On Mon, 2010-10-25 at 17:15 -0700, Landy Landy wrote:
If it's not working, then I suspect it's something wrong
with your tc
rules. Are you sure you are shaping the correct interface?
Remember that
the interface will be the opposite one to the one that you
are using for
the user
Thanks Nick and Markus
You were right about permissions. Before check it for helper but forgot do
this for keytab file.
Now for helper is 0755 and for keytab 0666 (for testing period).
One step forward, but now i have another error in cache.log
...
glrUbv5/nTtm0eRDjSLMllQnILqhEV+fsjinx+HOHYQ=
On 26/10/2010 03:56, Paul Freeman paul.free...@eml.com.au wrote:
Hi.
I have successfully installed Squid 3.1.8 on Ubuntu 10.04LTS and have
enabled
Kerberos/NTLM authentication using the squid_kerb_auth helper. This
setup is
working well and successfully authenticates Windows domain users when
Hello,
I have blocked some URLs through an url_regex acl, which works, if the URL
contains any protocol execept https.
The blocked_urls.lst file contains lines like:
([^\/]\.facebook\.com\/|[^\/]\.facebook\.com$|^.*://facebook\.com)+
I've tested the regex using an online regex tester:
Hi all again.
I think we can close this threat couse i localize the problem.
It's the same problem as in this threat -
http://squid-web-proxy-cache.1019090.n4.nabble.com/Authentication-using-squid-kerb-auth-with-Internet-Explorer-8-on-Windows-Server-2008-R2-td3013070.html#a3013070
I check all
Hello all.
I can join and confirm the same problem on client machine with IE8.
Have the same errors in cache.log file when try to connect from IE8 and
Firefox 3.6.10.
Maybe it's not a browser problem, but OS version? I'm using Windows 7
operating system on this problem client machine. Maybe
Nick Cairncross wrote:
Hi Paul,
Just my thoughts (which are minor in relation to the power of other
listers..!): Are you specifically running the 64-bit version of IE? How
does your DNS look? A/PTR records all in order? What does kerbtray show?
What encoding for kerberos are you using?
Sorry if this has already been answered, but I can't seem to find it under what
I'm searching.
I have 2 squids set up as reverse proxies and are load balanced for the URL
http://www.domain.com. I am trying to precache certain objects before my users
see them by visiting those URLs (i.e.
Here's a snip:
#!/bin/bash
#set -v
iptables='sudo iptables'
tc='sudo tc'
#$iptables -t mangle -F
#$iptables -t mangle -Z
#
## Traffic Shaping
#
## Parent ID: 1, Associated with iface: eth0 -- External Interface - Internet
Side.
$tc qdisc del dev eth0 root
On Tue, 2010-10-26 at 08:15 -0700, Landy Landy wrote:
Here's a snip:
#!/bin/bash
#set -v
iptables='sudo iptables'
tc='sudo tc'
#$iptables -t mangle -F
#$iptables -t mangle -Z
#
## Traffic Shaping
#
## Parent ID: 1, Associated with iface: eth0
On 26/10/2010 14:58, DmitrySh sbro...@inbox.lv wrote:
Nick Cairncross wrote:
Hi Paul,
Just my thoughts (which are minor in relation to the power of other
listers..!): Are you specifically running the 64-bit version of IE? How
does your DNS look? A/PTR records all in order? What does
Hi guys,
my problem with youtube uploads persists.
Every day some users have to make upload to youtube.
Attached to this email:
eth0-day.png: Shows the link utilization (green for download and blue
for upload)
perf-day.png: Shows the cpu(green) and memory(blue line) utilization
of my firewall
Hi Paul,
Is your AD server 2003 or 2008 ?
Markus
Paul Freeman paul.free...@eml.com.au wrote in message
news:19672eecfb9ae340833c84f3e90b5956042a4...@mel-ex-01.eml.local...
Hi.
I have successfully installed Squid 3.1.8 on Ubuntu 10.04LTS and have
enabled
Kerberos/NTLM authentication using
DmitrySh sbro...@inbox.lv wrote in message
news:1288100124027-3013710.p...@n4.nabble.com...
Hi all again.
I think we can close this threat couse i localize the problem.
It's the same problem as in this threat -
Thanks Andy for your reply and taking your time to help like always.
$tc class add dev eth0 parent 1:0 classid 1:1
htb rate 900kbit ceil 945kbit
As I understand, correct me if I'm wrong, this rule is telling the kernel how
much bw we want to use globally or how big is the entire bucket.
