVE_GETXATTR HAVE_GLOB HAVE_GRANTPT HAVE_GSSAPI HAVE_GSS_DISPLAY_STATUS HAVE_ICONV HAVE_IFACE_IFCONF HAVE_IMMEDIATE_STRUCTURES HAVE_INITGROUPS HAVE_INNETGR HAVE_KERNEL_CHANGE_NOTIFY HAVE_KERNEL_OPLOCKS_LINUX HAVE_KERNEL_SHARE_MODES HAVE_KRB5 HAVE_KRB5_AUTH_CON_SETUSERUSERKEY HAVE_KRB5_C_ENCTYPE_COMPARE HAVE_KRB5_ENCRYPT_BLOCK HAVE_KRB5_ENCRYPT_DATA HAVE_KRB5_FREE_DATA_CONTENTS HAVE_KRB5_FREE_KEYTAB_ENTRY_CONTENTS HAVE_KRB5_FREE_KTYPES HAVE_KRB5_FREE_UNPARSED_NAME HAVE_KRB5_GET_PERMITTED_ENCTYPES HAVE_KRB5_KEYBLOCK_IN_CREDS HAVE_KRB5_KEYTAB_ENTRY_KEY HAVE_KRB5_KT_FREE_ENTRY HAVE_KRB5_LOCATE_KDC HAVE_KRB5_MK_REQ_EXTENDED HAVE_KRB5_PRINCIPAL2SALT HAVE_KRB5_PRINC_COMPONENT HAVE_KRB5_SET_DEFAULT_TGS_KTYPES HAVE_KRB5_SET_REAL_TIME HAVE_KRB5_STRING_TO_KEY HAVE_KRB5_TKT_ENC_PART2 HAVE_KRB5_USE_ENCTYPE HAVE_KV5M_KEYTAB HAVE_LDAP HAVE_LDAP_DOMAIN2HOSTLIST HAVE_LDAP_INIT HAVE_LDAP_INITIALIZE HAVE_LDAP_SET
[squid-users] NTLM without username/password prompt
Yes, the wbinfo -u displays all users on the domain and wbinfo -g displays all groups on the domain. I was thinking that maybe there was an error with RHEL because like I said, I've set it up on fedora core 3 before with no problems. -Original Message- From: Paul Freeman [mailto:[EMAIL PROTECTED] Sent: Thursday, 22 September 2005 4:27 To: [EMAIL PROTECTED] Subject: RE: [squid-users] NTLM without username/password prompt Paul This may seem a silly suggestion but have you tried wbinfo -u and wbinfo -g to see if winbindd can get the users and groups from the authorization database? Regards Paul Freeman +++---+++---+++---+++---+++---+++---+++---+++---+++---+++---+++---+++ EML Consulting Services Pty LtdTelephone: +61 3 9836 1999 417-431 Canterbury RoadFacsimile: +61 3 9836 0517 SURREY HILLS, VICTORIA 3127Email: [EMAIL PROTECTED] +++---+++---+++---+++---+++---+++---+++---+++---+++---+++---+++---+++ > -Original Message- > From: Paul Matthews [mailto:[EMAIL PROTECTED] > Sent: Thursday, 22 September 2005 4:02 PM > To: 'David Gameau' > Cc: squid-users@squid-cache.org > Subject: RE: [squid-users] NTLM without username/password prompt > > > > I'm running > RHEL 4 > squid-2.5.STABLE3-6.3E.14 > samba-3.0.9-1.3E.3 > > yes, my winbind authenticator is running > > [EMAIL PROTECTED] /]# wbinfo -t > checking the trust secret via RPC calls succeeded > > [EMAIL PROTECTED] /]# ./etc/init.d/winbind restart > > Shutting down Winbind services:[ OK ] > Starting Winbind services: [ OK ] > > [EMAIL PROTECTED] /]# ./etc/init.d/winbind status > winbindd (pid 31246 31245) is running... > > when I try the command > > [EMAIL PROTECTED] /]# /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp > > It just hangs there ... doing nothing ... > > We use winbind to authenticate our mail users so most of the > winbind logs are filled with that information over and over > and over again > > [2005/09/21 09:58:39, 1] > nsswitch/winbindd_user.c:winbindd_getpwnam(161) > user 'fiona.gould' does not exist > [2005/09/21 09:58:39, 1] > nsswitch/winbindd_group.c:winbindd_getgroups(1032) > user 'postfix' does not exist > [2005/09/21 09:58:39, 1] > nsswitch/winbindd_user.c:winbindd_getpwnam(161) > user 'fiona.gould' does not exist > [2005/09/21 09:58:39, 1] > nsswitch/winbindd_user.c:winbindd_getpwnam(161) > user 'fiona.gould' does not exist > > > -Original Message- > From: David Gameau [mailto:[EMAIL PROTECTED] > Sent: Thursday, 22 September 2005 3:56 > To: [EMAIL PROTECTED] > Cc: squid-users@squid-cache.org > Subject: RE: [squid-users] NTLM without username/password prompt > > NTLMSSP doesn't really use username/password like > basic authentication, so you can't really confirm > it from the command line. > > The best you can do is: > # /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp > KK > > and that should give you back a 'TT Tl...AA' type response. > > What versions of Squid and Samba are you