On Sunday 09 March 2008 9:49:49 pm Chuck Kollars wrote:
How can I prioritize traffic on my _internal_ LAN (or
to use different words the _other_ side of Squid)?
OK
The first request for a very large file uses some
amount of drop bandwidth which I can control with
things like delay_pools.
On Thursday 13 March 2008 10:50:50 am J Beris wrote:
Hi Shane,
My krb5.conf
[libdefaults]
Default_realm = OURDOMAIN
[realms]
OURDOMAIN = {
kdc = 1.2.3.4
kdc = 1.2.3.5
kdc = host.domain
kdc = host1.domain
}
On Wednesday 12 March 2008 12:17:16 pm Leach, Shane - MIS Laptop wrote:
I currently have Samba 3.028 and Squid 7:2.6Stable set up to
authenticate Active Directory users to the proxy server. I want the
proxy to be transparent though and it is not.
Shane,
Transparent Proxy and Authentication
On Wednesday 12 March 2008 1:50:20 pm Leach, Shane - MIS Laptop wrote:
Dave,
Perhaps my terminology was incorrect. I am wanting Squid to log/filter
web traffic. I want permissions to be based on A/D security groups.
From what I read, using NTLM or Samba, I could do this... The proxy
works
On Wednesday 12 March 2008 4:31:16 pm Leach, Shane - MIS Laptop wrote:
I am not sure that I am clear. It is working already for the most part,
just not exactly as I want it to.
Take this example:
If I use command wbinfo -u I will receive the user Shane as one
account listed... But, in
Hello all,
I get auth popups on firefox 2 on my workstation (centos 4.6). My workstation
is also a domain machine using samba. Now I am aware of the ntlm problem with
winbind- that is, occasional popups. Is this to be expected for my machine as
well or should I use an ldap helper for
On Tuesday 04 March 2008 5:08:54 am Francisco Martinez Espadas wrote:
2.6stable18
I have a Centos5.0 box now- where did you get squid 2.6 stable18 from? I don't
see it in the upgrade path?
Thanks!
Dave
How are authenticating? It sounds like you are using mixed-mode
authentication: that is, the the old-style Domain Controller and the new
Active Directory.
My guess is that:
Your Squid box is using DC for authentication and the W2K3 server is
using AD. Do you have the same problem on another W2K3
max_challenge_reuses 5000
auth_param ntlm max_challenge_lifetime 5 minutes
I am using the NTLM_AUTH binary that comes with samba v3.
Thank you
-Original Message-
From: Dave Augustus [mailto:[EMAIL PROTECTED]
Sent: 09 September 2004 17:56
To: Charlie Grosvenor
Cc: [EMAIL
-Original Message-
From: Dave Augustus [mailto:[EMAIL PROTECTED]
Sent: 09 September 2004 18:40
To: Charlie Grosvenor
Cc: [EMAIL PROTECTED]
Subject: RE: [squid-users] Windows 2003 Strangeness
Did you compile Samba with kerberos 1.3? I am just guessing here but the
problem appears
Hello N.N.
The only thing here a little special is the group requirements but the
rest is pretty straightforward:
You need:
krb-1.31 or newer
samba-3
squid-2.5 stable
After compiling each of these, you use the ntlm_auth that comes with
samba and add the squid server to the AD.
Then you
How can I obtain this?
--Dave
On Wed, 2004-02-04 at 10:17, Henrik Nordstrom wrote:
On Wed, 4 Feb 2004, Serassio Guido wrote:
Please let me to know when the patch will be stable, I will test this new
code on Windows using NTLM NEGOTIATE.
The patch is stable and will get committed to
Henrik,
Thank you so much!
We have been fighting this problem for at least six weeks. I look
forward to migrating this into production.
Once again,
Thanks,
Dave
This may fix it for you.
I think that you have to set the LANG var in your environment to be C
This is done by changing the contents of /etc/sysconfig/i18n
Here is mine:
LANG=C
SUPPORTED=en_US.UTF-8:en_US:en
SYSFONT=latarcyrheb-sun16
Enjoy,
Dave
With ISA, it appears that you can use it as a transparent proxy (no
auth) and still log according to user? I personally don't see how this
is possible. Can anyone confirm or deny this?
--Dave
Hello Ben,
Ensure that you are referencing the ntlm_auth that comes with Samba V3.
--Dave
On Mon, 2004-01-12 at 09:01, Ben Kelley wrote:
Trying to get NTLM/seamless authentication working with IE in domain/AD
environment. Have browser setup to use proxy.
