Repost. I have posted many times, but it never
turns up. Does this list block gmail? Anyways,
here's my question:
---
Hi y'all.
I have searched through the docs, and cannot find
alot on ldap_auth. I use Squid + LDAP instead of
SMB to authenticate against our 2003 Server. The
problem is that we ha
Matthias Dettling" wrote:
> grolschie wrote:
> > Repost, as the first never came through at my
end.
> > Sorry if it's a dupe.
> >
> > ---
> > Hi y'all.
> >
> > I have searched through the docs, and cannot
find
> > alot on ldap_auth. I use Squid + LDAP instead
of
> > SMB to authenticate against our
Matthias Dettling wrote:
> Hello grolschie,
>
> as I know %s isn't a variable that is passed to
> /usr/lib/squid/ldap_auth, instead it is a
variable from that program,
> which tells it, that %s must be replaced with
the username.
> By the way parameters of a shell script can be
found in $1, $2, .
Matthias Dettling wrote:
> >
> >
> >>Hello grolschie,
> >>
> >>as I know %s isn't a variable that is passed
to
> >>/usr/lib/squid/ldap_auth, instead it is a
> >
> > variable from that program,
> >
> >>which tells it, that %s must be replaced with
> >
> > the username.
> >
> >>By the way paramete
Hi.
Out of interest, which tool is the best choice to
provide details of which users visited which sites
and downloaded what content, without the need for
a stack of server stats?
cheers,
D.Radel.
- Original Message -
From: "Pophal Michael"
<[EMAIL PROTECTED]>
To: "'Jorge Enrique'" <[EMA
> > Hi Matthias (and anyone else reading this)
> >
> > I have tried the solution and cannot get it
> > working. I replaced this line:
> > auth_param basic program
> > /usr/lib/squid/ldap_auth ..
> > with reference to my script:
> > "auth_param basic program
> > /etc/squid/multi_domains
Gnutella is a peer-to-peer filesharing network:
http://www.gnutella.com/
How this relates to Squid? I dunno. Perhaps your
Squid has been configured to disallow it, and some
user is trying to use a Gnutella client (such as
Limewire, Gnucleus, etc) on your network?
grol
- Original Message -
- Original Message -
From: "saravanan ganapathy" <[EMAIL PROTECTED]>
To:
Sent: Friday, April 15, 2005 7:58 PM
Subject: [squid-users] How to stop play live audio/video files in the
internet
Hai ,
I have done the following configuration to block
downloading audio/video file extensions
1)
Hello grolschie,
i now have tested the script in a working environment.
At my site the script didn't work also.
The first problem was the string compare.
I only glanced at the script, so I didn't see the mistake.
In the future you should do string compares always in this way:
if [ "$DOMAIN1" == "O
The second problem was the way of reading the input from stdin.
I have here a complete script which should also work at your site.
---
#!/bin/sh
# read from stdin until EOF is received
while read INP; do
DOMAIN1=`echo $INP | /usr/lib/squid/ldap_
The second problem was the way of reading the input from stdin.
I have here a complete script which should also work at your site.
---
#!/bin/sh
# read from stdin until EOF is received
while read INP; do
DOMAIN1=`echo $INP | /usr/lib/squid/ldap_
From: "Henrik Nordstrom" <[EMAIL PROTECTED]>
To: "D & E Radel" <[EMAIL PROTECTED]>
Cc: "Matthias Dettling" <[EMAIL PROTECTED]>;
Sent: Tuesday, April 19, 2005 8:52 AM
Subject: Re: [squid-users] Configuring authentication with ldap_auth and two
d
We are trying to allow block access to certain sites to a certain group,
but not another group. Am I too ambitious? ;-)
Pretty standard thing for using squid_ldap_group.
