Try to put -R before -b
/basic_ldap_auth -R -b “dc=foo,dc=bar"
Jay
On Tue, Jun 24, 2014 at 2:57 AM, Peter Ong wrote:
> Hello Everyone,
>
> Why does /usr/lib64/squid/basic_ldap_auth require an ou in the -b argument?
>
> If I give it a:
>
> -b “dc=foo,dc=bar”, it does
Hi,
Proxy_auth is only possible on explicit proxy setup and not on interception
setup.
The squid wiki explains why.
Jay
Sent from my BlackBerry® wireless handheld
-Original Message-
From: "anly.zhang"
Date: Sat, 17 May 2014 06:39:02
To:
Subject: [squid-users]
Tom,
No problem. Make sure you have the latest version of Squid or at least
version 3.3 to use server-first
Jay
On Mon, May 12, 2014 at 3:54 PM, Tom Holder wrote:
> Thanks Jay, it's not the CA I have an issue with, I can easily get
> that installed.
>
> On Mon, May 12, 201
main root CA.
*Our organization has existing internal PKI that we're currently using
for our Microsoft NPS/802.1x. That keeps us out from headache by
installing a new self-signed CA to each computer for Squid SSL
bumping.
Regards,
Jay
On Mon, May 12, 2014 at 3:06 PM, Dan Charlesw
environment you have. The main advantage of this
setup is you don't need to install a self-signed CA by squid in each
computer.
Jay
On Mon, May 12, 2014 at 2:41 PM, Tom Holder wrote:
> Hi Amos,
>
> Thanks for that. Yes I understand the legalities, this isn't to
>
e.com .microsoft.com .live.com
ssl_bump none numeric_IPs
ssl_bump none Skype_UA
ssl_bump none broken
ssl_bump server-first all
Jay
On Thu, May 8, 2014 at 3:48 PM, Rafael Akchurin
wrote:
> Hi Jay and others,
>
> If I am not mistaken based on your redirection description (transparent
> p
etc.
acl sslsites dstdomain .facebook.com .twitter.com .linkedin.com
ssl_bump server-first sslsites
We don't have any video conferencing alternative than skype that's
why it's allowed in the company.
Regards,
Jay
On Thu, May 8, 2014 at 5:27 AM, Marcus Kool wrote:
>
pted by Squid.
I'm wondering if there's someone who successfully allowed Skype to
fake CONNECT to squid (I'm referring to interception not explicit
proxying). I cannot fully implement https interception until I find a
solution to properly intercept Skype.
Many thanks in advance for all
?
Thanks,
Jay
On Fri, May 2, 2014 at 6:57 PM, Amos Jeffries wrote:
> On 2/05/2014 10:34 p.m., Jay Jimenez wrote:
>> Hi,
>>
>> I have squid setup that is currently doing transparent SSL
>> interception. Almost all websites work flawlessly like
>> https://facebook
d 443 and some business ports
that's why Skype will always be redirected by our WCCP router to the
squid box.
My openssl version is OpenSSL 1.0.1e 11 Feb 2013
My squid version is 3.4. I also tried different Squid versions but failed.
Any help will be greatly appreciated.
Many Thanks,
Jay
is rock solid and always has
been.
--
Jay Rouman (j...@dexter.mi.org j...@edzone.net)
en stressed.
I will create another group and assign a few users from group2, and see how it
goes.
There are about 3000 users in here, so cannot reassign the group easily,
unfortunately.
I am very appreciate your advise.
Thank you!
Jay
d I guess.
Furthermore, I checked access.log for gmail.com by logging on as a user who
belong to group2.
"tailf /var/log/squid/access.log" and tailf /var/log/dansguardian/access.log"
but cannot show anything.
On the other hand, when I access to such as cnn.com, it shows real time info.
U..
I need help, pls?
Jay
I wanted to know if there was a way to implement a Squid server into your
environment without having to modify any browser settings. Every article
I've read says that even if you use DNS/DHCP you still have to point the
browser to a configuration file but the only advantage is that if you move
ication from browser to squid securely? For example, front
ending the proxy authentication with a webpage and passing a message to
squid to allow proxy to those who authenticate on the webpage. Or does
everyone roll their own?
Thanks much in advance.
-Jay
signature.asc
Description: OpenPGP digital signature
tch, with it still producing
many errors (H and C files not matching up/incorrect syntax). It also is
using X-forward which I don't want to use.