Basic authentication from a
Do you have a /etc/krb5.conf file?
My contains:
[libdefaults]
default_realm = MYWWORKGROUP
[realms]
MYWORKGROUP = {
kdc = pdc.myworkgroup
}
[logging]
kdc = SYSLOG:INFO
In your case, I think your krb5.conf would be:
[libdefaults]
default_realm = TEST.COM
[realms]
into this myself.
--Dave Augustus
On Mon, 2004-01-12 at 15:21, Konrad wrote:
Hello
1) Does squid with ESI support Basic Authorization? becouse I always get
TCP_MISS/200
2) Is is possible to cache links with parameters ? For example something like
this:
esi:include src=http://viper:8280/RDF1/esi
It appears that they are 2 methods to block streaming media using Squid.
req_mime_type and url_regex used in ACL statements
Am I correct in assuming that the req_mime_type would work *better* than
the url_regex because the mime_type is what tells the client machine
how to act on the content?
Hello Victor,
I haven't heard of using ldap for MSAD authentication.
I personally setup a Redhat 9 box running Samba 3, Kerberos 1.3.1 and
Squid 2.5stable4. It uses the *new* ntlm_auth from Samba 3.
Have you looked into this solution?
--Dave
On Mon, 2004-01-05 at 13:04, Victor Souza
have to do ?
-- Original Message ---
From: Dave Augustus [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: 05 Jan 2004 13:37:58 -0600
Subject: Re: [squid-users] squid authentication
Hello Victor,
I haven't heard of using ldap for MSAD authentication.
I
Hello,
(I am cross posting this to both the Squid and Samba-Tech list as it
relates to the integration of both- sorry! )
Here is the setup:
-1 W2K PDC and 2 W2K BDCs- no active directory
-lots of Windows clients: XP and W2K Cytrix
-Using Squid 2.5Stable4 and Kerberos 1.3.1 on RH9
We are using
Hello,
I hope this helps.
I recently created a test configuration of W2K3 server, W2k client and
Squid2.4.Stable (using Kerberos 1.3.1 and Samba3 on RH9). This setup,
after tweaking, performed well.
To migrate to production, the only thing that I remember doing
differently was *Samba* related,
Robert Collins
[EMAIL PROTECTED] To: Dave Augustus [EMAIL
PROTECTED
Hi,
2 recommendations-
1- Install SCSI raid instead (smaller files will be accessed faster)
2- Format the partition that has the cache as ReiserFS.
These can be accomplished *easily* by adding a SCSI Raid controller to
your current system, create a new partition on said controller, format
it
Wow, this is a great discussion.
I appreciate everyone's input whether I agree with the opinions
expressed or not.
Thanks for your help and your thoughts,
--Dave
On Thu, 2003-12-04 at 09:41, Dave Augustus wrote:
Hello All,
Realizing that most on this list are biased against Microsoft, I
Hello All,
Realizing that most on this list are biased against Microsoft, I am
asking you to put your biases aside and answer this question:
Why should I as a manager consider using Squid over Microsoft ISA in an
(almost) entirely Microsoft shop if neither solution is deployed yet?
Thanks,
Dave
Hello Henrik,
Ah ha! This is getting narrowed down.
I was puzzled as to why squid didn't crash during my latest attempts at
this project.
Your response to my made me wonder...
On Thu, 2003-11-20 at 19:06, Henrik Nordstrom wrote:
On 20 Nov 2003, Dave Augustus wrote:
On the browser side, I
OK, yeah I have cross-posted this problem on the samba-technical list.
Hopefully they have some ideas.
Thanks,
--Dave
On Fri, 2003-11-21 at 10:53, Henrik Nordstrom wrote:
On 21 Nov 2003, Dave Augustus wrote:
close(4)= 0
select(6, [5], NULL, NULL, {0, 0
/kadmind.log
Thanks for your time on this problem,
Dave Augustus
1690 GET
http://www.google.com/ - NONE/- text/html
1069368581.548 3237 172.16.215.30 TCP_MISS/200 1581 GET
http://www.google.com/ surfer DIRECT/216.239.39.99 text/html
Until next time,
--Dave Augustus
users ability to surf based on their lunch
hour so that means using NT Groups. Is there any other options for
transparent authentication on Squid?
Any other ideas are appreciated...
Thanks,
Dave Augustus
32 matches
Mail list logo