Regards
Henrik
Hi Henrik,
Note: changed the subject as the topic of my original post has evolved. :-)
I see that you co-wrote sq
- Original Message -
From: "D & E Radel" <[EMAIL PROTECTED]>
To: "Henrik Nordstrom" <[EMAIL PROTECTED]>
Cc:
Sent: Tuesday, April 19, 2005 10:39 AM
Subject: [squid-users] squid_ldap_group - url access restrictions based on
group
We are trying to allo
Thanks Thien. :-)
grol
- Original Message -
From: "Thien Vu" <[EMAIL PROTECTED]>
To: "D & E Radel" <[EMAIL PROTECTED]>
Cc: "Henrik Nordstrom" <[EMAIL PROTECTED]>;
Sent: Tuesday, April 19, 2005 12:01 PM
Subject: Re: [squid-users] squid_
From: "Henrik Nordstrom" <[EMAIL PROTECTED]>
To: "D & E Radel" <[EMAIL PROTECTED]>
Cc: "Henrik Nordstrom" <[EMAIL PROTECTED]>;
Sent: Tuesday, April 19, 2005 7:57 PM
Subject: Re: [squid-users] squid_ldap_group - url access restrictions base
- Original Message -
From: "Joel Jaeggli" <[EMAIL PROTECTED]>
To: "Brett Glass" <[EMAIL PROTECTED]>
Cc:
Sent: Tuesday, April 19, 2005 9:31 PM
Subject: Re: [squid-users] Major malfunction: Squid and Windows Update
microsoft update makes a pretty serious effort to be uncacheable.
Can one
Can one simply set windowsupdate urls to not be cached then?
e.g.:
acl bypass dstdomain .windowsupdate.microsoft.com .windowsupdate.com
no_cache deny bypass
You'll have two problems if you do. First of all, your bandwidth will
be taxed severely (perhaps overwhelmed) by the flood of uncached Win
From: <[EMAIL PROTECTED]>
To:
Sent: Friday, April 29, 2005 7:31 PM
Subject: [squid-users] Squid and ADS's groups
Hello,
I build a squid cache-proxy machine using the winbind authentication, in
order to limit the access to the proxy only to the people authenticated in
the domain (win 2k). It work
From: "Kevin" <[EMAIL PROTECTED]>:
There are known issues where the automatic update feature may not be
able to make requests out to the Internet at all if you are using a
configured
proxy server (not transparency, but setting the proxy server and port in
control panel, and or using PAC).
Are ther
From: "Kevin" <[EMAIL PROTECTED]>
Yes, there is a fix.
While "Windows Automatic Update" on WinXP doesn't inherently pick
up proxy settings for IE from the Control Panel, there is a command-line
tool called "proxycfg" (installed via SP2?) which can force WAU to use
a proxy. Apparently there is also
How many of these tests will you send us? All your posts have arrived:
http://marc.theaimsgroup.com/?l=squid-users&r=1&b=200505&w=2
I have found that *gmail* and the squid mailing lists are *not* a good
match. Your posts have indeed been received by the list, but they never seem
to arrive at the
That is indeed strange. It shows my routers IP and not my local IP.
Why are you using a website to determine your local IP? Maybe there is
another solution to your problem.
regards
Dietrich
- Original Message -
From: "Rahul Sinha" <[EMAIL PROTECTED]>
To: "D & E
Hello.
We wish to cache all internet websites but not our local webservers. We have
alot of students with their own webpages which are modified frequently and
do not wish to run into problems with .asp and old versions of pages in the
cache. Which is the better option: no_cache or always_direct
Hi there,
This is a real n00b question. Sorry. Our squid setup is working nicely and
DNS is being resolved nicely for internet domain names no problem. However,
local computer names are not resolved with the squid server. eg:
http://my-server/index.html will fail.
Our system is a Windows 2003 d
Kevin Kadow wrote:
Most people who follow this list will know what my automatic response is
to this question...Proxy Automatic Configuration (PAC) scripting!
http://www.squid-cache.org/Doc/FAQ/FAQ-5.html
Ah.. excellent. Great idea.
Are these names resolvable via a search suffix on an Intranet D
From: "Matus UHLAR - fantomas" <[EMAIL PROTECTED]>
On 10.05 17:02, D & E Radel wrote:
We wish to cache all internet websites but not our local webservers. We
have alot of students with their own webpages which are modified
frequently
and do not wish to run into problems with .
From: "Kevin" <[EMAIL PROTECTED]>
On 5/10/05, D & E Radel <[EMAIL PROTECTED]> wrote:
> This is a real n00b question. Sorry. Our squid setup is working nicely
> and
> DNS is being resolved nicely for internet domain names no problem.