I
Hi Markus
My AD servers (I have 2) are both Windows 2008 R2. AD is running at the 2003
functional level. The AD environment is the same one that is working OK with
Squid and Kerberos authentication for Windows XP workstations running IE8.
Regards
Paul
-Original Message-
From:
On Mon, Oct 25, 2010 at 6:38 PM, Amos Jeffries squ...@treenet.co.nz wrote:
On Mon, 25 Oct 2010 12:38:49 -0400, alexus ale...@gmail.com wrote:
is there a way to disallow serving of pages based on browser (agent)?
I'm getting a lot of these:
XX.XX.XX.XX - - [25/Oct/2010:16:37:44 +] GET
Hi Paul,
Did you install http://support.microsoft.com/kb/951191 onto your 2008 AD
server (it did not work in my case without this patch) ?
If it is not related to the above, do you know if your 2008 server tries to
use AES encryption (check the exchange between your 2008 server and AD on
Hi Nick
Thanks for looking at this. I appreciate your help.
My answers to your questions are in line below
-Original Message-
From: Nick Cairncross [mailto:nick.cairncr...@condenast.co.uk]
Sent: Tuesday, 26 October 2010 8:36 PM
To: Paul Freeman; Squid Users
Subject: Re:
Markus
Don't worry about asking too many questions - I am happy to answer.
Generally questions will lead to some sort of answer or at least a greater
understanding of the problem.
I just sent a reply to Nick's email and in that I mention the difference
between encryption types for Kerberos
Thanks Andy for your reply and taking your time to help like always.
No problem at all.
$tc class add dev eth0 parent 1:0 classid 1:1
htb rate 900kbit ceil 945kbit
As I understand, correct me if I'm wrong, this rule is telling the
kernel how much bw we want to use globally or how
Will that share the bandwidth pro rata?
Say the bandwidth is 10Mbps and you have 10 users, they only get 1 each?
Otherwise isn't it shared equally anyway?
There must be a way to apply a kbps limit in case someone is hogging the
bandwidth?
--
Ah, well the difference is that you are using INPUT/OUTPUT chains with
Squid, not FORWARD, so that will be the difference.
What a dreadful sentence! That will teach me to not proofread before
posting to a list...
Sorry to reply to my own email but I realised I have not properly described
the encryption type problem I had with https which may mean my theory about
it being similar to the Kerberos problem is incorrect.
The certificate encryption problem I had on Ubuntu 10.04 LTS was due to the
Windows Root
[top posting corrected]
Are you just trying to share bandwidth fairly between users? If so, your
best bet is to change to one leaf for all your clients, but attach a
filter to it that will share bandwidth *by IP address* (see below) - the
default is to share by connection. If you want an
Hi Paul,
As far as I know the Kerberos libraries do not use openssl code. Can you
capture the traffic between your 2008 server and AD on port 88 and between
the 2008 server and squid on 3128 (the squid port). Can you also capture the
traffic between squid and AD when you try a kinit -kt
Hi ,
So this is my setup. I have a web filter running Dansguardian and I'm using
squid as the underlying proxy server. I have to login to an Intranet Site on
another domain that I am connected to by VPN. To authenticate against the
website I use an Active Directory account that exist on its
On Tue, 26 Oct 2010 09:43:45 -0500, Sokol, Ryan - 1244 ry...@ha.com
wrote:
Sorry if this has already been answered, but I can't seem to find it
under
what I'm searching.
I have 2 squids set up as reverse proxies and are load balanced for the
URL http://www.domain.com. I am trying to
On Tue, 26 Oct 2010 17:30:48 -0500, Clive Christie
clive.chris...@magnarewards.com wrote:
Hi ,
So this is my setup. I have a web filter running Dansguardian and I'm
using
squid as the underlying proxy server. I have to login to an Intranet
Site
So you have a two-proxy hierarchy:
Client -
On Tue, 26 Oct 2010 16:34:52 -0400, alexus ale...@gmail.com wrote:
On Mon, Oct 25, 2010 at 6:38 PM, Amos Jeffries squ...@treenet.co.nz
wrote:
On Mon, 25 Oct 2010 12:38:49 -0400, alexus ale...@gmail.com wrote:
is there a way to disallow serving of pages based on browser (agent)?
I'm getting a
30 matches
Mail list logo