Dwayne Hottinger schrieb:
If you have 'root' access their should be a sarg.conf file. You can look there
to see if the password is turned on.
To my best knowledge there is no password option in sarg.conf nor would
I know what effect it should have.
In addition you should have a
[QUOTE]
What do you mean by define the policy for the group SQUID-MANAGERS ?
It is possible to have different user groups that are defined on the AD
and use these in squid config ACLS. What you cannot do is change the
ACLs themselves without touching the config file.
[/QUOTE]
Thanks for the
Information Security schrieb:
Can you guide me as what config changes are required in the config files
so that squid understands ADS groups?
I have no personal experience with that type of setup. I know that there
is a thread or document that describes the syntax to use AD groups in
squid
You need to also authenticate via command squid_ldap_group
There is also a man-page for this command!
Regards
Siegfried
-Ursprüngliche Nachricht-
Von: Jakob Curdes [mailto:[EMAIL PROTECTED]
Gesendet: Freitag, 29. September 2006 11:52
An: Information Security
Cc:
Yep.
Quoting Jakob Curdes [EMAIL PROTECTED]:
Dwayne Hottinger schrieb:
If you have 'root' access their should be a sarg.conf file. You can look
there
to see if the password is turned on.
To my best knowledge there is no password option in sarg.conf nor would
I know what effect it
With squid 2.5 I used to be able to do this:
http_port 3128
httpd_accel_host virtual
httpd_accel_port 8680
httpd_accel_single_host off
httpd_accel_uses_host_header on
Now I'm trying to set up a squid 2.6 STABLE4 and some of thos
directives have been dramatically changed. I've been told to use
Hello,
I apologize if this question is somewhat amateur, but I'm fairly new to this,
so bear with me please.
I just set up SquidNT 2.6.STABLE3-NT for a portion of our userbase. I would
like to log FQDNs instead of IPs, but I'm only able to do this on the
192.168.0.x and 192.168.1.x subnets.
Hi,
I would like to know if anyone has already setup a sucessfull instalation under
FreeBSD 6.1 with squid 2.6 and wccpV2.
I need to know what should be done when compiling squid, what are the option
that need to be under squid.conf
and if I need to create any GRE0 tunnel under FreeBSD and
Hello,
I am trying to configure NTLM authentication in squid. The squid server
would authenticate users with win2K3 ADS.
I had previously successfully done this with RHEL4. Currently I am
trying on Fedora Core 5, but I am facing a lot of problem this time...
the Linux machine simply does not
A few people, including myself, have had trouble making it work.
I don't have the spare cycles to dedicate to chasing it down and
fixing it until after November so I'd really appreciate it if
someone beat me to it :)
Adrian
On Fri, Sep 29, 2006, Mernoz Rostangi wrote:
Hi,
I would like to
Why do you want to join the machine to the domain? What we did was to configure
/etc/krb5.conf to your Domain specifications and that way you don't have to go
through the pain staking effort of joining a Linux machine to a MS Domain. In
any case both Linux and Windows are Kerberos compliant.
I want to configure squid for user based filtering. I had infact tried
configuring squid without actually adding this machine onto the domain.
But then squid access.log does not show up the usernames (which it does
in my RHEL squid setup).
Would it solve the purpose of user based filtering in this
bump
On 9/26/06, Edward Rosinzonsky [EMAIL PROTECTED] wrote:
Hi,
I'm running squid in accelerator mode, and can't get a sibling cache
working. The cache.log file doesn't say anything about siblings or
ICP messages. It's almost as if the cache_peer line isn't being seen.
I'm running
same problem here
anyone knows how to fix it?
thanks
Edward Rosinzonsky wrote:
bump
On 9/26/06, Edward Rosinzonsky [EMAIL PROTECTED] wrote:
Hi,
I'm running squid in accelerator mode, and can't get a sibling cache
working. The cache.log file doesn't say anything about siblings or
ICP
Hmm... looking at this a bit more closely, I'm also seeing this on
responses that are uncachable (and therefore shouldn't be collapsed).
On 2006/09/28, at 8:20 PM, Mark Nottingham wrote:
You mean with collapsed forwarding? That makes perfect sense, if
collapsed requests are logged as
mån 2006-09-25 klockan 22:24 -0700 skrev nonama:
HI there,
This is urgent. Need to find out some configuration
setting. Is there anybody out there using SQUID and
Trend Micro IWSS (http anti virus scanning)? Please
One possible configuration:
tor 2006-09-28 klockan 15:35 -0700 skrev Victor Fansler:
OK, I am running an Active Directory windows 2003. Please point me in the
right direction to integrate it.
