webuser external NT_global_group D-BI1\SurfeursWebCH
D-BI1\SurfeursWebCH-T
http_access allow ci-src auth webuser
http_access deny all
any clue what is not working ?
Arno Streuli
**
DISCLAIMER - E-MAIL
the code: TCP_MISS/401
What is wrong ?
squid 2.5S11 on Solaris 8 and Samba 3.0.20a
thanks
regards,
Arno Streuli
**
DISCLAIMER - E-MAIL
---
The information contained in this E-Mail is intended for the named
recipient
Hello,
I juste create a new proxy with squid 2.5S11 on solaris 8, I take the same
config (exceopt of the name of the server) that the one is running in
production on another server. But I get an access denied.
here is the cache.log (I don0't know why I got that on log, i didn't ask
for any debug
No solution was given before.
But Now I have one.
As you said access right is a step to look for.
My squid user did have the correct right that why I was unable to access
the smb.conf. Quite strange the error message that as nothing to do about
access rigth.
anyway thanks.
regards
Arno Streuli
Anyone got that on squid 2.5Stable 10 on solaris 8?
[2005/10/03 14:16:06, 1] libsmb/ntlmssp.c:ntlmssp_update(252)
got NTLMSSP command 3, expected 1
that hang most of my ntlm auth !
thanks
Arno Streuli
**
DISCLAIMER - E-MAIL
level = 1
wins server = 10.17.12.9, 10.17.17.8
idmap uid = 1-2
idmap gid = 1-2
winbind use default domain = Yes
not that mutch, and every wbinfo test are working.
I'm deperated, anyone can help ?
thanks in advance,
regards,
Arno Streuli
authentication failed
error code was NT_STATUS_TRUSTED_DOMAIN_FAILURE (0xc18c)
error messsage was: Trusted domain failure
Could not authenticate user domain\\bj% with plaintext password
but if I use squid and ntlm_auth every thing is working fine !??!
Any one can explain ?
thanks
regards,
Arno
plaintext auth = No
name resolve order = wins host
wins server = 10.17.12.9, 10.17.17.8
idmap uid = 1-2
idmap gid = 1-2
Arno Streuli
Hello,
is it possible to record the username (with domain) of all request made
through squid, but without doing any kind of authnetication ?
how can I do that ? (on squid 2.5S10 on Solaris 8)
thanks for the info,
regards,
Arno Streuli
the username is who is logged on the computer.
I don't see what is funny, that can help to trace who access what on the
net !?!
Since a computer can be used by many person.
I was thinking about doing a kind of ntlm excahnge without testing the the
result with the Windows DC (or LDAP)
Arno
?
regards
Arno Streuli
Serassio Guido
to recompile samba with thie GCC to see if that change anything.
Arno Streuli
Serassio Guido
/lib:/opt/ssl/lib
export LD_RUN_PATH=/lib:/opt/lib:/opt/ssl/lib
the bind I have installed is 9.2.3
Arno Streuli
Crédit Agricole (Suisse) SA
Chemin de Bérée 46-48, ch-1010 Lausanne 10
Tél. +41 58 321.5215 - Fax +41 58 321.5251
http://www.ca-suisse.com
Hello,
anyone know whta that mean ? (squid 2.5stable9 on solaris 8)
2005/08/22 03:05:37| WARNING: unparseable HTTP header field {GET
/scripts/autore
fresh/GetTechnicalAppletData.asp?command=fetchIntradayDays=1currencyPair=EURUS
D HTTP/1.1}
thanks
Arno Streuli
Crédit Agricole (Suisse) SA
Chemin de
descriptors available
2005/08/22 07:53:14| Performing DNS Tests...
2005/08/22 07:53:14| Successful DNS name lookup tests...