I would really like to get this running correctly, within the limits
I have (with only being able to run a few versions of squid).
Thank you,
Jay
As I said, It works fine for me on FC3 using BDB 3.2.9
Regards
Jay
> -Original Message-
> From: Enrique Charry [mailto:[EMAIL PROTECTED]
> Sent: Friday, 1 July 2005 7:28 AM
> To: Squid Users
> Subject: [squid-users] Re: Installing SquidGuard with Fedora Core 3
>
>
&
s had been proven by others to not work..
Perhaps the wording to my reply was a little misleading.
I just know that it definately works with 3.2.9 and it is something easy
this user could check/try.
Jay
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> S
: (January 24, 2001)
Regards
Jay
> -Original Message-
> From: Enrique Charry [mailto:[EMAIL PROTECTED]
> Sent: Thursday, 30 June 2005 6:10 AM
> To: squid-users@squid-cache.org
> Subject: [squid-users] Installing squidGuard - Fedora Core 3
>
>
> Dear List:
>
> I am i
> From: Jay Turner [mailto:[EMAIL PROTECTED]
>
> Just downloaded STABLE10 tar.gz and there doesn't seem to be a
> squid.conf.default where I would expect it in src/
>
> Didn't notice anything on the changelog about it being moved...
> Has it been
> left
Just downloaded STABLE10 tar.gz and there doesn't seem to be a
squid.conf.default where I would expect it in src/
Didn't notice anything on the changelog about it being moved... Has it been
left out accidently?
Thanks
Jay
> > From: Robert Becskei [mailto:[EMAIL PROTECTED]
> > Hello,
> >
> > with the help of the people at this mailing list I managed to
> > configure my
> > proxy server so that there is a master
> > user who can do anything, and there is normal internet user who
> can only
> > browse and download a
> From: Robert Becskei [mailto:[EMAIL PROTECTED]
> Hello,
>
> with the help of the people at this mailing list I managed to
> configure my
> proxy server so that there is a master
> user who can do anything, and there is normal internet user who can only
> browse and download a few types of files.
3.0 and trying to specify the Squid
Winbind helpers (for 2.2.7) which won't work.
In the FAQ (http://www.squid-cache.org/Doc/FAQ/FAQ.html#toc23.5) Under
"Configure Squid" it states for Samba 3.X only use
--enable-auth="ntlm,basic", the
helpers --enable-basic-auth-helpers="winbind"
& --enable-ntlm-auth-helpers="winbind" would only be used for Samba 2.X
Jay
/var/lib/samba/winbindd_privileged/
Failing that, I don't know why it doesn't work.
Jay
thesite
to stop the page being cached and allow access to it before Squid requires
Authentication but that didn't resolve it.
Does anyone have any ideas? IIRC isn't there an issue that IIS NTLM
authentication cannot be proxied? Could that be the case here?
Thanks in advance
Regards
> > You can only have one IP declaration per source created..
> >
> > As taken from SquidGuard.org:
> >
> ---(SNIPPED)---
> >
> > HTH
> >
> > Regards
> > Jay
> >
> >
>
> Not so Jay.
>
> From: http://www.s
es could look something like (Though the preferred use of
"iplist" over "ip" is for long lists of WS/PC addresses primarily to reduce
the size of the configuration file):
10.0.0.0/8
172.16.0.0/12
192.168.0.0/16
"
HTH
Regards
Jay
aking any changes to any source.
I just setup a number of squidguard userlists which I reference in my
squidguard.conf file.
Each file contains users in the following format:
user1
user2
user3
That's all that was required for me and I can now filter users depending on
their ADS user name via SquidGuard.
I'm not sure why the article you reference states you need to make changes.
I'm sure there is a good reason, I just know that I made no changes.
Regards
Jay
Try SARG..
http://sarg.sourceforge.net/sarg.php
It should do exactly what you want.
Jay
> -Original Message-
> From: Payal Rathod [mailto:[EMAIL PROTECTED]
> Sent: Thursday, 19 August 2004 12:36 PM
> To: Squid ML
> Subject: [squid-users] log analysers
>
>
>
Will
acl localnet src 172.16.0.0/19
acl ahost src 172.16.1.1
acl conn_15 maxconn 15
http_access deny ahost conn_15
http_access allow localnet
or similar not work for you?
> -Original Message-
> From: Sergey Matveychuk [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, 27 July 2004 3:28 PM
>
ment (OS, GCC etc) and then deploy the compiled /usr/bin/squid binary
to the production server?
