[squid-users] Squid with auth Kerberos
Hi I use actually Squid with NTLM authentication, that work very good with XP We have tested our configuration with Windows 7, and authentication don't work. My config: Squid 3.0-Stable7 Winbind/Samba 3.2.0-1 conf: auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 25 auth_param ntlm keep_alive on auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic children 25 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours #external_acl_type AD_Group children=50 concurrency=50 %LOGIN /usr/lib/squid/wbinfo_group.pl external_acl_type AD_Group children=50 concurrency=50 ttl=1800 negative_ttl=900 %LOGIN /usr/lib/squid/wbinfo_group.pl I know that Windows 7 want a auth in Kerberos. What is the solution for add Kerberos auth at my squid for a compatibility ? I have tested with classic kerberos configuration, but now squid request the user/password Thanks Jerome
Re: [squid-users] Auth NTLM ?
Hi Jeff, Thanks for your answer, but why that's don't work ? My problems are not sent the auth received on the first server to the second, but know why Squid don't sent at the workstation the windows login/pass of the web site bye jerome Jeff Foster a écrit : I have tried this and it doesn't work. You can authenticate at the Squid server or pass the NTLM authentication on to the server, but you can't authenticate at both places. You would have to ask someone smarter then me why but I believe you are asking the client to authenticate twice and that just doesn't work. Jeff F -Original Message- From: Phibee Network Operation Center [mailto:n...@phibee.net] Sent: Wednesday, November 04, 2009 8:04 AM To: squid-users@squid-cache.org Subject: [squid-users] Auth NTLM ? Hi i have a small problems : My user use a NTLM authentification on my squid proxy, when he want going on a web site that request a authentification, he receive a Authentification Faild without a user/pass request if he don't put the proxy, the web site request the login/pass and that's work. Anyone have a idea why ? Does squid sent the l/p of the first ntlm auth at the second server automatiquely ? thanks Jerome *** The information in this e-mail is confidential and intended solely for the individual or entity to whom it is addressed. If you have received this e-mail in error please notify the sender by return e-mail delete this e-mail and refrain from any disclosure or action based on the information. ***
[squid-users] Auth NTLM ?
Hi i have a small problems : My user use a NTLM authentification on my squid proxy, when he want going on a web site that request a authentification, he receive a Authentification Faild without a user/pass request if he don't put the proxy, the web site request the login/pass and that's work. Anyone have a idea why ? Does squid sent the l/p of the first ntlm auth at the second server automatiquely ? thanks Jerome
[squid-users] Squid and FTP Upload
Hi i use squid for my user and i have a small problems: A user want access to a FTP server with IE. He use the url ftp://login:p...@domain.com He can see the ftp, see all files but if he want upload a file, he have a error msg that said: Your proxy are not configured for ... My squid don't are configurerd for relay the upload ? thanks jerome
Re: [squid-users] Squid/PDF
ok the bug are not resolved no ? Chris Woodfield a écrit : It's really a squid issue, not an Adobe issue, assuming that you're viewing the .pdf in-browser via the Reader plugin (as opposed to downloading, then opening)... http://www.squid-cache.org/bugs/show_bug.cgi?id=2639 The issue is that the Acrobat plugin requests multiple byte ranges of the document in a single HTTP request, and if those ranges are out-of-order or overlapping, squid sees the range argument as too complex and throws it out. This request is unorthodox, but legal per the HTTP spec, thus the bug report. -C On Jun 25, 2009, at 9:59 AM, Jeff Pang wrote: 2009/6/25 Phibee Network Operation Center n...@phibee.net Hi, We have a problem using squid(ntlm auth)/dansguardian/squid On a website when downloading a pdf file on a pc to save it on disk no problem at all. On the same website, pdf file with the same pc, and through the same proxy when choosing open instead of save the pdf file downloads, blocks at the end of the file and after 5 mins opens the pdf. On the same client/website/pdf but not using the proxy the pdf opens immediately... There are Acrobat's bugs on PDF openning through Squid. Amos may show the details. -- In this magical land, everywhere is in full bloom with flowers of evil. - Jeff Pang (CN)
[squid-users] Squid/PDF
Hi, We have a problem using squid(ntlm auth)/dansguardian/squid On a website when downloading a pdf file on a pc to save it on disk no problem at all. On the same website, pdf file with the same pc, and through the same proxy when choosing open instead of save the pdf file downloads, blocks at the end of the file and after 5 mins opens the pdf. On the same client/website/pdf but not using the proxy the pdf opens immediately... Here are some of the logs: 1245935049.238 73 10.34.40.178 TCP_MISS/206 3524 GET http://www.XX.XX/XX/document/manuel_candidat.PDF FIRST_UP_PARENT/127.0.0.1 application/pdf 1245935049.705 75 10.34.40.178 TCP_MISS/206 921 GET http://www.XX.XX/XX/document/manuel_candidat.PDF User_Login FIRST_UP_PARENT/127.0.0.1 application/pdf 1245935051.251 1795 10.34.40.178 TCP_MISS/206 178207 GET http://www.XX.XX/XX/document/manuel_candidat.PDF User_Login FIRST_UP_PARENT/127.0.0.1 multipart/byteranges 1245935127.445901 10.34.40.178 TCP_MISS/206 56706 GET http://www.XX.XX/XX/document/manuel_candidat.PDF User_Login FIRST_UP_PARENT/127.0.0.1 multipart/byteranges Any idea?