Illegal Instruction
have you more infot to try for me ?
regards
Arno Streuli
Crédit Agricole (Suisse) SA
Chemin de Bérée 46-48, ch-1010 Lausanne 10
Tél. +41 58 321.5215 - Fax
can you tell me what is wrong with my instalation, I'm always getting this
error:
ntlm_auth: error opening config file /usr/local/samba/lib/smb.conf. Error
was Illegal byte sequence
Thanks for any tips,
regards,
Arno
**
= squid4
server string = squid4 proxy %v
encrypt passwords = Yes
client ntlmv2 auth = yes
preferred master = No
local master = No
domain master = No
name resolve order = wins host bcast
wins server = 10.137.142.9 10.137.167.8
Arno Streuli
, 10.137.167.8
idmap uid = 1-2
idmap gid = 1-2
any other clue !!
Arno Streuli
Crédit Agricole (Suisse) SA
Chemin de Bérée 46-48, ch-1010 Lausanne 10
Tél. +41 58 321.5215 - Fax +41 58 321.5251
http://www.ca-suisse.com
) Resource temporarily
unavailable
2005/07/07 09:19:07| storeDiskdSend UNLINK: (11) Resource temporarily
unavailable
2005/07/07 09:19:07| ctx: exit level 0
Any clue why how to fix it ? (the last time I had that the server crash
after a while)
thanks for any input.
Arno Streuli
hmm can be.
I'm gona check that option !
Arno Streuli
**
DISCLAIMER - E-MAIL
---
The information contained in this E-Mail is intended for the named
recipient(s). It may contain certain privileged
Hello,
My squid 2.5S9 is working fin, whel almost, once in a while it ask me fot
my username/password via a prompt !?
and I can't trace why is that ?
anyone have anyidea how/where I can track trace that problem ?
thanks for your help
Arno Streuli
PS: it's running on Solaris 8 and samba 3.0.14a
webuserAutre external NT_global_group D-CH-BAM1\SurfeursWebBAMCH
D-CH-HCI1\SurfeursWebHCICH
acl auth proxy_auth REQUIRED
acl ca-src src 10.137.0.0/255.255.0.0
http_access deny ftp !techuser
http_access allow ca-src auth webuserCA
http_access allow !ca-src auth webuserAutre
http_access deny all
Arno
Well it's on basic auth, and it's setup to 2hours
so ?
Arno Streuli
Odhiambo
file path
cache_store_log none
cache_access_log /opt/squid/logs/access.log
cache_log /opt/squid/logs/cache.log
pid_filename /opt/squid/logs/squid.pid
redirect_children 20
coredump_dir /usr/local/squid/var
forwarded_for off
hierarchy_stoplist cgi-bin ?
Arno Streuli
yes you can
create 2 squid.conf
with 2 squid.pid and 2 different ports
look on google I'm sure you will find it. many many time this question
comme out !
regards,
arno
!techuser
http_access allow cai-auth webuser
http_access deny all
Arno Streuli
**
DISCLAIMER - E-MAIL
---
The information contained in this E-Mail is intended for the named
recipient(s). It may contain certain
a checksum of the file to see if it match the one on the site
? (but if I have the wrong file I'm not suppose to be able to do a gunzip
right ?)
thanks for the info,
regards,
Arno Streuli
**
DISCLAIMER - E-MAIL
do a checksum of the file to see if it match the one on the site
? (but if I have the wrong file I'm not suppose to be able to do a gunzip
right ?)
thanks for the info,
regards,
Arno Streuli
**
DISCLAIMER - E-MAIL
%7C60%253B6847486%7C6865382%7C1%253B%253B%257Esscs%253D%253fhttp%3A//www.zannonces.ch;
how can avoid that ?