running? > Is the winbind authenticator running? > Is it logging any useful messages (normally in daemonlog)? > > David. > __ > > David Gameau > ISTS - Systems Infrastructure Group > University of South Australia > > email: [EMAIL PROTECTED] > phone: +61 8 302 3533 > fax:+61 8 302 5800 > > Disclaimer: "His brain sometimes stops working." - Chiyo, > Azumanga Daioh > > > > -Original Message- > > From: Paul Matthews [mailto:[EMAIL PROTECTED] > > Sent: Thursday, 22 September 2005 3:12 PM > > To: David Gameau > > Subject: RE: [squid-users] NTLM without username/password prompt > > > > I've stop, started, applied, restart squid about 300 times > > over the past 3 > > days, I've been working on this none stop and I can't seam to > > get anything. > > > > But here is something that I don't think looks right, if I do > > the basic > > authentication via command line it works. > > > > [EMAIL PROTECTED] /]# ./usr/bin/ntlm_auth > --helper-protocol=squid-2.5-basic > > username password OK > > > > [EMAIL PROTECTED] /]# ./usr/bin/ntlm_auth > --helper-protocol=squid-2.5-ntlmssp > > Username password > > [2005/09/22 15:39:43, 1] > > utils/ntlm_auth.c:manage_squid_ntlmssp_request(576) > > BH > > > > > > -Original Message- > > From: David Gameau [mailto:[EMAIL PROTECTED] > > Sent: Thursday, 22 September 2005 3:32 > > To:
RE: [squid-users] NTLM without username/password prompt
I'm running RHEL 4 squid-2.5.STABLE3-6.3E.14 samba-3.0.9-1.3E.3 yes, my winbind authenticator is running [EMAIL PROTECTED] /]# wbinfo -t checking the trust secret via RPC calls succeeded [EMAIL PROTECTED] /]# ./etc/init.d/winbind restart Shutting down Winbind services:[ OK ] Starting Winbind services: [ OK ] [EMAIL PROTECTED] /]# ./etc/init.d/winbind status winbindd (pid 31246 31245) is running... when I try the command [EMAIL PROTECTED] /]# /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp It just hangs there ... doing nothing ... We use winbind to authenticate our mail users so most of the winbind logs are filled with that information over and over and over again [2005/09/21 09:58:39, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(161) user 'fiona.gould' does not exist [2005/09/21 09:58:39, 1] nsswitch/winbindd_group.c:winbindd_getgroups(1032) user 'postfix' does not exist [2005/09/21 09:58:39, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(161) user 'fiona.gould' does not exist [2005/09/21 09:58:39, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(161) user 'fiona.gould' does not exist -Original Message- From: David Gameau [mailto:[EMAIL PROTECTED] Sent: Thursday, 22 September 2005 3:56 To: [EMAIL PROTECTED] Cc: squid-users@squid-cache.org Subject: RE: [squid-users] NTLM without username/password prompt NTLMSSP doesn't really use username/password like basic authentication, so you can't really confirm it from the command line. The best you can do is: # /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp KK and that should give you back a 'TT Tl...AA' type response. What versions of Squid and Samba are you running? Is the winbind authenticator running? Is it logging any useful messages (normally in daemonlog)? David. __ David Gameau ISTS - Systems Infrastructure Group University of South Australia email: [EMAIL PROTECTED] phone: +61 8 302 3533 fax:+61 8 302 5800 Disclaimer: "His brain sometimes stops working." - Chiyo, Azumanga Daioh > -Original Message- > From: Paul Matthews [mailto:[EMAIL PROTECTED] > Sent: Thursday, 22 September 2005 3:12 PM > To: David Gameau > Subject: RE: [squid-users] NTLM without username/password prompt > > I've stop, started, applied, restart squid about 300 times > over the past 3 > days, I've been working on this none stop and I can't seam to > get anything. > > But here is something that I don't think looks right, if I do > the basic > authentication via command line it works. > > [EMAIL