[squid-users] Problem Squid = Download start very long time
Hi I have a big problems with my Proxy Squid Server: I don't know why, when a user want download a PDF from a website, it's very very long to start (6/8 mn really) It's not for all site, only a lot of web site. If the user don't use the proxy, that work's very good. Anyone know this problems ? thanks jerome
Re: [squid-users] Problem Squid = Download start very long time
Jeff Pang a écrit : Phibee Network Operation Center: Hi I have a big problems with my Proxy Squid Server: I don't know why, when a user want download a PDF from a website, it's very very long to start (6/8 mn really) It's not for all site, only a lot of web site. How large is the pdf? You may consider to increase the values for maximum_object_size and maximum_object_size_in_memory in squid.conf. No ;=) 16Ko
[squid-users] Specific Cache Peer for a ACL ?
Hi i have a destination ACL on my squid, if i want a specific cac he-peers for this destination/acl, it's possible ? thanks
[squid-users] allowedURL don't work
Hi
i have a new problems with my Squid Server (NTLM AD)
My configuration:
auth_param ntlm program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 15
auth_param ntlm keep_alive on
auth_param basic program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-basic
auth_param basic children 15
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
#external_acl_type AD_Group children=50 concurrency=50 %LOGIN
/usr/lib/squid/wbinfo_group.pl
external_acl_type AD_Group children=50 concurrency=50 ttl=1800
negative_ttl=900 %LOGIN /usr/lib/squid/wbinfo_group.pl
cache_peer 127.0.0.1parent 80810 proxy-only no-query
weight=100 connect-timeout=5 login=*:password
## ACL des droits d'accès
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl Lan src 10.0.0.0/8 # RFC1918 possible internal network
acl Lan src 172.16.0.0/12 # RFC1918 possible internal network
acl Lan src 192.168.0.0/16 # RFC1918 possible internal network
##
## ACL pour les sites web consultable sans authentification
##
acl URL_Authorises dstdomain /etc/squid-ntlm/allowedURL
http_access allow URL_Authorises
##
acl SSL_ports port 443 563 1 1494 2598
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 563 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
#http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
##
# ACL pour definir les groupes AD autorisés a ce connecter
##
acl AllowedADUsers external AD_Group /etc/squid-ntlm/allowedntgroups
acl Winbind proxy_auth REQUIRED
##
##
# ACL pour les Droits d'accès d'apres l'Active Directory
##
# Droits d'accès d'apres l'Active Directory
http_access allow AllowedADUsers
http_access deny !AllowedADUsers
http_access deny !Winbind
##
http_access deny all
##
# Parametre Systeme
##
http_port 8080
hierarchy_stoplist cgi-bin ?