> However,
> local
From: "Kevin" <[EMAIL PROTECTED]>
If you reconfigure squid using the "--disable-internal-dns" flag,
recompile, and re-install, squid will go back to the old behavior of
using "dnsserver" with the system resolver library (which obeys
/etc/resolv.conf), instead of the embedded DNS code.
This should a
From: "Chris Knipe" <[EMAIL PROTECTED]>
I've written a custom authentication handler, which does seem to work.
Reads
from STDIN, Authenticates, and returns either OK or ERR on STDOUT back to
squid.
My next step, I want to allow a certain block of addresses http_acess,
deny
everyone else, but als
From: "Chris Knipe" <[EMAIL PROTECTED]>
[EMAIL PROTECTED]:/usr/local/libexec/squid#
/usr/local/libexec/squid/cenergy_auth
OK^C
Squid does start the perl childs to run the script. I am however doubting
that
Squid actually sends the requests off to the script - the scripts never
queries
anythin
I m using squid 2.5 stable ,everything is working fine , but warez a
p2p client is not working . what can be the issue .
Help awaited , also i would be great if neone can tell me what port
the warez client use to connect to server.
Hi Dev
You already did get a reply that would help last time you po
From: "Chris Knipe" <[EMAIL PROTECTED]>
Turned on some debugging... I am now seeing
2005/05/11 12:36:23| The request GET http://www.microsoft.com/ is DENIED,
because it matched 'Authenticated'
hmm... I'm reasonably new to squid, but I would've thought that
"authenticated" would be a reserved word
Hmmm ok
Well I did add some debugging to my custom auth perl script via syslog...
It never receives anything from squid to authenticate, and that's what
debug tells me $_ is always empty as far as my script goes. This is
definately something with my squid config that is not on par...
--
Ch
From: "dev singh" <[EMAIL PROTECTED]>
Hi Dietrich,
i hav checked these things but i m not getting solution for this. I
hav checked with tcpdump also but it is working as port scanner , i m
not getting the port on which it connects, i would be greatfull to u
if u can get me the port of warez client
From: "Chris Robertson":
If you are able to ping a domain-name-less box from the command line, but
can't surf to it through Squid, then you should check your squid.conf for
the dns_nameservers directive (make sure it's commented). Squid, by
default
will use the /etc/resolv.conf file to determine
From: "Henrik Nordstrom":
On Wed, 11 May 2005, D & E Radel wrote:
I added the append_domain option in Squid. This worked, however not
without problems. We have *two* domains with lengthy names. When using
append_domain, it blindly adds the single domain suffix to any computer
nam
From: "Chris Knipe" <[EMAIL PROTECTED]>:
On Wed, May 11, 2005 at 02:02:12PM +0200, Chris Knipe wrote:
# This is the main loop for authentication requests
while () {
^
Either squid, or perl does not like this
while (my $Input = ) {
Works :)
*yay* it only took me a day
From: "Ryan Lamberton" <[EMAIL PROTECTED]>
Is there a good (free?) virus scanner that works with squid? One of my
users must have a virus and my data provider keeps telling me that I have
a beagle virus:
Probably best to ensure that users have up-to-date anti-virus software
installed on their w
Hi there.
When a user types http://localhost/ in the web-browser, I presume that
"localhost" to Squid means the IP address of the Squid server, not the IP
address of the client. Is there a way to map "localhost" DNS requests in
Squid back to the client pc so that they can still use the "localhos
Hi there.
Can anyone point me in the direction of some decent Sarg info? The man page
is minimal, as is the sarg website.
I'd like to know more about how to configure it. I see it is running some
kind of web-server on my machine after installing via Debian's apt-get, but
would like to figure ou
From: "Ricardo López Urrutia" <[EMAIL PROTECTED]>
Radel;
Sarg doesn't run a Webserver, your server is the one running the
Webserver and Sarg uses it to display the information collected from the
logs. If you need further info about how to configure sarg sarg.conf will
do the job,
I have just read about Windows Server Update Services which is seemingly
a free service for Server 2003 and has a client for each XP machine. Not
sure which is the best route to take though.
SUS is a very good route in terms of bandwidth, allowing you to have local
mirrors of windows update.