I'm runing squid 25S9 on Solaris 8
thanks
Arno Streuli
**
DISCLAIMER - E-MAIL
---
The information contained
Hi,
I try to setup cachemgr.cgi on a web server other than my squid box.
anyone know what should I do to make it works ?
how did you setup cachmrg.cgi to speak with the squid box ? Is the option
of configure --enable-cachemgr-hostname
thanks for any help
Arno Streuli
Ok thanks Henrik,
the cachmgr.cgi is working on one solaris box, I can have the first page
(server, port, login password)
but when I click on 'continue'
I have an error:
Cache manager error
connect (146) connection refuse
If I do a tcpdump i can see some tcp request to a port 3128 onmy squid
Oups
sorry the port is suppose to be the port of the proxy not the default 3128.
regards,
Arno Streuli
**
DISCLAIMER - E-MAIL
---
The information contained in this E-Mail is intended for the named
recipient(s
is some Reserved or Deferred request in the NTLM authenticator
statistic menu
the avg request is 1700/min, is that ok ?
where can I look for other info ?
Arno Streuli
**
DISCLAIMER - E-MAIL
---
The information
Hello,
How can I use cachemgr.cgi if I don't have (wan't ) a web server in my
proxy ?
Any other solution ?
thanks
regards,
Arno
**
DISCLAIMER - E-MAIL
---
The information contained in this E-Mail is intended for
can make this procedure to work ?
thanks for your help if you can !
regards,
Arno Streuli
Crédit Agricole (Suisse) SA
Chemin de Bérée 46-48, ch-1010 Lausanne 10
Tél. +41 58 321.5215 - Fax +41 58 321.5251
http://www.ca-suisse.com
Hi,
its look like the user right is no correct on the winbindd_privileged
look under samba/var/lock
and give the right r-x to the group of squid and change the group member
ot the directory winbindd_privileged
should work then
regards,
Arno Streuli
Crédit Agricole (Suisse) SA
Chemin de
.
regards,
Arno Streuli
**
DISCLAIMER - E-MAIL
---
The information contained in this E-Mail is intended for the named
recipient(s). It may contain certain privileged and confidential
information, or information
if the domain of your user is mydomain, then try the folowing command:
wbinfo -r mydomain\\zef
don't forget the 2 backslash otherwise wbinfo will remove one and it will
fail.
Arno Streuli
Crédit Agricole (Suisse) SA
Chemin de Bérée 46-48, ch-1010 Lausanne 10
Tél. +41 58 321.5215 - Fax +41 58
to squid
nothing had change on the NT side, but is somehint wrong about the '-' on
the SurfeurWebCH-T ?
thanks for any help
regards
Arno Streuli
**
DISCLAIMER - E-MAIL
---
The information contained in this E-Mail
User: -d-ch\clob-
Group: -D-CH\SurfeursWebCH-
SID: -S-1-5-21-907243726-1387878072-1859928627-9560 Domain Group (2)-
GID: -10013-
Sending ERR to squid
ok maybe I'm not in the group 10013 but I'm in the 10001
(d-ch\\SurfeursWebCH-T) why it dosen test this one ?
Arno Streuli
Crdit Agricole
Hmm I think you can't forward NTLM authetication because of a miss use on
windows NT I think it's on the faq of Squid (11.14 proxy of cache).
Why we cannot proxy NTLM even though we can use it. Quoting from summary at
the end of the browser authentication section in this article:
Arno
Hello,
Again this morning my squid 2.5stable 5 crash
2004/08/23 08:23:26| assertion failed: helper.c:323: srv-flags.reserved
[2004/08/23 08:23:26, 1] utils/ntlm_auth.c:manage_squid_request(1592)
fgets() failed! dying. errno=0 (Error 0)
[2004/08/23 08:23:26, 1]
hello all,
I just upgrade my squid box (atually the test) from 2.5stabl1 to 2.5 stable
5, and then the squid is crashing almost on every request.
I'm running it on a solaris 2.8 box and here is what I have on the cache
log:
2004/08/18 12:57:09| storeDiskdSend: msgsnd: (11) Resource temporarily
Harg I'm stupid, of curse.
I was sure I did it on the test server too.
Okay okay, it's only setup on the production squid.
Thanks Marc, sorry for this stupid question !!
Regards,
Arno
Crédit Agricole Indosuez (Suisse) SA
Chemin de Bérée 46-48, ch-1010 Lausanne 10
Tél. +41 21 651.5215 - Fax
to solve it, I will gratfull if you can share it with me.