cache_mem 16 MB
#cache_dir ufs /var/spool/squid-ntlm 5000 16 256
cache_dir null /dev/null
#logformat squid %ts.%03tu %6tr %a %Ss/%03Hs %st %rm %ru %un %Sh/%A %mt
#logformat squidmime %ts.%03tu %6tr %a %Ss/%03Hs %st %rm %ru %un
%Sh/%A %mt [%h] [%h]
#logformat common %a %ui %un [%tl] %rm %ru HTTP/%rv %Hs %st %Ss:%Sh
logformat combined %a %ui %un [%tl] %rm %ru HTTP/%rv %Hs %st
%{Referer}h %{User-Agent}h %Ss:%Sh
access_log /var/log/squid-ntlm/access.log squid
cache_log /var/log/squid-ntlm/cache.log
cache_store_log /var/log/squid-ntlm/store.log
# emulate_httpd_log off
mime_table /etc/squid-ntlm/mime.conf
pid_filename /var/run/squid-ntlm.pid
# debug_options ALL,1
log_fqdn off
ftp_user pr...@gw.phibee.net
ftp_passive on
ftp_sanitycheck on
ftp_telnet_protocol on
refresh_pattern ^ftp: 144020% 10080
refresh_pattern ^gopher:14400% 1440
refresh_pattern (cgi-bin|\?)0 0% 0
refresh_pattern . 0 20% 4320
icp_port 3130
error_directory /usr/share/squid/errors/French
icp_access allow Lan
icp_access deny all
htcp_access allow Lan
htcp_access deny all
Into my allowedURL, i have:
pagesjaunes.fr
estat.com
societe.com
quidonc.fr
when i want access to www.pagejaunes.fr, he request a authentification
... i want no authentification
and no limitation of surf.
Anyone see where is my error ?
the correct synthaxe are pagesjaunes.fr or .pagesjaunes.fr for
*.pagesjaunes.fr ?
thanks
jerome
[squid-users] Squid and NTLM Error
Hi i have a lot of error into my cache.log of squid: 2009/03/16 07:44:47| WARNING: up to 149 pending requests queued 2009/03/16 07:44:47| Consider increasing the number of ntlmauthenticator processes to at least 184 in your config file. 2009/03/16 07:45:17| WARNING: All ntlmauthenticator processes are busy. 2009/03/16 07:45:17| WARNING: up to 156 pending requests queued 2009/03/16 07:45:17| Consider increasing the number of ntlmauthenticator processes to at least 191 in your config file. 2009/03/16 07:45:32| storeDirWriteCleanLogs: Starting... 2009/03/16 07:45:32| Finished. Wrote 0 entries. 2009/03/16 07:45:32| Took 0.0 seconds ( 0.0 entries/sec). FATAL: Too many queued ntlmauthenticator requests (176 on 35) Squid Cache (Version 2.6.STABLE1): Terminated abnormally. CPU Usage: 110.491 seconds = 56.740 user + 53.751 sys Maximum Resident Size: 0 KB Page faults with physical i/o: 0 Memory usage for squid via mallinfo(): total space in arena:9240 KB Ordinary blocks: 7030 KB243 blks Small blocks: 0 KB 0 blks Holding blocks: 224 KB 1 blks Free Small blocks: 0 KB Free Ordinary blocks:2209 KB Total in use:7254 KB 79% Total free: 2209 KB 24% I think's it's this config: auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 35 #auth_param ntlm use_ntlm_negotiate on #auth_param ntlm max_challenge_reuses 0 #auth_param ntlm max_challenge_lifetime 10 minutes auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic children 15 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours Correct ? What is the best configuration for NTLM ? Thanks jerome
[squid-users] NTLM Password Cache on Squid ?
Hi we have a small problems ... : - We use Squid with Windbind/NTLM auth - When we change a password on the Active Directory, squid don't see the change before a lot of hours ... he have a cache ? can i put a TTL ? thanks for your help jerome
[squid-users] squid 3.0 and wbinfo_group that don't work now ?
Hi i have updated my squid 2.X to 3.X. i use ntlm auth with this config: auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 15 auth_param ntlm keep_alive on auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic children 15 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours external_acl_type AD_Group children=50 concurrency=50 %LOGIN /usr/lib/squid/wbinfo_group.pl acl AllowedADUsers external AD_Group /etc/squid-ntlm/allowedntgroups acl Winbind proxy_auth REQUIRED http_access allow AllowedADUsers http_access deny !AllowedADUsers http_access deny !Winbind http_access deny all This configuration work on 2.X and when a user are not into the good AD group, he can't connect. On 3.X, he connect all time anyone have a idea of the problems ? thanks jerome
[squid-users] Squid 3 and SNMP
Hi I am search a solution fow use snmp with Squid 3.0 I want if it's possible to get : Nbr of user connected (i use NTLM) Nbr of hit/s and other with Nagios/Centreon graph anyone know the process ? thanks for your help Jerome
[squid-users] wbinfo_group.pl ?? return a error cannot run ..