Th
An excellent HOWTO guide:
http://kb.papercutsoftware.com/Main/ConfiguringSquidProxyToAuthenticateWithActiveDirectory
Regards,
Dietrich
- Original Message -
From: "Jiří Červenka" <[EMAIL PROTECTED]>
To:
Sent: Thursday, May 19, 2005 6:24 PM
Subject: Re: [squid-users] How to get user informa
Hi
You should probably comment out multiple attempts to authenticate. In your
second attempt you have spelt "quest" as "qust". You also haven't specified
an OU for the user "Manager", or a -f parameter.
Try debugging at the commandline. eg:
echo "username password" | /usr/lib/squid/squid_l
fi
done
Then go: echo "username password" | ./scriptname.sh
Modify the script and re-run until you get it working. Saves alot of typing
errors on the commandline. Probably not the most elegant way of writing the
script, but it works for me. :-)
regards
Dietrich
- Or
I tried with this guide but it still not work. Have you ever tried this?
http://kb.papercutsoftware.com/Main/ConfiguringSquidProxyToAuthenticateWithActiveDirectory
An excellent guide. I tried it and it works with our AD setup. Using
ldap_group took a while to debug and get working.
You still
Hi there,
There following url spits causes an error in Squid:
https://loginnet.passport.com/ppsecure/md5auth.srf?lc=1033
We get the following error message:
ERROR
The requested URL could not be retrieved
--
The easiest way to set up authentication with AD is:
http://kb.papercutsoftware.com/Main/ConfiguringSquidProxyToAuthenticateWithActiveDirectory
That webserver was down though earlier today.
d.radel.
- Original Message -
From: "Abbas Salehi" <[EMAIL PROTECTED]>
To:
Sent: Wednesday, Jul
The easiest way to solve is to run the squid_ldap_auth program from
commandline and see the results. Various things can cause it to fail, such
as passwords with an ! in it, etc.
D.Radel.
- Original Message -
From: "selvam" <[EMAIL PROTECTED]>
To:
Cc: <[EMAIL PROTECTED]>
Sent: Wednes
- Original Message -
From: "D & E Radel" <[EMAIL PROTECTED]>
To:
Sent: Tuesday, July 05, 2005 4:27 PM
Subject: [squid-users] passport.com url error with Squid
Hi there,
There following url spits causes an error in Squid:
https://loginnet.passport.com/pps
Any takers? Does the url
https://loginnet.passport.com/ppsecure/md5auth.srf?lc=1033 fail on anyones
Squid using IE?
Dietrich
The url is passed to IE from clicking the check email link in MSN/Windows
Messenger. Gets message invalid URL message from Squid. Typing it in, the
site complains abou
Greetings.
Sorry if this is a recurring question. I checked through the Squid FAQ and
didn't see anything on caching email. I have set our Outlook clients to use
IE's LAN settings, however the proxy is not working for Outlook.
I am guessing we need some email proxy system. What is the best no
>
> yep. or add an authenticator using samba. lots of docs on that.
>
> john
>
I have seen something about samba beeing used to authenticate squid users,
but have
never tried anything like that in squid . Now I know it's possible I'l dig
into it and see what
posibilities there are.
Thanks
ing without prompting? :-)
--- On Mon 07/11, D & E Radel < [EMAIL PROTECTED] > wrote:
From: D & E Radel [mailto: [EMAIL PROTECTED]
To: [EMAIL PROTECTED], squid-users@squid-cache.org
Date: Tue, 12 Jul 2005 08:53:41 +1200
Subject: Re: [squid-users] Can the MS Windows user-name be logged in
i suppose it all depends on the size of the network and the patience of
the users(!).
ldap lookup would be fine for a small bunch of people, and you are right
that its really quick to setup, especially if you are new to the whole
squid thing. samba however, isn't all *that* hard to implement
On our Domain I use:
/usr/lib/squid/squid_ldap_group -R -b "dc=myorg,dc=org" -D
"cn=Administrator,cn=Users,dc=myorg,dc=org"
-w "mypassword" -f "(&(objectclass=person)(sAMAccountName=%v)
(memberof=cn=%a,dc=myorg,dc=org))" -h 192.168.1.1`
grol
- Original Message -
From: "Syed
The easy way is with LDAP:
http://kb.papercutsoftware.com/Main/ConfiguringSquidProxyToAuthenticateWithActiveDirectory
grol
- Original Message -
From: "Yong Bong Fong" <[EMAIL PROTECTED]>
To:
Sent: Friday, August 26, 2005 1:07 PM
Subject: [squid-users] windows 2003 server active directo
Hi there
Squid is authenticating with no problems with our domain via LDAP.
