Hi all,
Is there a way to set a password expiration date for users and force them to
change their passwords after a specified time? I have already set up a
change password utility but the problem is users will not change their
passwords if they are not told to do so, thus i would like to set a
Sarg may be a good choice for your No.2 purpose.
- Original Message -
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, November 07, 2003 8:49 AM
Subject: [squid-users] Squidalyzer or comparable?
> I am VERY new to Linux and Squid.
>
> I've set up Squid an a Red Hat 9.0 b
Can I setup Squid to be a reverse proxy that requires login with RADIUS challenge.?
Is it possible to do this authentication on a web page instead of the standard IE
authentication pop-up ?
Regards Joel
Hello squid users,
I have an application which retrieves telephone and address info from the net that
runs on all of my
organisations workstations. It cannot be configured to authenticate to a proxy server.
I wish to have
my users authenticate when browsing but bypass authentication for the app
On Wed, Nov 05, 2003 at 09:56:56PM +0100, Henrik Nordstrom wrote:
> On Wed, 5 Nov 2003, Payal Rathod wrote:
>
> > Thanks for the mail. Well, I have only one proxy running, and webserve
> > ris on 80. But I believe I mentioned port 0? What might be the reason
> > that squid behaves taht way when po
I am VERY new to Linux and Squid.
I've set up Squid an a Red Hat 9.0 box and am currently using Basic Squid
Authentication.
I would like to be able to track web site vs user info using something like
Squidalizer. Webalizer is installed and running but does not appear to be able to show
user/si
On Thu, 6 Nov 2003, Henk-Jan (squid) wrote:
> Because Squid 2.5 uses an internal Samba interface to communicate with the
> winbindd daemon, it is difficult for me to ask the right question, How do I
> debug this?
You basically need to use a NTLMSSP implementation to inspect the NTLMSSP
packets e
On Thu, 6 Nov 2003, Tom Lahti wrote:
> ACCEPT will continue down the table. You want to use RETURN, not
> ACCEPT. Otherwise, it will still match the REDIRECT rule later in the table.
No, it won't.
ACCEPT is a terminal target in iptables. Terminal targets terminate all
processing of that hook
On Thu, 6 Nov 2003 [EMAIL PROTECTED] wrote:
> OK I have Authentication working with the following line.
>
> auth_param basic program /usr/local/squid/bin/squid_ldap_auth -u cn -b
> ou=techteam,ou=bdmn-master,dc=bdmn,dc=foo,dc=com 10.61.1.248
>
> I found my account lives in an OU called techteam,
OK I have Authentication working with the following line.
auth_param basic program /usr/local/squid/bin/squid_ldap_auth -u cn -b
ou=techteam,ou=bdmn-master,dc=bdmn,dc=foo,dc=com 10.61.1.248
I found my account lives in an OU called techteam, my other issue is I
have other OU's at the same level as
We are currently running Squid 2.5 Stable 4 on Windows 2000, and have a problem with
NTLM authentication.
During busy times the squid service stops authenticating people and we need to restart
the service to get it working again. This has been automated so that a script
connects with a loca
Because Squid 2.5 uses an internal Samba interface to communicate with the
winbindd daemon, it is difficult for me to ask the right question, How do I
debug this?
The cliënts logon to the PDC perfectly without running the directory
service. This means the are using LM hashes...
The only differebc
At 12:12 PM 11/6/2003, you wrote:
On Thu, 6 Nov 2003, silviomaestro wrote:
> Can i insert one iptables comand to configure this exceptio of
> interceptation ?
Yes. Just add a rule before the above your nat rule which ACCEPT the
packet instead of REDIRECT it..
Regards
Henrik
ACCEPT will continue do
On Thu, 6 Nov 2003, Antony Stone wrote:
> As for writing a program to use promiscuous mode, I wouldn't be surprised if
> such already exists, possibly amongst Dug Song's varied collection of
> "security tools" (do a Google for dsniff and you'll see what I mean).
There is several quite funny too
From: Robert Collins <[EMAIL PROTECTED]>
To: Y Jones <[EMAIL PROTECTED]>
CC: Squid Users <[EMAIL PROTECTED]>
Subject: Re: [squid-users] TCP_REFRESH_HIT instead of TCP_HIT?