Would this work? or are there other files that would need replacing also?
I hope I have been clear.
Thanks in advance
Jay
ies system wide.
Anybody care to add their two cents???
TIA,
Jay
- Original Message -
From: Henrik Nordstrom <[EMAIL PROTECTED]>
Date: Wednesday, April 21, 2004 8:17 pm
Subject: Re: [squid-users] SNMP Agent Issue
> On Wed, 21 Apr 2004, Jay W. Reffner wrote:
>
> > I am hav
oughts would be greatly appreciated.
TIA,
Jay
begin:vcard
fn:Jay Reffner
n:Reffner;Jay
org:The University of Findlay;Information Technology Services
adr:;;1000 N. Main St.;Findlay;OH;45840;USA
email;internet:[EMAIL PROTECTED]
title;quoted-printable:Network Systems Manager http://homepages.findlay
el for better performance or something
to keep my L4 switch from giving a false outage of squid? FYI, my L4
switch is a Nortel Alteon 184.
TIA,
Jay
begin:vcard
fn:Jay Reffner
n:Reffner;Jay
org:The University of Findlay;Information Technology Services
adr:;;1000 N. Main St.;Findlay;OH;45840;
Does anyone know if you're supposed to use ipfilter or ipnat on FreeBSD
5.1 to get Squid to work in transparent mode? Also, does anyone have a
simple rule file they wouldn't mind sharing to aid me in configuring
mine? Thanks a bunch in advance.
Jay
begin:vcard
fn:Jay Reffner
n:R
start receiving messages in
cache.log that I'm running out of filedescriptors. It's a fresh install
of OpenBSD with the kernel params set as:
openfiles=1024
maxfiles=5000
Any assistance would be really appreciated.
TIA,
Jay
begin:vcard
fn:Jay Reffner
n:Reffner;Jay
org:The Univer
78
TCP_DENIED 159 0.00 182942 0.00 0 42.76
TCP_CLIENT_REFRESH_MISS 155 0.00 5444 0.00 8 0.00
Sum 3951162 24374M 2 3.14
But formatted nicer via a web interface..
http://cord.de/tools/squid/calamaris/Welcome.html
Regards
Jay
Also try SawMill..
www.sawmill.net
It's fantastic!
> -Original Message-
> From: Serassio Guido [mailto:[EMAIL PROTECTED]
> Sent: Monday, 10 November 2003 4:52 PM
> To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Subject: Re: [squid-users] [Q] Squid Log Analyzers for Win32?
>
>
> Hi,
>
> At
y but
pressing refresh then displays the page).
I'm trying to determine if it is the IE6 bug or possibly a DNS issue.
Thanks
Jay
See the FAQ regarding Authentication and the Winbind helpers
Regards
Jay
> -Original Message-
> From: Altrock, Jens [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, 24 September 2003 9:46 PM
> To: '[EMAIL PROTECTED]'
> Subject: [squid-users] Authentication by NT D
Will always_direct produce the same results?
ie pages won't be served from the cache as the request will be sent directly
to the origin server.
Or is this only applicable in proxy chaining?
> -Original Message-
> From: Marc Elsen [mailto:[EMAIL PROTECTED]
> Sent: Thursday, 18 September 20
So it's not just me this is happening too..
I am getting a stack from Robert Collins from August coming through now all
with [Scanned] too.
> -Original Message-
> From: Adam Aube [mailto:[EMAIL PROTECTED]
> Sent: Monday, 15 September 2003 11:10 AM
> To: [EMAIL PROTECTED]
> Subject: Re: [sq
Has anyone else received these messages and others multiple times?
Or is it my mail server?
> -Original Message-
> From: Robert Collins [mailto:[EMAIL PROTECTED]
> Sent: Monday, 15 September 2003 10:40 AM
> To: Henrik Nordstrom
> Cc: Ampugnani, Fernando; Squid Users
> Subject: Re: [squid-u
You have defined the ACL name as "SubnetB"
but you reference it in your reply_body_max rule as "subnetB"
>From memory squid.conf is case-sensitive is it not?
> -Original Message-
> From: Karmila Sari [mailto:[EMAIL PROTECTED]
> Sent: Thursday, 4 September 2003 2:08 PM
> To: [EMAIL PROTECT
D
http_access allow AuthorizedUsers InternetUsers
http_access deny all
=end snip=
where ntgroups-access contains:
Domain Users
Administrators
**Note Make sure there is no blank line after the last listed NT group in
the access file.