I wish to use the built-in Active Directory account option to restrict
which computers a user on our domain can log into (i.e. instead of being
able to log into 'all computers', just their own). If I enable this
setti
useful with a limitde number of users and
workstations.
hope this helps.
Quoting D & E Radel <[EMAIL PROTECTED]>:
Hi there
Squid is authenticating with no problems with our domain via LDAP.
I wish to use the built-in Active Directory account option to
restrict
which computers a user on our d
From: "Serassio Guido" <[EMAIL PROTECTED]>
To: "D & E Radel" <[EMAIL PROTECTED]>;
Sent: Saturday, August 27, 2005 3:27 AM
The easiest solution is not to restrict what computers our users can
log into. But, I'd like to figure out if it's p
Hi there.
Our users are complaining of intermittant squid problems. Browsers will
show "page cannot be displayed" (e.g. for www.google.com) but hitting
refresh, the page will be displayed ok. Everything was going alright for
months, but now this problem.
The only things I have done are add a
- Original Message -
From: "Askar" <[EMAIL PROTECTED]>
To: "Bonnici Daniel" <[EMAIL PROTECTED]>
Cc:
Sent: Thursday, October 06, 2005 11:09 PM
Subject: Re: [squid-users] Which the best OS for Squid?
Bonnici Daniel wrote:
Hi, which is the best linux OS for security and to run squid?
From: "Nathan Reeves" <[EMAIL PROTECTED]>
To:
Sent: Thursday, October 06, 2005 10:03 PM
Subject: [squid-users] AD group changes don't get applied until restart
of Squid -> Is this normal?
Got NTLM authentication working fine with Stable11 on
Windows 2003 Server STD. Just finding that when I
- Original Message -
From: <[EMAIL PROTECTED]>
To:
Sent: Tuesday, October 11, 2005 9:56 AM
Subject: Re: [squid-users] Performance tweaks
Squid's url_regex is a hideously slow way of managing blackholed
urls/sites/domains.
I'm not necessarily blaming the program itself, the fact is,
Thirdly, can someone PLEASE answer my question about setting "/" to
'noatime', as opposed to avoiding it by telling me how and why what
I'm
doing
is stupid?
Once again, are there pitfalls to having '/' set to 'noatime'?
If your squid box is only used for Squid then there are *probably* no
pi
Rather than the standard page displayed with the email address of the
cache administrator, is it possible to customize the page that is
displayed?
TIA,
D.Radel.
Rather than the standard page displayed with the email address of the
cache administrator, is it possible to customize the page that is
displayed?
See deny_info and/or the FAQ.
Regards
Henrik
Many thanks. :-)
D.Radel.
If that really is the case, how about blocking access to that "some
server" and cancelling your customer's account?
- Original Message -
From: <[EMAIL PROTECTED]>
To:
Sent: Wednesday, October 26, 2005 9:36 AM
Subject: [squid-users] Spam mail through Squid server
Hi
I am running tra
If you use a Windows Domain, you can set a Group Policy for all pcs that
will dictate their homepage. This is for IE only, not other browsers
though. Another option is group polcies or scripts on the clients.
D.Radel.
- Original Message -
From: "Sam Lee" <[EMAIL PROTECTED]>
To:
Sent:
An excellent walk-thru for ldap_auth and Active Directory:
http://kb.papercutsoftware.com/Main/ConfiguringSquidProxyToAuthenticateWithActiveDirectory
regards,
D.Radel.
- Original Message -
From: "Adam Aube" <[EMAIL PROTECTED]>
To:
Sent: Friday, November 04, 2005 5:19 AM
Subject: [squi
Hi there,
I have googled and also searched the mail archives. Is "squish" the best
package to limit individual users to xMB per day? Or is there something
better?
Thanks in advance.
D.Radel.