Date: Thu, 6 Nov 2003 05:38:27 +0700
On Thu, 2003-11-06 at 08:11, Y Jones wrote:
> I am running 3.0-PRE3-20031002 in accelerato
On Thu, 6 Nov 2003, Tom Lahti wrote:
> Probably a layer 7 switch/router can do this. Someone could write a
> program that uses promiscuous mode to do it also.
ngrep does a good job..
Regards
Henrik
On Thu, 6 Nov 2003, Adam Aube wrote:
> > When a user autenticates using IE the first time the user
> > gets an error message. By pressing the reload button he
> > gets the requested page.
>
> This is a bug in various versions of IE (particulary IE 6). Microsoft
> has a fix for IE 6 - check the li
On Thu, 6 Nov 2003, silviomaestro wrote:
> Can i insert one iptables comand to configure this exceptio of
> interceptation ?
Yes. Just add a rule before the above your nat rule which ACCEPT the
packet instead of REDIRECT it..
Regards
Henrik
On Thu, 6 Nov 2003, Keith Irvin wrote:
> Has anyone configured squid as a logging only server? I just want to
> monitor Internet access without caching or forwarding of traffic.
Hmm.. without forwarding traffic there won't be much traffic to monitor..
How to run Squid without cache can be found
On Thu, 6 Nov 2003, Eicke wrote:
> 1068132264.745 3 192.168.5.9 TCP_MISS/503 1011 GET http://192.168.2.1/ -
> NONE/- -
This indicates your Squid could not reach the requested server. It is not
an access control problem within Squid.
Can you from the Squid server connect to the 192.168.2.1 serve
On Thu, 6 Nov 2003, Phil Smith wrote:
> This is their configuration problems page
> https://www.bidding.freemarkets.com/ConfigurationIssues.asp
>
>
> I am still unable to get the application to load
>
> What have I done wrong?
What do you get in access.log?
Note: Your ruleset can be simplifi
On Thu, 6 Nov 2003, Phil Smith wrote:
> "The application and the JRE may not be able to intercept all types of
> authentication with proxies. If your proxy environment is configured to
> require either NT Challenge-Response or Basic Authentication, the
> application may not properly connect throug
On Thursday 06 November 2003 7:34 pm, Tom Lahti wrote:
> >As for writing a program to use promiscuous mode, I wouldn't be surprised
> > if such already exists, possibly amongst Dug Song's varied collection of
> > "security tools" (do a Google for dsniff and you'll see what I mean).
>
> http://olym
As for writing a program to use promiscuous mode, I wouldn't be surprised if
such already exists, possibly amongst Dug Song's varied collection of
"security tools" (do a Google for dsniff and you'll see what I mean).
http://olympus.het.brown.edu/cgi-bin/man2html?urlsnarf+8
Well lookie there.
--
On Thursday 06 November 2003 6:59 pm, Tom Lahti wrote:
> At 10:34 AM 11/6/2003, Adam Aube wrote:
> > >>> Has anyone configured squid as a logging only server? I
> > >>> just want to monitor Internet access without caching or
> > >>> forwarding of traffic.
> > >>
> > >> See the FAQ
> > >
> > > Act
At 10:34 AM 11/6/2003, Adam Aube wrote:
>>> Has anyone configured squid as a logging only server? I
>>> just want to monitor Internet access without caching or
>>> forwarding of traffic.
>> See the FAQ
> Actually, the answer is no, you can't have squid log without
> at least proxying (forwarding)
> When a user autenticates using IE the first time the user
> gets an error message. By pressing the reload button he
> gets the requested page.
This is a bug in various versions of IE (particulary IE 6). Microsoft
has a fix for IE 6 - check the list archives for a KB # or link.
Adam
I saw this a few days ago but at that time I wasn't concerned about.
When a user autenticates using IE the first time the user gets an
error message. By pressing the reload button he gets the requested
page.
Using Firebird browser the user gets the requested page immediately.
But i can't tell
>>> Has anyone configured squid as a logging only server? I
>>> just want to monitor Internet access without caching or
>>> forwarding of traffic.
>> See the FAQ
> Actually, the answer is no, you can't have squid log without
> at least proxying (forwarding) your web traffic.
Correct. I just gue
At 09:17 AM 11/6/2003, Adam Aube wrote:
> Has anyone configured squid as a logging only server? I just want
to
> monitor Internet access without caching or forwarding of
> traffic.
