-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I found,
from where legs grows.
The problems beguns from ip_compat.h:
configure:27435: checking for netinet/ip_compat.h
configure:27435: g++ -c -m64 -O3 -m64 -fPIE -fstack-protector
-mtune=core2 --param=ssp-buffer-size=4 -pipe -march=native -std=c
Hi guys im trygint to use Kerberos authentication between squid & AD.
I have configured ntp , dns , winbind , samba and also joinf the squid to
the AD domina
Now the issue I have is running squid
I added the following helpers below :
#Kerberos config for squid
auth_param ntlm program /
Any ideas, any thoughts?
Thanks.
11/29/2014 6:17 AM, Amos Jeffries написав(ла):
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 28/11/2014 2:48 a.m., Vadim Rogoziansky wrote:
Hello Amos.
Thank you for answer.
There was made an investigation related to squid's peek and splice
issues in tran
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 20/12/2014 11:25 a.m., Ahmed Allzaeem wrote:
> Hi guys im trygint to use Kerberos authentication between squid &
> AD.
>
> I have configured ntp , dns , winbind , samba and also joinf the
> squid to the AD domina
>
>
>
> Now the issue I have is
Hello Amos,
thank you for the reply.
On Thu, Dec 11, Amos Jeffries wrote:
> > we use squid 3.4.9 as proxy for our company with ipv4 and ipv6
> > dual stack. It works good, but if a destination has an A and
> > record and the webserver isn't reachable via ipv6, squid generates
> > an error p
HI amos , thanks for clarification ,
Actually I modified it with the correct samba path with ==> /usr/bin/ntlm_auth
whereas I checked and found that helper !
So , my squid config file to :
===
##Kerberos config for squid
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 20/12/2014 2:08 a.m., Dieter Bloms wrote:
>
> When I do a http://ssl.ratsinfo-online.net/ the fallback from ipv6
> to ipv4 works fine, but when I do a
> https://ssl.ratsinfo-online.net/ squid tries ipv6 only and doesn't
> do a fallback to ipv4.
>
Hi Amos,
It seems it uses a posix resolver for that, because it cannot find the native
implementation. configure:37657: checking for getaddrinfo
configure:37657: x86_64-w64-mingw32-g++ -o conftest.exe -DWINVER=0x601
-D_WIN32_WINNT=0x601 -fpermissive -L/usr/lib -mthreads -static-libgcc
-stati
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 20/12/2014 12:13 p.m., Ahmed Allzaeem wrote:
> HI amos , thanks for clarification , Actually I modified it with
> the correct samba path with ==> /usr/bin/ntlm_auth whereas I
> checked and found that helper !
>
>
> So , my squid config file to :
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
If i do durty hack with editing these includes (ip_compat.h or
ip_nat.h), configuration went ok,
but build interceptor has errors and squid cannot be build.
Also, squid 3.4.8 in OpenCSW repository (built with ipf transparent
option) also cannot work
Thank you Amos , don’t know wt to say , u helped me a lot !
Now it get user/pwd
But still a new issue appeared !!
Now the browsing is so slow !!
I check the logs of squid I found a lot of TCP_denied and some of TCP_MISS
The question is being asked ... why a lot of requests is being deinied a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 20/12/2014 2:35 a.m., Eldar Akchurin wrote:
> Hi Amos,
>
> It seems it uses a posix resolver for that, because cannot find the
> native implementation.
>
>
>
>
>
> *configure:37657: checking for getaddrinfoconfigure:37657:
> x86_64-w64-mingw3
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 20/12/2014 2:45 a.m., Yuri Voinov wrote:
>
> If i do durty hack with editing these includes (ip_compat.h or
> ip_nat.h), configuration went ok, but build interceptor has errors
> and squid cannot be build.
>
> Also, squid 3.4.8 in OpenCSW reposit
Hi,
That is how NTLM works. It doesn't (normally) indicate anything is
wrong. You do seem to have a /lot/ of DENIED though.
NTLM Auth will slow down browsing somewhat because authentication is
performed for every object retrieved. Google Maps can be a real nasty
because it loads lots of smal
If you look @ the logs , it seems it recognize a username when it allow , but
when it deny it don’t recognize a username
Plz look @ logs below :
N username here , but I put the username "b"
> 1418996889.943 2 192.168.1.5 TCP_DENIED/407 4189 GET http://google.com/
> - NONE/- text/html
Dow
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 20/12/2014 12:50 p.m., Ahmed Allzaeem wrote:
> Thank you Amos , don’t know wt to say , u helped me a lot !