Hi there,
I was running Debian old stable until today. I upgraded to current stable, rebooted and all was
fine. Squid seemed fine.
I then installed Squish - which went badly, so I removed it as per their FAQ file. Squid was a no
go. I then reverted to my old previously working squid.conf and
# ADMINISTRATIVE PARAMETERS
# -
# Email address displayed when error occurs or access is denied
#-----------
cache_mgr [EMAIL PROTECTED]
Amos Jeffries wrote:
D &
Steve Snyder wrote:
Looking around, I find plenty if examples on how to block object types
and/or domain, but not on a full URL.
Can someone point to an example of how, on Squid 2.6S13, to block access
to a specific URL?
Thanks.
I put all each url on a separate line in a text file and us
Matt wrote:
Does Squid need restarted everytime you add to blocked sites?
Matt
I put all each url on a separate line in a text file and use the
following:
# Block websites using url or keywords.
# Uses "\.file$" format to block file extensions
#--
Henrik Nordstrom wrote:
tis 2007-05-29 klockan 16:50 +1200 skrev D & E Radel:
Dang! Adding the line: "HTTP_PORT 3128" stops the error, but now I get no authentication prompt in
my browser. Restarting squid is fine, but it doesn't seem to talk to my client's browser a
D & E Radel wrote:
Henrik Nordstrom wrote:
tis 2007-05-29 klockan 16:50 +1200 skrev D & E Radel:
Dang! Adding the line: "HTTP_PORT 3128" stops the error, but now I
get no authentication prompt in my browser. Restarting squid is fine,
but it doesn't seem to talk
Henrik Nordstrom wrote:
tis 2007-06-05 klockan 07:40 +0700 skrev Arianto C Nugroho:
Quoting McDouglas <[EMAIL PROTECTED]>:
Hi!
Is is possible to to assign delay pools to acls instead of domain
names? I use an external acl to verify if a given user belongs to a
given windows group (using wbi
Hi there,
After upgrading from squid 2.5 to 2.6 (Debian oldstable to Debian stable), everything now seems to
work except SARG. SARG now complains about a missing: /var/log/squid/access.log
Is there a change in the squid.conf that requires me to specify this somewhere?
Thanks in advance,
D.Ra
Henrik Nordstrom wrote:
tis 2007-06-05 klockan 14:48 +1200 skrev D & E Radel:
Hi there,
After upgrading from squid 2.5 to 2.6 (Debian oldstable to Debian stable), everything now seems to
work except SARG. SARG now complains about a missing: /var/log/squid/access.log
Is there a chang
Henrik Nordstrom wrote:
tis 2007-06-05 klockan 16:09 +1200 skrev D & E Radel:
Henrik Nordstrom wrote:
tis 2007-06-05 klockan 14:48 +1200 skrev D & E Radel:
Hi there,
After upgrading from squid 2.5 to 2.6 (Debian oldstable to Debian stable), everything now seems to
work except SA
Etienne Pretorius wrote:
Hello List,
I have a slight problem. I need to squid to authenticate against a samba
PDC with an LDAP backend. I would like it to do the Authentication
without the help of SAMBA and to get the password right out of the LDAP
server and unhash.
Would this be the he
Hi all,
I am currently using a delay pool to throttle users a certain ldap_group to a
slow speed.
I wish to throttle access to certain bandwidth heavy websites. I added the ACL "slow_sites" to my
existing delay pool as follows:
acl slow_sites url_regex -i "/squid_stuff/slow_sites.txt"
No takers? Thanks in advance. :-)
D.Radel.
D & E Radel wrote:
Hi all,
I am currently using a delay pool to throttle users a certain ldap_group
to a slow speed.
I wish to throttle access to certain bandwidth heavy websites. I added
the ACL "slow_sites" to my existing delay p
[EMAIL PROTECTED] wrote:
No takers? Thanks in advance. :-)
D.Radel.
D & E Radel wrote:
Hi all,
I am currently using a delay pool to throttle users a certain ldap_group
to a slow speed.
I wish to throttle access to certain bandwidth heavy websites. I added
the ACL "slow_sites"
Henrik Nordstrom wrote:
tor 2007-06-21 klockan 14:22 +0100 skrev Julian Pilfold-Bagwell:
If I am to guess you might need to allow access to the windows update
servers without using authentication.