Otherwise it doesn't work.
Regards
Jay
> -
You need to supply the account name and the group to the wb_group helper.
OK will be returned if the user provided is in the group provided.
ie DOMAIN\\username "Domain Users"
See if that helps
Regards
Jay
> -Original Message-
> From: Simon Bryan [mailto:[EMAIL P
27;t tripped more people up than it has.
Regards
Jay
> -Original Message-
> From: Serassio Guido [mailto:[EMAIL PROTECTED]
> Sent: Thursday, 31 July 2003 3:47 PM
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]; Henrik Nordstrom
> Subject: RE: [squid-users] NTLM &
n the development environment and scheduled to go
back out onsite tomorrow to test if this resolves the issue in the
production environment.
I'll inform the list of my results.
Thanks
Jay
> -Original Message-
> From: Serassio Guido [mailto:[EMAIL PROTECTED]
> Sent: Thursday,
> -Original Message-
> From: Serassio Guido [mailto:[EMAIL PROTECTED]
> Sent: Saturday, 26 July 2003 3:20 PM
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]
> Subject: Re: [squid-users] NTLM & Domain Membership Issue
>
>
> Hi,
>
> At 08.05 26/0
T4 domain and then using the same Win
XP client from the other network (it's a laptop) it works perfectly!!
This leads me to believe that there must be something in the way their AD is setup
that might be causing this problem??
Any advice will be greatly appreciated.
Thanks
Regards
Jay
with a power failure causing a unclean restart of
the operatingsystem.
To correct the situation, shut down Squid, manually remove swap.state
and then start Squid again.
Upgrading to 2.5.STABLE2 is also recommended.
Regards
Henrik
= end snip =
Regards
Jay
-Or
Try adding
# Misc
winbind enum users = yes
winbind enum groups = yes
To smb.conf
Regards
Jay
-Original Message-
From: Tony Melia (DMS) [mailto:[EMAIL PROTECTED]
Sent: Tuesday, 22 July 2003 5:11 AM
To: '[EMAIL PROTECTED]'
Subject: [squid-users] Winbind problem
.
There is a slight disruption to service during a reconfigure, but it is
negligible and generally unnoticeable by end-users in my experience.
Regards
Jay
-Original Message-
From: Henrik Nordstrom [mailto:[EMAIL PROTECTED]
Sent: Saturday, 19 July 2003 4:53 PM
To: Steve Cody
Cc: [EMAIL
PROTECTED]
Cc: Serassio Guido; Henrik Nordstrom; [EMAIL PROTECTED]
Subject: RE: [squid-users] winbind and samba
On Thu, 2003-07-17 at 19:19, Jay Turner wrote:
> Hi Guido,
>
> I found your post from February regarding this issue and I now understand
> what you are saying.
>
> As I will
ndows 2000 compatibility"??
If the server has not been configured for pre-compatibility, am I able to
change a setting somewhere so that it will be?
Thanks for your help
Jay
-Original Message-
From: Serassio Guido [mailto:[EMAIL PROTECTED]
Sent: Thursday, 17 July 2003 5:11 PM
And isn't this compatibility known as "mixed-mode"??
-Original Message-
From: Henrik Nordstrom [mailto:[EMAIL PROTECTED]
Sent: Thursday, 17 July 2003 2:55 PM
To: [EMAIL PROTECTED]; Tony Grace; 'squid'
Subject: Re: [squid-users] winbind and samba
On Thursda
ovide some guidance so I am not forced to build a
native mode Win2K AD myself to test it.
Squid-2.5STABLE2
RedHat Samba-2.2.7-3.7.3
Thanks
Jay
-Original Message-
From: Tony Grace [mailto:[EMAIL PROTECTED]
Sent: Wednesday, 16 July 2003 11:49 AM
To: 'Rodriguez Quintero, Juan Diego, SYN
#x27;
2003/06/25 10:31:21| redirectStart: 'http://www.porn.com/images2/light.gif'
2003/06/25 10:31:21| redirectHandleRead:
{http://10.20.10.225/vw/denied.php?client=10.20.10.122&user=
domain\jturner&url=http://www.porn.com/images2/light.gif 10.20.10.122/-
domain\jturner GE
re any way this delay could be reduced?