Best regards,
Arno Streuli
**
DISCLAIMER - E-MAIL
---
The information contained in this E-Mail is intended for the named
recipient(s). It may contain
Your first ACL allow full access from local network (192.168.1.0/24) if
your user arre inthis range squid will never go furher on the ACL check.
Move the first line at the end. So squid will proceed your deny first.
Ragards,
Arno
Hi,
Using Squid 2.5STABLE1 I got some error about the replacement policy.
If I use:
cache_replacement_policy heap LFUDA
I got:
May 12 23:25:21 squid2 squid[17782]: [ID 702911 user.alert] ERROR: Unknown
policy heap
May 12 23:27:24 squid2 squid[17822]: [ID 702911 user.alert] ERROR: Unknown
policy
Hi all,
I try to add some directory to my squid box, and following the FAQ (point
7.9) I should be able to do a squid -z who will look with the new cache I
have:
existing one:
cache_dir diskd /cache 2 16 256
new cache dir:
cache_dir diskd /cache1 16000 16 256
cache_dir diskd /cache2 16000 16
maybe the problen is not on the cache part of the disk but on the
squid_store.log and swap.log who is on the same disk.
try to remove some old squid_store.log and/or swap.log to see how it'
hanlde it.
Regards,
Arno
**
Hi,
My proxy was working fine a couple of month, then yesterday it crash 2
time:
the first time here is the cache.log
many time the next 2 line:
2004/02/09 08:53:35| AuthenticateNTLMHandleReply: invalid callback data.
Releasing helper '2740a8'.
2004/02/09 09:22:44| sslReadServer: FD 195: read
Hi Guys,
We upgrade to a new version of Java Pug-in on our IE browser (java 1.4.1)
and since then, when we try access a page on internet that have Java applet
the system ask for a basic authentication. (http://www.ilsole24ore.com as
example)
That didn't happen with the old version we have !
Hi,
One quick question for who I didn't find any answer on the web.
I need to have one proxy doing the authentication on a multi-domain
(forest) environement.
Anybody have a clue how I can tell squid to look with the right AD server
to authenticate ?
Without having to go to one AD, and then making
Hi,
I just re-install a proxy, with samba 3.0.1 and Squid 2.5 stable4, on a
solaris 8 box.
The samba part is working fin (wbinfo -a, -u and -g give me all the answer
I sould get)
But when I try to use squid and connect with a browser, squid crash after
the first two auth request (407 in the
Some more info.
I was able to make it works !?!
I comment the following 2 lines: ( I want to be able to allow some user to
download big file)
external_acl_type NT_global_group %LOGIN /opt/squid/libexec/wbinfo_group.pl
acl techuser external NT_global_group SurfeursWeb-T
#reply_body_max_size 0
bash-2.05# /opt/samba/bin/wbinfo -a login%password
plaintext password authentication failed
error code was NT_STATUS_INVALID_PARAMETER (0xc00d)
error messsage was: Unexpected information received
Could not authenticate user login%password with plaintext password
challenge/response
Hmm,
It works !?!?
bash-2.05# wbinfo -a login%password
plaintext password authentication succeeded
challenge/response password authentication succeeded
bash-2.05#
I just add the following line into my smb.conf
winbind use default domain = Yes
and this one still work:
bash-2.05#
Hi guys,
Sorry I try not call for help, but even with all the faq, the link and the
other messages I'm unable to make squid work in my config.
So here it is:
Samba 3.0.0
Squid 2.5 stable 4
Solaris 8
Samba was include in my ADS on my win2003
here is some output:
bash-2.05# /opt/samba/bin/wbinfo
Hi Squid guys,
I have a problème with my squid and some user:
My squid is using NTLM for 800 users, in 3 NT domain.
It make the NTLM request to one master domain who is trust by the 2 other
domain.
I have 1 domain that almost every monday the first and/or second user have
an access denied. And
58 matches
Mail list logo