PROTECTED] /]# ./usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic > username password > OK > > [EMAIL PROTECTED] /]# ./usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp > Username password > [2005/09/22 15:39:43, 1] > utils/ntlm_auth.c:manage_squid_ntlmssp_request(576) > BH > > > -Original Message- > From: David Gameau [mailto:[EMAIL PROTECTED] > Sent: Thursday, 22 September 2005 3:32 > To: [EMAIL PROTECTED] > Subject: RE: [squid-users] NTLM without username/password prompt > > Paul, > > Did you restart, or stop and start Squid? > I've noticed with the authenticators that a restart > doesn't seem to reset everything correctly. > > David. > __ > > David Gameau > ISTS - Systems Infrastructure Group > University of South Australia > > email: [EMAIL PROTECTED] > phone: +61 8 302 3533 > fax:+61 8 302 5800 > > Disclaimer: "His brain sometimes stops working." - Chiyo, > Azumanga Daioh > > > > -Original Message- > > From: Paul Matthews [mailto:[EMAIL PROTECTED] > > Sent: Thursday, 22 September 2005 2:41 PM > > To: David Gameau > > Subject: RE: [squid-users] NTLM without username/password prompt > > > > I tried to put the ntlm authentication on top of the basic > > and restart the > > squid service, but the same result. > > > > auth_param ntlm program /usr/bin/ntlm_auth > > --helper-protocol=squid-2.5-ntlmssp > > auth_param ntlm children 30 > > auth_param ntlm max_challenge_reuses 0 > > auth_param ntlm max_challenge_lifetime 2 minutes > > > > auth_param basic program /usr/bin/ntlm_auth > > --helper-protocol=squid-2.5-basic > > auth_param basic children 5 > > auth_param basic realm Squid proxy-caching web server > > auth_param basic credentialsttl 2 hours > > > > -Original Message- > > From: David Gameau [mailto:[EMAIL PROTECTED] > > Sent: Thursday, 22 September 2005 2:53 > > To: Paul Matthews; squid-users@squid-cache.org > > Subject: RE: [squid-users] NTLM without username/password
RE: [squid-users] NTLM without username/password prompt
I tried to put the ntlm authentication on top of the basic and restart the squid service, but the same result. auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 30 auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 2 minutes auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours I've stop, started, applied, restart squid about 300 times over the past 3 days, I've been working on this none stop and I can't seam to get anything. But here is something that I don't think looks right, if I do the basic authentication via command line it works. [EMAIL PROTECTED] /]# ./usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic username password OK [EMAIL PROTECTED] /]# ./usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp Username password [2005/09/22 15:39:43, 1] utils/ntlm_auth.c:manage_squid_ntlmssp_request(576) BH
[squid-users] NTLM without username/password prompt
Hi there, I've setup NTLM authentication on my fedora box a few times before and it all went off without a problem, seamless authentication, it was great. But now I'm trying to get it done on a RHEL 4 box and it's not going so well, I've got samba authenticating against my Active directory [EMAIL PROTECTED] /]# wbinfo -t checking the trust secret via RPC calls succeeded but when I use my MSIE browser when I'm logged into the domain I get a username/password prompt. I want it to be able to do it on the background, any suggestions? I've read just about everything there is to read on the net. Here is my what I have added to my squid.conf auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hour auth_param basic casesensitive off auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 30 auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 2 hour acl ntlm proxy_auth REQUIRED http_access allow ntlm I don't have one http_access rule and that's to allow the ntlm users threw. Any suggestions?