See the FAQ - "Can I make Squid proxy only, without caching anything?"
http://www.squid-cache.org/Doc/FAQ/FAQ-4.html
> What I want is to divide the bandwidth on IP base, so that
> user A and B would equally get 50 percent of the full
> bandwidth.
See the Squid FAQ on Delay Pools:
http://www.squid-cache.org/Doc/FAQ/FAQ-19.html#ss19.8
You'll probably want a class 2 or 3 pool (depending on the size of the
address
My name is Ae. Now I'm studying at King Mongkut's Institute of Technology
Ladkrabang in Thailand. I'm making project about squid. I want to know
detail about squid following.
1. squid process? for example, flowchart. What is each process have
function?
2. Which process filtering URL is in? and W
My name is Ae. Now I'm studying at King Mongkut's Institute of Technology
Ladkrabang in Thailand. I'm making project about squid. I want to know
detail about squid following.
1. squid process? for example, flowchart. What is each process have
function?
2. Which process filtering URL is in? and W
Hello,
I am maintaining a local network with internet access over a Squid
proxy. The problem is: Squid divides the bandwidth on a per connection
base. If user A would start 10 downloads (maybe using a download
manager) and user B would start only 1 download, then B will only get
1/11 of the availa
> Has anyone configured squid as a logging only server? I just want
to
> monitor Internet access without caching or forwarding of
> traffic.
See the FAQ - "Can I make Squid proxy only, without caching anything?"
http://www.squid-cache.org/Doc/FAQ/FAQ-4.html#ss4.20
Adam
> is there a way to put addresses in a files called
> direct.conf
acl direct_sites dstdomain "/path/to/direct.conf"
I believe this is documented in squid.conf.default.
Adam
> I configured Apache um my squid server, but I did get
> access , the error in squid access.log is:
> 1068132264.745 3 192.168.5.9 TCP_MISS/503 1011 GET
> http://192.168.2.1/ - NONE/- -
A request denied by Squid would be TCP_DENIED. The 503 means "service
unavailable". Do you a correspondin
At 09:46 AM 11/6/2003, you wrote:
How can I configure transparente proxy for my every users in my internal
network that server using linux kernell 2.4.19 and squid 2.4.7 with:
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j
REDIRECT --to-port 3128
and in the same server for only one u
I added the:
acl hotmail dstdomain .hotmail.com
always_direct allow hotmail
into the squid.conf. But is there a way to put addresses in a files called direct.conf
and in that file just type:
.hotmail.com
.msn.com
.yahoo.com
or how do you easily add addition address without having to add the acl l
How can I configure transparente proxy for my every users in my internal
network that server using linux kernell 2.4.19 and squid 2.4.7 with:
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j
REDIRECT --to-port 3128
and in the same server for only one user of the same internal netwok
Has anyone configured squid as a logging only server? I just want to
monitor Internet access without caching or forwarding of traffic. If anyone
has, can you give me a sample squid.conf and maybe the compilation options
to run during install?
-Keith
Hi folks,
Everything is running now! Thanks and regards for your help.
Now I need to configure SARG to output the squid results. I configured
Apache um my squid server, but I did get access , the error in squid
access.log is:
1068132264.745 3 192.168.5.9 TCP_MISS/503 1011 GET
http://192.168.
>>> Then I tested it with 95/98 cliënts: No go!
>> What operating system is your domain controller?
> It is an NT4 PDC
We have Squid 2.5STABLE4 with Samba 2.2.8a, and our 9x clients can use
NTLM auth successfully with a Windows 2000 AD backend.
Make sure the client PCs are logged into the domai
This is their configuration problems page
https://www.bidding.freemarkets.com/ConfigurationIssues.asp
I am still unable to get the application to load
Here is a snip of my acl lists
acl bidwaredom dstdomain .freemarkets.com
acl bidwareprt port 9080
acl bidwareip1 dst 205.247.137.57
acl bidwareip
This is actually the message back from the site
"The application and the JRE may not be able to intercept all types of
authentication with proxies. If your proxy environment is configured to
require either NT Challenge-Response or Basic Authentication, the
application may not properly connect thro
On Thu, 6 Nov 2003, Phil Smith wrote:
> I am running squid in an NT environment. We use NT authentication to grant
> or deny users access to the web via NT global groups. This works great
> except for one site that apparently uses its own authentication and dies on
> our squid proxy.