Is it possible to do that while retaining authentication for users?
Yes.
Just allow access t
Dan OConnor wrote:
I have just replaced my old squid box with a new one, the old proxy
was set to do local administration and the new one is set to do LDAP.
I do have the authentication working for most of the users but there
is a few that will not get prompted for a box and I can't figure
it ou
D & E Radel wrote:
[EMAIL PROTECTED] wrote:
No takers? Thanks in advance. :-)
D.Radel.
D & E Radel wrote:
Hi all,
I am currently using a delay pool to throttle users a certain
ldap_group
to a slow speed.
I wish to throttle access to certain bandwidth heavy websites. I added
Matus UHLAR - fantomas wrote:
On 24.06.07 22:36, Jigar Raval wrote:
How to block proxy avoidance in squid.
if you are asking, use question mark (?) please.
You can't block proxy avoidance in proxy. You can block it on
router/firewall. The principle of proxy avoidance is that proxy does not
kn
Frederick Willian Borges Pohl wrote:
Hello,
I have been given a task that I don´t know were to start, so I´m asking fellow
list subscribers for some guidance.
I need to implement web restrictions for different departments. For example, I
need that the marketing department has access to hotmai
You could try something like this:
/usr/lib/squid/squid_ldap_group
-R
-b "ou=cramif,dc=cramif,dc=cnamts,dc=fr"
-D "cn=username,cn=users,dc=cramif,dc=cnamts,dc=fr"
-w "password"
-f
"(&(objectclass=person)(sAMAccountName=%v)(memberof=cn=%a,dc=cramif,dc=cnamts,dc=fr))"
-h 55.171.210.72
Replace use
Jagdeep Shrivastav wrote:
Hi,
Thanks for your prompt reply. I went through the url to completethe
configuration,
when i execute the command
/usr/lib/squid/squid_ldap_auth -b "dc=my,dc=domain" ldapserver
or
/usr/lib/squid/squid_ldap_auth -b "dc=my,dc=domain" -h IPofLDAPServer
and after providi
[EMAIL PROTECTED] wrote:
Hi,
Thank you for this information but I doubt, because I read the (poor)
documentation and digest_ldap_auth is not for store a password in AD !
The only good way i can find on the web is this link :
http://nixforums.org/about143268.html&highlight=
Thank and have a g
UK SquidUser (AXA-TECH-UK) wrote:
hi, i'm trying to migrate to a new platform of squid proxy servers using
active directory. I can't seem to find any pointers on configuring
squid/kerberos/samba to use multiple domains for authentication.. i've
configured a test box to point through a single doma
Whoops. Change replace that "dc=second" with "dc=first" in the DOMAIN1 part of the script and you'll
understand what I meant. I didn't proof read after making the edits.
Cheers,
Dietrich
D & E Radel wrote:
UK SquidUser (AXA-TECH-UK) wrote:
hi, i'm
Example ACL:
=
acl blocked_content url_regex -i "/home/me/blocked_sites.txt"
http_access deny blocked_content download all
http_access deny blocked_content all
http_reply_access deny blocked_content all
=
Contents of plain text file
id restart
Regards,
D.Radel.
- Original Message -
From: Mark T. C.
To: D & E Radel
Sent: Tuesday, January 03, 2006 8:01 AM
Subject: Re: [squid-users] New to List needing squid.conf help!
When I try and compile (squid -k reconfigure) after adding these lines
to squid.conf, I get er
Step by step:
http://kb.papercutsoftware.com/Main/ConfiguringSquidProxyToAuthenticateWithActiveDirectory
D.Radel.
- Original Message -
From: "Nolan Rumble" <[EMAIL PROTECTED]>
To:
Sent: Wednesday, January 04, 2006 10:01 PM
Subject: [squid-users] Squid and LDAP authentication
Hi,
I'
Try: header_access X-Forwarded-For deny all
Deny should come afterwards.
D.Radel.
- Original Message -
From: "Jason Bassett" <[EMAIL PROTECTED]>
To:
Sent: Saturday, January 07, 2006 10:31 AM
Subject: Re: [squid-users] Squid is blocking access to some BBC news
sites
Hello again
1 - 100 of 121 matches
Mail list logo