Hi We have a problems with our new squid server, when we want add wbinfo_group.pl, he can't start it : 2008/10/14 06:07:39| Starting Squid Cache version 3.0.STABLE7 for i386-redhat-linux-gnu... 2008/10/14 06:07:39| Process ID 26104 2008/10/14 06:07:39| With 1024 file descriptors available 2008/10/14 06:07:39| DNS Socket created at 0.0.0.0, port 53027, FD 7 2008/10/14 06:07:39| Adding domain proxy.phibee.net from /etc/resolv.conf 2008/10/14 06:07:39| Adding nameserver 127.0.0.1 from /etc/resolv.conf 2008/10/14 06:07:39| helperStatefulOpenServers: Starting 15 'ntlm_auth' processes 2008/10/14 06:07:39| helperOpenServers: Starting 15 'ntlm_auth' processes 2008/10/14 06:07:39| helperOpenServers: Starting 5 'wbinfo_group.pl' processes 2008/10/14 06:07:39| WARNING: Cannot run '/usr/lib/squid/wbinfo_group.pl' process. 2008/10/14 06:07:39| WARNING: Cannot run '/usr/lib/squid/wbinfo_group.pl' process. 2008/10/14 06:07:39| WARNING: Cannot run '/usr/lib/squid/wbinfo_group.pl' process. 2008/10/14 06:07:39| WARNING: Cannot run '/usr/lib/squid/wbinfo_group.pl' process. 2008/10/14 06:07:39| WARNING: Cannot run '/usr/lib/squid/wbinfo_group.pl' process. 2008/10/14 06:07:39| User-Agent logging is disabled. 2008/10/14 06:07:39| Referer logging is disabled. 2008/10/14 06:07:39| Unlinkd pipe opened on FD 42 2008/10/14 06:07:39| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec 2008/10/14 06:07:39| Swap maxSize 512 KB, estimated 393846 objects 2008/10/14 06:07:39| Target number of buckets: 19692 2008/10/14 06:07:39| Using 32768 Store buckets 2008/10/14 06:07:39| Max Mem size: 16384 KB 2008/10/14 06:07:39| Max Swap size: 512 KB 2008/10/14 06:07:39| Version 1 of swap file with LFS support detected... 2008/10/14 06:07:39| Rebuilding storage in /var/spool/squid (CLEAN) 2008/10/14 06:07:39| Using Least Load store dir selection 2008/10/14 06:07:39| Current Directory is /etc 2008/10/14 06:07:39| Loaded Icons. 2008/10/14 06:07:39| Accepting HTTP connections at 0.0.0.0, port 8080, FD 44. 2008/10/14 06:07:39| Accepting ICP messages at 0.0.0.0, port 3130, FD 45. 2008/10/14 06:07:39| HTCP Disabled. 2008/10/14 06:07:39| Ready to serve requests. 2008/10/14 06:07:39| Done reading /var/spool/squid swaplog (1 entries) 2008/10/14 06:07:39| Finished rebuilding storage from disk. 2008/10/14 06:07:39| 1 Entries scanned 2008/10/14 06:07:39| 0 Invalid entries. 2008/10/14 06:07:39| 0 With invalid flags. 2008/10/14 06:07:39| 1 Objects loaded. 2008/10/14 06:07:39| 0 Objects expired. 2008/10/14 06:07:39| 0 Objects cancelled. 2008/10/14 06:07:39| 0 Duplicate URLs purged. 2008/10/14 06:07:39| 0 Swapfile clashes avoided. 2008/10/14 06:07:39| Took 0.02 seconds ( 48.57 objects/sec). 2008/10/14 06:07:39| Beginning Validation Procedure 2008/10/14 06:07:39| Completed Validation Procedure 2008/10/14 06:07:39| Validated 27 Entries 2008/10/14 06:07:39| store_swap_size = 12 2008/10/14 06:07:40| storeLateRelease: released 0 objects 2008/10/14 06:08:05| externalAclLookup: 'AD_Group' queue overload (ch=0xb9b05bd0) 2008/10/14 06:08:05| externalAclLookup: 'AD_Group' queue overload (ch=0xb9b05bd0) and now we have a: 2008/10/14 06:07:39| WARNING: Cannot run '/usr/lib/squid/wbinfo_group.pl' process. if i run it manually wbinfo_group.pl, it's good ... i run on Fedora 9 and my conf are: external_acl_type AD_Group %LOGIN /usr/lib/squid/wbinfo_group.pl Right of /usr/lib/squid/wbinfo_group.pl are squid.squid and all x Anyone know where is the probleme and where i can resolv it ? thanks for your help jerome
Re: [squid-users] Problems with ntlm authentification ? what change from 2.6 to 3.0 ?