Almost cer
On Thu, 6 Nov 2003, Rogerio Klayn wrote:
> I'm using a client-server software that uses an application
> SOAP, but my squid server don't accept it. What can I do ??? Are there
> some configuration for squid ? A patch ?
There should not need to be any changes in Squid if the SOAP application
is b
On Thu, 6 Nov 2003, silviomaestro wrote:
> How can I configure transparente proxy for every users without only one
> station or user .
???
> I will ask of another way:
>
> I need to configure transparent proxy for my every users but only one i can
> not configure transparent proxy becouse he n
On Thu, 6 Nov 2003 [EMAIL PROTECTED] wrote:
> I am using squid2.5-stable4 in my production environment.. Can I use this
> patch against this version?
Yes.
> Would it work if I place the patch in the same directory as the Squid source
> and run a patch -p1 ?
patch -p1
> Is there a way to set this one site up so that all users
> can have anonymous access to it but still have the
> proxy_auth for the rest of the sites?
1) Create an acl for these sites
2) Create an http_access rule allowing that acl. Insert it just before
the http_access rule that requires authent
I am running squid in an NT environment. We use NT authentication to grant
or deny users access to the web via NT global groups. This works great
except for one site that apparently uses its own authentication and dies on
our squid proxy.
Is there a way to set this one site up so that all users
> We are currently looking at going AD on win2003
> at the moment we have a Winnt 4 domain and squid is
> nicely auth against the domain controllers with NTLM.
> can i continue to use NTLM agains't win2k3 AD domain
If you use Samba 3 and the included NTLM helper, then you should be
fine - Win2k3
Rogerio Klayn wrote:
>
> Hi,
>
> I'm using a client-server software that uses an application SOAP,
> but my squid server don't accept it. What can I do ??? Are there some
> configuration for squid ? A patch ?
What does it do ?
Note that squid deals with http proxying only.
M.
>
Hi,
I'm using a client-server software that uses an application SOAP,
but my squid server don't accept it. What can I do ??? Are there some
configuration for squid ? A patch ?
Thanks,
Rogerio Klayn
OK !!!
I am using squid2.5-stable4 in my production environment.. Can I use this
patch against this version?
Would it work if I place the patch in the same directory as the Squid source
and run a patch -p1 ?
Regards,
Carlos.
Em 6 Nov 2003, Henrik Nordstrom escreveu:
>On Thu, 6 Nov 200
OK !!!
I am using squid2.5-stable4 in my production environment.. Can I use this
patch against this version?
Would it work if I place the patch in the same directory as the Squid source
and run a patch -p1 ?
Regards,
Carlos.
Em 6 Nov 2003, Henrik Nordstrom escreveu:
>On Thu, 6 Nov 200
How can I configure transparente proxy for every users without only one
station or user .
I will ask of another way:
I need to configure transparent proxy for my every users but only one i can
not configure transparent proxy becouse he needs . How can i do this in
squid proxy ?
On Thu, 6 Nov 2003 [EMAIL PROTECTED] wrote:
> If we download the squid-icap-client following the directions in
> http://icap-server.sourceforge.net/squid.html, either through standard
> download or through cvs, it creates a directory named
> squid-2.6-DEVEL-20020324.
>
> That´s why I though I
On Thu, 6 Nov 2003, Milind Nanal wrote:
> I have added OS kernel support for WCCPv2. When I checked wccp status on
> router, it shows that router identifies the cache engine's presence over
> there.
>
> But still ..problem
>
> When squid service is started cache.log file generates.
> Be
Hi Henrik!!!
If we download the squid-icap-client following the directions in
http://icap-server.sourceforge.net/squid.html, either through standard
download or through cvs, it creates a directory named
squid-2.6-DEVEL-20020324.
That´s why I though I was dealing with 2.6 version of Squid ...
Hi Henrik!!!
If we download the squid-icap-client following the directions in
http://icap-server.sourceforge.net/squid.html, either through standard
download or through cvs, it creates a directory named
squid-2.6-DEVEL-20020324.
That´s why I though I was dealing with 2.6 version of Squid ...
Perfect!
I just used the line below and it goes fine thru
both proxies, the first proxy do not have any
authentication directives, the parent is doing
authentication thru LDAP.
cache_peer 192.168.1.13 parent 3128 3130 default login=PASS
Many thanks!