>
> Now it get user/pwd
>
> But still a new issue appeared !!
>
> Now the browsing is so slow !!
>
> I check the logs of squid I found a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 20/12/2014 1:08 p.m., Ahmed Allzaeem wrote:
> If you look @ the logs , it seems it recognize a username when it
> allow , but when it deny it don’t recognize a username
>
The 407 is sent because there is nobody authenticated. Nobody
authenticated
Thank You Amos;
I have tried that already, however I get "Error: Dependancy not
satisfiable: libstdc++6 (>= 4.9)". I am not sure what forcing upgrade
of libraries will do to OS, so I guess it would be the best for me to
just sit upgrade out until it can be done smoothly.
Thank You again,
Bob
On
Thank you a lot a lot a lot .
Great mailing list with people like you. "Amos"
Soon I will jump to Kerberos and if I got hanged I will ask here again :)
thanks
-Original Message-
From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf
Of Amos Jeffries
Sent: Friday
Hi,
I have been trying to understand, how does Squid determine different
clients, but it is not clear from the documentation. I guess this does
not depend entirely on IP address, right? Otherwise all clients behind
NAT would be considered as single client.
Reason behind this is that I'd like
Hello Amos,
On Sat, Dec 20, Amos Jeffries wrote:
> > When I do a http://ssl.ratsinfo-online.net/ the fallback from ipv6
> > to ipv4 works fine, but when I do a
> > https://ssl.ratsinfo-online.net/ squid tries ipv6 only and doesn't
> > do a fallback to ipv4.
> >
> > I would be nice, if you can tr
Alex,
This corrected the compile problem. It now compiles and installs without error.
Thank you!
Eliezer,
Thanks for sharing the script. I will save that for future reference.
Alan
From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf
Of Alex Domoradov
Sent: Saturday,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 20/12/2014 3:45 a.m., Red wrote:
> Thank You Amos; I have tried that already, however I get "Error:
> Dependancy not satisfiable: libstdc++6 (>= 4.9)". I am not sure
> what forcing upgrade of libraries will do to OS, so I guess it
> would be the b
I have a few TPROXY implementations with squid. In only one of them
recently I'm getting lots of: "x-squid-error: ERR_CONNECT_FAIL 110" and
some 504 timeouts.
Squid Cache: Version 3.4.10-20141218-r13197
configure options: '--prefix=/opt/sepia/squid'
'--sysconfdir=/var/lib/sepia/' '--disable-a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 20/12/2014 3:52 a.m., Veiko Kukk wrote:
> Hi,
>
> I have been trying to understand, how does Squid determine
> different clients, but it is not clear from the documentation. I
> guess this does not depend entirely on IP address, right? Otherwise
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 20/12/2014 4:21 a.m., Alfredo Rezinovsky wrote:
> I have a few TPROXY implementations with squid. In only one of
> them recently I'm getting lots of: "x-squid-error: ERR_CONNECT_FAIL
> 110" and some 504 timeouts.
>
> Squid Cache: Version 3.4.10-201
Hi Veiko,
Correct me if Im wrong, you need to use Squid in HTTPS decryption and try
to cache maximum of objects (mainly big), am I right ?
Regarding the private/public objects, I could not answer here as I dont see
what your project is then Im not a member of the Squid team so Im not
inf
Hi Amos,
Thanks a lot for the hint!
Specifying LIBS="-lws2_32" fixes this particular issue. Let's see what comes up
next.
--e
> Date: Sat, 20 Dec 2014 02:51:49 +1300
> From: squ...@treenet.co.nz
> To: al.akchu...@googlemail.com
> CC: squid-users@lists.squid-cache.org
> Subject: Re: [squid-us
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 20/12/2014 7:05 a.m., Eldar Akchurin wrote:
> Hi Amos,
>
> Thanks a lot for the hint! Specifying LIBS="-lws2_32" fixes this
> particular issue. Let's see what comes up next.
>
> --e
Great! thank you. I have added that to Squid-3. For the next rel
The following "works" for me:
# intercept for transparent proxy of ssl connections
https_port 3130 name=transproxyssl intercept ssl-bump
generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
cert=/usr/local/squid/etc/ca.pem
# just testing with my laptop
acl james_src arp 11:11:11:11:11:
30 matches
Mail list logo