Amos Jeffries a écrit : Phibee Network Operation Center wrote: Hi i use Squid with NTLM authentification on 2.6 version ... I have a new server and want run on Squid 3.0 but when i start the process, he shutdown and put into cache.log: 2008/10/13 06:39:33| Starting Squid Cache version 3.0.STABLE2 for i386-redhat-linux-gnu... STABLE2 was severely broken with all authentication. Please do not use under any circumstances. If possible please use the latest release (currently STABLE9) or if not possible at least STABLE7+. Amos Hi thanks for your answer, but no change with stable7 ;=) bye jerome
[squid-users] Problems with ntlm authentification ? what change from 2.6 to 3.0 ?
Hi i use Squid with NTLM authentification on 2.6 version ... I have a new server and want run on Squid 3.0 but when i start the process, he shutdown and put into cache.log: 2008/10/13 06:39:33| Starting Squid Cache version 3.0.STABLE2 for i386-redhat-linux-gnu... 2008/10/13 06:39:33| Process ID 32411 2008/10/13 06:39:33| With 1024 file descriptors available 2008/10/13 06:39:33| Performing DNS Tests... 2008/10/13 06:39:33| Successful DNS name lookup tests... 2008/10/13 06:39:33| DNS Socket created at 0.0.0.0, port 57903, FD 7 2008/10/13 06:39:33| Adding domain srv1-v2.sodiaal.ophelys.org from /etc/resolv.conf 2008/10/13 06:39:33| Adding nameserver 127.0.0.1 from /etc/resolv.conf 2008/10/13 06:39:33| helperStatefulOpenServers: Starting 15 'ntlm_auth' processes 2008/10/13 06:39:33| helperOpenServers: Starting 15 'ntlm_auth' processes 2008/10/13 06:39:33| User-Agent logging is disabled. 2008/10/13 06:39:33| Referer logging is disabled. 2008/10/13 06:39:33| Unlinkd pipe opened on FD 42 2008/10/13 06:39:33| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec 2008/10/13 06:39:33| Store logging disabled 2008/10/13 06:39:33| Swap maxSize 0 KB, estimated 0 objects 2008/10/13 06:39:33| Target number of buckets: 0 2008/10/13 06:39:33| Using 8192 Store buckets 2008/10/13 06:39:33| Max Mem size: 16384 KB 2008/10/13 06:39:33| Max Swap size: 0 KB 2008/10/13 06:39:33| Using Least Load store dir selection 2008/10/13 06:39:33| Set Current Directory to /var/spool/squid-ntlm 2008/10/13 06:39:33| Loaded Icons. 2008/10/13 06:39:33| Accepting HTTP connections at 0.0.0.0, port 8080, FD 40. 2008/10/13 06:39:33| HTCP Disabled. 2008/10/13 06:39:33| Accepting SNMP messages on port 3401, FD 41. 2008/10/13 06:39:33| Outgoing SNMP messages on port 3401, FD 43. 2008/10/13 06:39:33| Ready to serve requests. 2008/10/13 06:39:33| Finished rebuilding storage from disk. 2008/10/13 06:39:33| 0 Entries scanned 2008/10/13 06:39:33| 0 Invalid entries. 2008/10/13 06:39:33| 0 With invalid flags. 2008/10/13 06:39:33| 0 Objects loaded. 2008/10/13 06:39:33| 0 Objects expired. 2008/10/13 06:39:33| 0 Objects cancelled. 2008/10/13 06:39:33| 0 Duplicate URLs purged. 2008/10/13 06:39:33| 0 Swapfile clashes avoided. 2008/10/13 06:39:33| Took 0.01 seconds ( 0.00 objects/sec). 