The squid_ldap_auth manual have some examples.
Another approach is using Samba winbind, instructions found in the FAQ.
fre 2006-09-29 klockan 13:36 -0700 skrev Edward Rosinzonsky:
bump
On 9/26/06, Edward Rosinzonsky [EMAIL PROTECTED] wrote:
Hi,
I'm running squid in accelerator mode, and can't get a sibling cache
working. The cache.log file doesn't say anything about siblings or
http_port 80
Works just fine for me.
I think it never actually worked for you. A difference between 2.5 and
2.6 is that 2.6 is less keen on retrying requests on errors, where
Squid-2.5 would often ignore the error and go direct. To get back the
old behavior set retry_on_error, but you really should fix the
tor 2006-09-21 klockan 21:47 -0700 skrev nonama:
abt 500 users into SQUID. Just want to find out
whether the above setting of cache_peer, will force
all connection from SQUID to the http antivirus, no
matter whether the data requested has been cached at
SQUID or not.
A parent is used by
fre 2006-09-22 klockan 09:36 -0500 skrev Kulig, Peter:
I just set up SquidNT 2.6.STABLE3-NT for a portion of our userbase. I
would like to log FQDNs instead of IPs, but I'm only able to do this
on the 192.168.0.x and 192.168.1.x subnets.
If there is a problem using %A in some network then
fre 2006-09-22 klockan 09:48 -0500 skrev sOngUs:
My SETUP
Internal NIC has 2 IP addresses 192.168.0.1 and 192.168.0.2
NIC to wan1 has 200.1.1.1 ip address
NIC to wan2 has 100.1.1.1ip address
so,
i got a ip rule to route 192.168.0.2 trough wan2
which ip address should i put on
mån 2006-09-25 klockan 18:05 -0700 skrev Jeff Tharp:
I know this topic has come up with previous versions of Squid, and I've
seen various answers in the archives but I was wondering what the
official stance was for 2.6 (and maybe what the plan would be for 3.0).
For just Squid you need
tis 2006-09-26 klockan 11:56 +0200 skrev Paolo De Marco:
Hi,
i have check but the pid is correct on all servers.
This week only 2 server was affected by this problem.
I can't understand why...
This is the output from one server who has the problem
ps ax | grep squid
5671 ?S
tis 2006-09-26 klockan 08:58 -0400 skrev John Cammarata:
I have two questions that I didn't see in the FAQ and am hoping some
one can provide assistance:
1.) Does Squid support duplicate request detection?
Yes.
Will squid proxy this second request for
resourceZ to the back-end server or
tor 2006-09-28 klockan 15:25 -0600 skrev Steve Webb:
Q: if one of my www boxes dies will the associated squid proxy do all
queries through it's peer proxy or will it just return valid data for
anything in either cache, but fail on all fetches from the dead machine?
If you want this then I
Thanks a lot... that was helpful!!!
But in squid I had previously (while I was not concerned about groups) used
ntlm_auth as the helper program with winbind authentication. Would
squid_ldap_group work here?
Regards,
Navin J
-Original Message-
From: Hitzler, Siegfried (Exchange)
Hi,
Thanks for your reply.
I uppgraded to 2.6,
The cache.log file now seems to acknowledge that there are siblings
with the following lines:
2006/09/29 21:34:52| Configuring Parent 127.0.0.1/82/0
2006/09/29 21:34:52| Configuring Sibling squid2/80/3130
2006/09/29 21:34:52| Configuring Sibling
oops typo.
The configuration is:
http_port 80 vhost
cache_peer 127.0.0.1 parent 82 0 no-query originserver
cache_peer squid2 sibling 80 3130
cache_peer squid3 sibling 80 3130
On 9/29/06, Edward Rosinzonsky [EMAIL PROTECTED] wrote:
Hi,
Thanks for your reply.
I uppgraded to 2.6,
The cache.log
Hi,
I have some pages that I don't want to cache because they have http
authentication. In squid 2.5 I used to do that with the following
line in squid.conf:
refresh_pattern ^http:.+/page1/ 0 0%0
but in squid 2.6, this doesn't seem to work. The page doesn't authenticate.
30 matches
Mail list logo
