On 16/03/11 18:11, Bill DeGan wrote:
> Thank you for your response.
>
> A couple of things I left off. Everything works fine for the remote user
> when he connects using satellite card but not on his corporate lan. I
> was told it worked the first time on his corporate lan and then every
> attempt
Hi Amos,
Thanks for the reply. I could not locate squid_kerb_auth anywhere in ACME
Consulting site, unless it is bundled with experimental SQUID3. Where would I
find it?
Thanks & Regards
Lakshman.
From: Amos Jeffries [squ...@treenet.co.nz]
Sent: Wedn
On Tue, 15 Mar 2011 14:20:03 -0500, Oscar Andrés Eraso Moncayo wrote:
As I do so that users are not authenticated by dansguardian and
access directly to the Internet,
I have problems with dansguardian and authentication in Web
applications with Java.
ntlm_smb_lm_aut I use for user authentication.
Amos,
Thanks the follow up and for the reminder on SELinux but at this point, I have
it off (I don't think I need to relabel after turning off -- any one know?).
I'm at a loss too -- starting to add more debugging logic (maybe will even
instrument a kernel) to see if I can figure out what's goi
On Tue, 15 Mar 2011 17:08:54 -0700, Liyanage, Lakshman wrote:
Hello All,
I am trying configure SQUID 2.7 in Windows 2008 R2 (Sometime ago,
then I had to postpone the project for a while) and I posted my cry
for help here - for which Rafal responded (see below).
However, I can not see squid_ker
On Tue, 15 Mar 2011 16:19:29 +0100, Jaime Nebrera wrote:
Hi again Amos,
After some extended reading of BlueCoat manual I have been able to
undertand how they do the things, and how confused were the guys of
the other team.
Aha. BC.
The first thing that shows up very clearly:
"HTTPS app
Hello All,
I am trying configure SQUID 2.7 in Windows 2008 R2 (Sometime ago, then I had to
postpone the project for a while) and I posted my cry for help here - for
which Rafal responded (see below).
However, I can not see squid_kerb_auth helper in my SQUID installation. Ho do
I get this?
On Tue, 15 Mar 2011 07:41:28 -0700, Jim Binder wrote:
If I try and add the route, both fail with file exists err
[root@fw01 ~]# ip route add local 0.0.0.0/0 dev eth0 table 100
RTNETLINK answers: File exists
[root@fw01 ~]# ip route add local 0.0.0.0/0 dev eth2 table 100
RTNETLINK answers: File
On Tue, 15 Mar 2011 09:26:29 -0700, Edouard Zorrilla wrote:
Guys,
Two questions for you.
Could you let me know a link where it shows a WCCP GRE example ?
http://wiki.squid-cache.org/Features/Wccp2#Squid_box_OS_configuration
I will need to do High Availability using PAC Files. Do you know a
On Tue, 15 Mar 2011 11:53:24 -0500, Bill DeGan wrote:
We have been using squid in a reverse proxy mode for several weeks
now
and its been working well.
Lately we have remote users that have a transparent proxy and users
are getting hung when trying to access a particular page.
Going thru cache
As I do so that users are not authenticated by dansguardian and access directly
to the Internet,
I have problems with dansguardian and authentication in Web applications with
Java.
ntlm_smb_lm_aut I use for user authentication.
I add the next lines in the squid.conf for exclude users of authenti
We have been using squid in a reverse proxy mode for several weeks now
and its been working well.
Lately we have remote users that have a transparent proxy and users
are getting hung when trying to access a particular page.
Going thru cache.log and all I see for every connection is "ALLOWED",
but
Guys,
Two questions for you.
Could you let me know a link where it shows a WCCP GRE example ?
I will need to do High Availability using PAC Files. Do you know a forum or
link with PAC files examples ?.
Thanks Guys !.
Hi again Amos,
After some extended reading of BlueCoat manual I have been able to
undertand how they do the things, and how confused were the guys of the
other team.
The first thing that shows up very clearly:
"HTTPS applications that require browsers to present client certificates
to
If I try and add the route, both fail with file exists err
[root@fw01 ~]# ip route add local 0.0.0.0/0 dev eth0 table 100
RTNETLINK answers: File exists
[root@fw01 ~]# ip route add local 0.0.0.0/0 dev eth2 table 100
RTNETLINK answers: File exists
James S. Binder
Vice President, Engineering
On Mar 13, 2011, at 9:09 AM, arielf wrote:
> Apparently the squid configuration is ok.
>
>
> http_port 3128 ssl-bump key=server-key.pem cert=server-cert.pem
> ssl_bump allow all
> --
>
> That is I tried a different 3rd party https site (my bank :) and everything
Hi Amos,
Ok, I have been able to discuss this a bit with the other team.
First of all, they have clarified the certificate stuff. As you
stated, the proxy would use its own certificate against remote sites, as
the other way would be a complete mess.
So the browser validates against t
Hi Amos,
Ah, well.
Normal HTTPS "through a proxy" uses a CONNECT tunnel. The encryption
inside that is end-to-end from client to the website server. The proxy
itself does not get involved (unless the MITM case is setup, then the
certificate breakage is the MITM admins problem/fault not yours).
On 15/03/11 23:19, Eugene M. Zheganin wrote:
Hi.
I'm running squid of different versions on my FreeBSD boxes (8.x,
i386/amd64).
I'm also using pam_auth to authenticate users against local (pam_unix)
and kerberos security databases.
Regardless of the arch and version, I have a couple of the boxe
On 15/03/11 23:04, Jaime Nebrera wrote:
Hi Amos,
I didnt know this. Might it be that they are confused and that they
might be using Kerberos or something like that that in essence is based
in certificates?
What do you mean by "they" being confused? You earlier said you were
setting this up. M
Hi.
I'm running squid of different versions on my FreeBSD boxes (8.x,
i386/amd64).
I'm also using pam_auth to authenticate users against local (pam_unix)
and kerberos security databases.
Regardless of the arch and version, I have a couple of the boxes that
periodically fail to release pam_a
Hi Amos,
I didnt know this. Might it be that they are confused and that they
might be using Kerberos or something like that that in essence is based
in certificates?
What do you mean by "they" being confused? You earlier said you were
setting this up. My answer was based around your question
On 15/03/11 20:22, Jim Binder wrote:
Trying this one more time to see if anyone might know what's wrong in getting
my transparent bridging with squid to work.
Config... pings work thought the box (the bridge is working however; the 3129
socket never pops with an HTTP request)
Admin on Eth1, I
On 15/03/11 20:26, Jaime Nebrera wrote:
Hi Amos and list members,
Reading the available information in the Internet I'm not sure if
this is possible or not.
It is. Though not easily.
Ok
Squid https_port can accept forward proxy traffic as easily as
reverse-proxy traffic. The difficulty co
Hi Amos and list members,
Reading the available information in the Internet I'm not sure if
this is possible or not.
It is. Though not easily.
Ok
Squid https_port can accept forward proxy traffic as easily as
reverse-proxy traffic. The difficulty comes when you find out that none
of th
Trying this one more time to see if anyone might know what's wrong in getting
my transparent bridging with squid to work.
Config... pings work thought the box (the bridge is working however; the 3129
socket never pops with an HTTP request)
Admin on Eth1, Internet on eth0 and Inside (client) i
26 matches
Mail list logo