2008/10/13 06:39:33| Beginning Validation Procedure 2008/10/13 06:39:33| WARNING: ntlmauthenticator #1 (FD 8) exited 2008/10/13 06:39:33| WARNING: ntlmauthenticator #2 (FD 9) exited 2008/10/13 06:39:33| WARNING: ntlmauthenticator #3 (FD 10) exited 2008/10/13 06:39:33| WARNING: ntlmauthenticator #4 (FD 11) exited 2008/10/13 06:39:33| WARNING: ntlmauthenticator #5 (FD 12) exited 2008/10/13 06:39:33| WARNING: ntlmauthenticator #6 (FD 13) exited 2008/10/13 06:39:33| WARNING: ntlmauthenticator #7 (FD 14) exited 2008/10/13 06:39:33| WARNING: ntlmauthenticator #8 (FD 15) exited 2008/10/13 06:39:33| Too few ntlmauthenticator processes are running FATAL: The ntlmauthenticator helpers are crashing too rapidly, need help! Squid Cache (Version 3.0.STABLE2): Terminated abnormally. CPU Usage: 0.091 seconds = 0.034 user + 0.057 sys Maximum Resident Size: 0 KB Page faults with physical i/o: 0 Memory usage for squid via mallinfo(): total space in arena:3436 KB Ordinary blocks: 3385 KB 2 blks Small blocks: 0 KB 0 blks Holding blocks: 1972 KB 9 blks Free Small blocks: 0 KB Free Ordinary blocks: 50 KB Total in use:5357 KB 156% Total free:50 KB 1% anyone know where is my error ? Classic configuration (work on 2.6 version actually) : auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 15 #auth_param ntlm use_ntlm_negotiate on #auth_param ntlm max_challenge_reuses 0 #auth_param ntlm max_challenge_lifetime 10 minutes auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic children 15 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours thanks for your help jerome
[squid-users] New error msg after update to squid 3.0
Hi after update to 3.0, we have a lot of error: 1203078370.518 0 10.28.12.198 NONE/400 1727 POST /ReportingWebService/ReportingWebService.asmx - NONE/- text/html 1203078370.543 0 10.28.12.198 NONE/400 1657 GET /proxy.dat - NONE/- text/html 1203078370.578 0 10.28.12.198 NONE/400 1767 NONE error:unsupported-request-method - NONE/- text/html 1203078370.608 0 10.28.12.198 NONE/400 1727 POST /ReportingWebService/ReportingWebService.asmx - NONE/- text/html 1203079021.755 0 10.28.12.199 NONE/400 1639 GET / - NONE/- text/html 1203079036.203 0 10.28.12.199 NONE/400 1639 GET / - NONE/- text/html 1203080293.751 0 10.28.12.199 NONE/400 1657 GET /proxy.dat - NONE/- text/html 1203080321.946 0 10.28.12.199 NONE/400 1639 GET / - NONE/- text/html 1203080394.816 0 10.28.12.199 NONE/400 1639 GET / - NONE/- text/html 1203080572.979 0 10.28.12.199 NONE/400 1655 GET /proxy.da - NONE/- text/html 1203080578.337 0 10.28.12.199 NONE/400 1639 GET / - NONE/- text/html 1203080590.741 0 10.28.12.199 NONE/400 1655 GET /proxy.da - NONE/- text/html 1203080595.727 0 10.28.12.199 NONE/400 1639 GET / - NONE/- text/html 1203080645.640 0 10.28.12.199 NONE/400 1655 GET /proxy.da - NONE/- text/html 1203080650.819 0 10.28.12.199 NONE/400 1639 GET / - NONE/- text/html 1203080657.934 0 10.28.12.199 NONE/400 1655 GET /proxy.da - NONE/- text/html 1203080665.460 0 10.28.12.199 NONE/400 1639 GET / - NONE/- text/html 1203080728.088 0 10.28.12.199 NONE/400 1655 GET /proxy.da - NONE/- text/html 1203080734.257 0 10.28.12.199 NONE/400 1639 GET / - NONE/- text/html 1203080747.860 0 10.28.12.199 NONE/400 1639 GET / - NONE/- text/html 1203080880.580 0 10.28.12.199 NONE/400 1639 GET / - NONE/- text/html 1203081158.964 0 10.28.12.199 NONE/400 1657 GET /proxy.dat - NONE/- text/html 1203081215.943 0 10.28.12.199 NONE/400 1657 GET /proxy.dat - NONE/- text/html What is NON/400 ? Thanks for your help
[squid-users] Squid in Transparent ?