I'm actually fairly happy with these results as at least now I am aware of
what will happen when a change is made. (it won't start filtering
immediately, but eventually it will)
Jay
-Original Message-
From: Jay Turner [mailto:[EMAIL PROTECTED]
izedUsers FilteredUsers
redirector_access deny AuthorizedUsers UnfilteredUsers
http_access deny AuthorizedUsers BlockedUsers
http_access allow AuthorizedUsers FilteredUsers
http_access allow AuthorizedUsers UnfilteredUsers
http_access deny all
Any help would be appreciated.
Thanks
Regards
Jay
-flood -m limit --limit 1/s --limit-burst 80 -j RETURN
iptables -A syn-flood -j LOG --log-prefix "syn-flood-protection: "
iptables -A syn-flood -j DROP
Regards
Jay
-Original Message-
From: Ralf Hildebrandt [mailto:[EMAIL PROTECTED]
Sent: Monday, 16 June 2003 4:45 PM
To: [EMAIL
I wanted to know if I was able to get the context of their login to log what
department they belonged to perhaps.
-Original Message-
From: Henrik Nordstrom [mailto:[EMAIL PROTECTED]
Sent: Wednesday, 19 March 2003 4:13 PM
To: Jay Turner
Cc: [EMAIL PROTECTED]
Subject: RE: [squid-users] Re
In follow up to this, squid_ldap_auth shows only the username in the
access.log.
Would squid_ldap_group be able to show the user's context? ie
sales.company.username or similar?
If squid_ldap_group is unable to do this, is there any way I can obtain this
functionality?
Thanks
Regard
to date
version.
Cheers
Jay
-Original Message-
From: Robert Collins [mailto:[EMAIL PROTECTED]
Sent: Friday, 28 February 2003 4:02 AM
To: Schmidt, Matthew
Cc: Squid-Users (E-mail)
Subject: Re: [squid-users] newbie needs help with downloads bypassing
proxy
On Fri, 2003-02-28 at 06:41
-507187248-207029365-1082013118-513
(wb_group)[11271](wb_check_group.c:187): SID:
S-1-5-21-507187248-207029365-1082013118-1013
Can someone please provide assistance into how I now get this to work. The patch
listing on the website mentions the "include function" but I don't know what this is.
Thanks
Jay
de 1
Stop.
#
Any suggestions? I can't seem to figure it out.
TIA,
Jay
who went where when and for how
long etc
Regards
Jay
-Original Message-
From: Simon Bryan [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, 11 February 2003 10:38 AM
To: Squid-Users
Subject: [squid-users] Webalizer interpretation
Hi all,
I am using Webalizer on my web servers to analyze the logs
Jay Turner wrote:
>>
>> But it is maintained by Red Hat who backport any security patches to the
2.4
>> version they ship with 7.3.
>Sure.. you get the most blatant security fixes, but nearly no other bug
>fixes.
>If you have any issue with Squid-2.4 and ask her
t: Re: [squid-users] Squid2.4 & /etc/hosts
What do you get in Squid access.log on a request for
http://webmail.company.com/?
Are you using any redirectors?
Regard
Henrik
Jay Turner wrote:
>
> Hi Robert,
>
> Thanks for your reply. Checking the log file the CONNECT method is
provide
: Wednesday, 5 February 2003 9:14 AM
To: [EMAIL PROTECTED]
Cc: Henrik Nordstrom; [EMAIL PROTECTED]
Subject: RE: [squid-users] Squid2.4 & /etc/hosts
On Wed, 2003-02-05 at 12:02, Jay Turner wrote:
> But it is maintained by Red Hat who backport any security patches to the
2.4
> version they shi
:// pages and having squid do a
local lookup from somewhere for the IP address rather than fetching it from
the DNS (as it does with /etc/hosts for http:// requests).
Regards
Jay
-Original Message-
From: Henrik Nordstrom [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, 4 February 2003 6:54 PM
To
://webmail.company.com it continues to use the
address provided by the DNS server.
Is there a way I can get this to work as required.
Adding the webmail address to the company internal DNS server has been ruled
out by the company's tech staff.
Thanks
Jay
-Original Message-
From: Jay T
ding to 2.5 are not an
option at this point. The network configuration in which the server sits
uses an unusual setup whereby adding an entry to the local DNS server in the
network is not an option. I really require a solution that can be
implemented on the Squid server.
All advice appreciated
Regards
Jay
74 matches
Mail list logo