--
Bye,
Fernando Maciel Souto Maior
[EMAIL P
Hi Henrik,
I have added OS kernel support for WCCPv2. When I checked wccp status on
router, it shows that router identifies the cache engine's presence over
there.
But still ..problem
When squid service is started cache.log file generates.
Below is the cache.log generated by squid.
20
On Thu, 6 Nov 2003, Raja R wrote:
> I need your advice on filesystem type which shud be used for the cache dirs.
> Ext3 or ReiserFS ? Which one is better ?
reiserfs is generally considered slightly faster for Squid use.
> How will the squid.conf parameter change for the cache_dir option for both
On Thu, 6 Nov 2003, Brad Groshok wrote:
> What seems to be happening, is customer tried to surf to a page
> couple items get returned from the page (and show in squid access.log)
> but then it appears to freeze there.
> If you don't touch anything, 30-60 sec later, the rest of the page
> completes
On Thu, 6 Nov 2003, Manu C S wrote:
> acl porn dstdom_regex -i "/etc/squid/porn1"
>
> where the file "/etc/squid/porn1"
> had lines of the form
> .xxx.com
These SHOULD be a dstdom acl, not a dstdom_regex.
> Based on Adam Aube's suggestion about literal dots in regex,
> I changed that to:
>
On Wed, 5 Nov 2003, Fernando Maior wrote:
> Hmmm,
>
> What I understood from what you wrote, I must have exactly
> the same directives and files for authenticating for both
> squids.
No, not at all.
What you MUST do is to tell each Squid who is to forward the
authentication to a parent proxy t
On Wed, 5 Nov 2003, Steve Fischer wrote:
> Is this patch (wccpv2.patch) still considered beta?
Probably.
> Is support for wccp2 going to be included in the squid 3.0 release?
Not at this time no. The author of the WCCPv2 patch never submitted it for
inclusion in the mainline Squid tree, probab
On Thu, 6 Nov 2003 [EMAIL PROTECTED] wrote:
> We are currently looking at going AD on win2003 (aargh, not sure i want to
> do this). at the moment we have a Winnt 4 domain and squid is nicely auth
> against the domain controllers with NTLM. my question is can i continue to
> use NTLM agains't w
On Wed, 5 Nov 2003, Ed Alexander wrote:
> I'm running Squid 2.x on a Smoothwall box in a home network. I'm trying
> to connect to the Cisco VPN concentrator at work via a TCP tunnel on
> port 80.
This won't work via Squid. For things to work via Squid they must use the
HTTP protocol, not abus
On Thu, 6 Nov 2003, Payal Rathod wrote:
>
> Ok, I doubt that browser is sending request at port 80, because
> >pache is there.
Apache do have a proxy module, and if this is enabled Apache will proxy
requests much like Squid.
> Do you want me to paste all the data and squidc.conf on my site?
Raja R wrote:
>
> Hi Gurus,
> I am planning for a new installation of squid-2.5 s4 with around 4*4 GB of
> cache dirs on linux 9, 1 GB RAM, scsi disks
> I need your advice on filesystem type which shud be used for the cache dirs.
> Ext3 or ReiserFS ? Which one is better ?
Googalize yourself on
Please see the updated homepage at
http://icap-server.sourceforge.net/squid.html for pointers..
Essentially, refer to http://squid.sf.net/projects.html#icap or download
from
ftp://ftp.measurement-factory.com/pub/squid-icap/squid-icap-2_5-20031023.tar.gz
thanks and regards
Geetha
[EMAIL PROTECTE
Hi all:
having a problem with squid for last 12 hours or so.
Running Squid 2.5 Stable 3
Redhat 9, std install, on Intel Xeon 2.4GHz with 1 gig ram
1 36Gig Ultra 320 SCSI drive, (only caching 8 gig of content)
Transparent with Cisco wccpV1
Actually 2 squid boxes exactly the same.
They have been
Hi Gurus,
I am planning for a new installation of squid-2.5 s4 with around 4*4 GB of
cache dirs on linux 9, 1 GB RAM, scsi disks
I need your advice on filesystem type which shud be used for the cache dirs.
Ext3 or ReiserFS ? Which one is better ?
How will the squid.conf parameter change for the ca
75 matches
Mail list logo