Hi it's a problems that use squid with a iptable redirect: 80 to 8080 and into squid.conf don't put transparent to : http_port 8080 ? and if i put http_port 8080 transparent User that use manually into the web browser configuration can continue to use the proxy ? Thanks for your help Jerome
[squid-users] Error What is this ?
Hi anyone know this problems : 1202922662.095 0 192.168.50.200 TCP_DENIED/400 1374 NONE error:unsupported-request-method - NONE/- text/html 1202922662.119 1 192.168.50.200 TCP_DENIED/400 1374 NONE error:unsupported-request-method - NONE/- text/html 1202922662.151 0 192.168.50.200 TCP_DENIED/400 1374 NONE error:unsupported-request-method - NONE/- text/html 1202922662.191 0 192.168.50.200 TCP_DENIED/400 1374 NONE error:unsupported-request-method - NONE/- text/html 1202922662.234 0 192.168.50.200 TCP_DENIED/400 1374 NONE error:unsupported-request-method - NONE/- text/html 1202922662.273 0 192.168.50.200 TCP_DENIED/400 1374 NONE error:unsupported-request-method - NONE/- text/html 1202922662.322 1 192.168.50.200 TCP_DENIED/400 1374 NONE error:unsupported-request-method - NONE/- text/html 1202922662.400 1 192.168.50.200 TCP_DENIED/400 1374 NONE error:unsupported-request-method - NONE/- text/html 1202922662.443 0 192.168.50.200 TCP_DENIED/400 1374 NONE error:unsupported-request-method - NONE/- text/html Thanks bye
[squid-users] ACL question
Hi I have a Squid Server, i am search a solution for add a small ACL: ACL based on a IP List (/etc/squid/ip_authorized) with this fonction: - If the IP is into the list, no problems, he can going on www. - If the IP are not into the list, he can going on the www but for all URL squid rewrite it in http://www.domaine.com For sample, he put http://www.google.com = he going on http://www.domaine.com it's possible ? Thanks
[squid-users] User Authentification ?
Hi can i put a squid authentification based on a login/password into a file on my linux proxy server and don't open a login/pass box but only based on the login/pass of the windows session ? Actually i use Winbindd, but i have a big quantity of problems with and can't continue .. thanks for your help smime.p7s Description: S/MIME Cryptographic Signature
[squid-users] Help on Squid with ntlm auth ..
Hi i request your help for resolve four problems that i have with Squid/Samba. I use squid-2.5.STABLE9 and samba 3.0.14a with a authentification ntlm winbindd my fours problems : 1- I don't know why, but all web site with a refresh have a access denied .. my user going on the web site no problems, wait 5mn the web site refresh and when he refresh i have a access denied 2- I don't know why with IE i can't going on www.ratp.fr when i use the proxy squid. i have a box for download and not the web site .. i don't know what is the process for debug this ... without squid the web site work's ! 3- What is the access right for accept this: 1117612694.193 0 10.206.1.251 TCP_DENIED/407 1790 GET cache_object://10.206.1.251/counters - NONE/- text/html 1117612694.197 0 10.206.1.251 TCP_DENIED/407 1778 GET cache_object://10.206.1.251/5min - NONE/- text/html 1117612694.201 0 10.206.1.251 TCP_DENIED/407 1781 GET cache_object://10.206.1.251/60min - NONE/- text/html 4- i have a lot of problems of authentification, when i change the password on my Active Directory, 3/4 hours after squid don't have the new password ... can i said a small cache live ? Thanks for your help My config files /etc/squid/squid.conf (all other config are with a #): http_port 10.206.1.251:8080 http_port 10.206.1.252:8080 icp_port 0 hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? .php .cgi .pl no_cache deny QUERY Default: cache_mem 8 MB cache_dir ufs /var/spool/squid 512 16 256 mime_table /etc/squid/mime.conf ftp_user [EMAIL PROTECTED] ftp_passive on auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 15 auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 2 minutes auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic children 15 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours external_acl_type AD_Group concurrency=15 negative_ttl=300 %LOGIN /usr/lib/squid/wbinfo_group.pl refresh_pattern ^ftp:144020%10080 refresh_pattern ^gopher:14400%1440 refresh_pattern \.fr\/ 20 20% 1440 refresh_pattern .020%4320 quick_abort_min 1000 KB quick_abort_max 3000 KB quick_abort_pct 15 acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 563 acl Safe_ports port 80# http acl Safe_ports port 21# ftp acl Safe_ports port 443 563# https, snews acl Safe_ports port 70# gopher acl Safe_ports port 210# wais acl Safe_ports port 1025-65535# unregistered ports acl Safe_ports port 280# http-mgmt acl Safe_ports port 488# gss-http acl Safe_ports port 591# filemaker acl Safe_ports port 777# multiling http acl CONNECT method CONNECT acl dmz_network src 10.216.1.0/24 http_access allow dmz_network acl AllowedADUsers external AD_Group /etc/squid/allowedntgroups acl Winbind proxy_auth REQUIRED http_access allow AllowedADUsers http_access deny !AllowedADUsers http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost http_reply_access allow all icp_access allow all tcp_outgoing_tos 0x08 all logfile_rotate 3 forwarded_for off log_icp_queries off
Re: [squid-users] A error with IE 6 and Proxy on one web site ...
Hi nyone know this problems why squid reject IE for this domain ?? anyone can help me ? thanks bye Phibee Network operation Center a écrit : Hi i have a small problems with my Squid Proxy (NTLM Authentification) : When i want going on the web site: http://www.ratp.fr, Internet Explorer open a download box with a file type ratp and never put me the web site .. If: 1- I use Firefow with the proxy = No problems, i see the web site 2- I use Internet Explorer without the proxy = No Problems, i see the web site but if 3- I use Internet Explorer with squid proxy, i don't see the web see and he want that i download the file .. In my access.log, i don't have a big information: 1116432295.185469 172.16.10.15 TCP_IMS_HIT/304 223 GET http://www.ratp.fr/ borlotte NONE/- text/html 1116433901.001393 172.16.10.15 TCP_MEM_HIT/200 647 GET http://www.ratp.fr/ borlotte NONE/- text/html 1116433931.229 1 172.16.10.15 TCP_IMS_HIT/304 224 GET http://www.ratp.fr/ borlotte NONE/- text/html anyone have a idea ? can you see you this web site with your proxy ? Thanks bye
[squid-users] A error with IE 6 and Proxy on one web site ...
Hi i have a small problems with my Squid Proxy (NTLM Authentification) : When i want going on the web site: http://www.ratp.fr, Internet Explorer open a download box with a file type ratp and never put me the web site .. If: 1- I use Firefow with the proxy = No problems, i see the web site 2- I use Internet Explorer without the proxy = No Problems, i see the web site but if 3- I use Internet Explorer with squid proxy, i don't see the web see and he want that i download the file .. In my access.log, i don't have a big information: 1116432295.185469 172.16.10.15 TCP_IMS_HIT/304 223 GET http://www.ratp.fr/ borlotte NONE/- text/html 1116433901.001393 172.16.10.15 TCP_MEM_HIT/200 647 GET http://www.ratp.fr/ borlotte NONE/- text/html 1116433931.229 1 172.16.10.15 TCP_IMS_HIT/304 224 GET http://www.ratp.fr/ borlotte NONE/- text/html anyone have a idea ? can you see you this web site with your proxy ? Thanks bye smime.p7s Description: S/MIME Cryptographic Signature
[squid-users] AD Authentification and Acl ?
Hi i use ntlm/winbind for authenticate my user. my conf: = auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 15 auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 2 minutes auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic children 15 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours external_acl_type AD_Group concurrency=15 %LOGIN /usr/lib/squid/wbinfo_group.pl acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 563 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT acl dmz_network src 10.216.1.0/24 http_access allow dmz_network acl AllowedADUsers external AD_Group /etc/squid/allowedntgroups acl Winbind proxy_auth REQUIRED http_access allow AllowedADUsers http_access deny !AllowedADUsers http_access deny !Winbind http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports = That's work's but i want know if i can: 1- Actually, when the user are not into a internet group (specified un allowedntgroups) squid sent a bow for know new login/pass and after he put a Cache Access Denied page. Itr's possible that after see that the user are not into a internet group, he don't want login/pass and put a specific html page or gif with Access Denied ? and it's possible that user not in good groups don't have a cache ? (if the admin change group, the user are immediatly Ok) 2- I want that the user authentified in Winbind but not into a good groups can going to 2 or 3 site, i have put : acl allow_url dstdomain .pagesjaunes.fr phibee.net http_access allow allow_url but that's don't work .. and one of this site put gif located into another web address ... it's possible says pagesjaunes.fr + html gift request ? Thanks for your help
