-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 8/10/2014 12:17 p.m., Mirza Dedic wrote:
> Hi Eliezer,
>
> After I commented out the SquidGuard part of the config and
> restarted squid I restart my Lync 2013 client and it connects
> without a proxy prompt, in the log I still see the " 1412723608
Hi Amos ,
Im using 3.4.3
The below config with me didn’t work.
The config that worked was using the directive :
acl drx proxy_auth [-i] drx
this directive could match the user name with acl that I need,
then I can use the acl drx in the outgoing address.
All other solutins has failed.
Again
I should work, I recently used exactly that type of config with a client.
Can you try to use the latest stable (3.4.8) please, and add
"debug_options, 28,3" to your squid.conf for a trace of what ACLs are
being checked.
Amos
On 8/10/2014 9:53 a.m., Ahmed Allzaeem wrote:
> I just have one final q
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/08/2014 06:29 AM, Victor Sudakov wrote:
> Markus,
>
> I could find the said script neither in the source nor in the
> binary package. However I think I can guess what could be inside.
> Could you look below if that makes sense?
Or you can just
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Markus Moeller wrote:
>
> In the helpers/negotiate_auth/kerberos directory is a script
> test_negotiate_auth.sh to test authentication outside of squid.
Markus,
I could find the said script neither in the source nor in the binary
package. Howeve
On 08/10/14 12:17, Mirza Dedic wrote:
>
> I did not want to uncomment the NTLM because we use this to provide
seamless
> authentication for the clients, if we only allow basic it will prompt for
> user/pass won't it?
The dodgy "invisibly tracking users without them knowing it" feature
that NTLM a
Hi Eliezer,
After I commented out the SquidGuard part of the config and restarted squid
I restart my Lync 2013 client and it connects without a proxy prompt, in the
log I still see the " 1412723608.354485 172.16.12.110 TCP_MISS/200 11695
CONNECT login.microsoftonline.com:443 - DIRECT/65.52.244
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
It's Eliezer..
Since you are using squidguard and ntlm first try to disable them both
for a specific src IP and\or dst domain\ip for the testing period.
For the specific domains of ms and specific dst ip addresses it can be
disabled since they most l
Hi Victor,
In the helpers/negotiate_auth/kerberos directory is a script
test_negotiate_auth.sh to test authentication outside of squid. Change dir
to your binary directory and do the following ( please adapt to your
environment):
export KRB5_KTNAME=squid-win.keytab
kinit m...@win2003r2.hom
Hi Elizabeth,
Thanks, I totally forgot I could use a paste like service, here is the link to
my squid.conf file:
http://pastie.org/9629651
I have stripped out the comments from the paste.
It seems it could be HTTP 1.1 according to
http://blog.schertz.name/2012/12/http-utilized-lync-server/
Does
Hi Guys
I have 1 ipv4 and many ipv6
The ipv4 will be only to reach the server
I want the tcp_outgoing traffic only to be ipv6
Can I do that ???
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/08/2014 12:37 AM, Mirza Dedic wrote:
> We are using SQUID 2.7 STABLE8 on a Windows 2008 box, it is working
> except when a user tries to access Microsoft Lync 2013 they get a
> password prompt. I've searched the web and spent countless hours on
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hey Glenn,
Since you are not using intercept or tproxy the basic place to look at
is the access.log.
You can see there if the proxy is trying for example to reach an IPV6
address (by mistake).
Also to make sure there is an issue you can use specific
We are using SQUID 2.7 STABLE8 on a Windows 2008 box, it is working except when
a user tries to access Microsoft Lync 2013 they get a password prompt.
I've searched the web and spent countless hours on this with no luck, anyone
able to shed some light?
When i start my Microsoft Lync 2013 client,
Not sure about turning off the proxy authentication, this would be hard
to test as the issue is intermittent. The same with logging as I need to
capture the issue.
Thanks,
Glenn
-Original Message-
From: Victor Sudakov [mailto:suda...@sibptus.tomsk.ru]
Sent: Tuesday, 7 October 2014 7:47
Hello,
I am setting up my squid to require user authentication with a digest. I
have noticed that if authentication fails, it prompts the user again, and if
the user clicks "cancel" then squid just refuses the connection. I am
wondering if it is possible to change the behavior so that if authentic
Hello,
thank you for your input. Unfortunately I have to disagree with you because
of two reasons:
1. That option is already enabled
2. The NTLM authentication works fine in Internet Explorer without Squid.
It only breaks when going through Squid.
I'd be very happy for further suggestions.
On
On Tue, 2014-10-07 at 20:50 +0200, Marcel wrote:
> Hello,
>
> I have some more information.
>
> The problem seems to have nothing to do with samba, krb5 or anything
> else. I set up a new squid that isn't in the AD and doesn't use any
> kind of authentication at all.
>
>
> I have the exact same
Hello,
I have some more information.
The problem seems to have nothing to do with samba, krb5 or anything else.
I set up a new squid that isn't in the AD and doesn't use any kind of
authentication at all.
I have the exact same problem. Here is my POC squid.conf:
acl localnet src all
http_access
On 08/10/14 06:54, Amos Jeffries wrote:
>
> Squid 3.1+ are IPv6 enabled. Unfortunately lookup for
> dl.dropboxusercontent.com returns a positive CNAME result with
> indication that there are no IP addresses.
>
Argh. So they have a borked IPv6 address - they're in the wrong - well
that's a star
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 8/10/2014 6:03 a.m., Jason Haar wrote:
> Hi there
>
> We have CentOS-6 servers running the default squid-3.1.10 with
> dnscache on 127.0.0.1 as the local dns server. It's been working
> fine but we've just had reports that people couldn't reach url
Hi there
We have CentOS-6 servers running the default squid-3.1.10 with dnscache
on 127.0.0.1 as the local dns server. It's been working fine but we've
just had reports that people couldn't reach urls on
dl.dropboxusercontent.com
On the proxy itself, "nslookup dl.dropboxusercontent.com" worked fi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Colleagues,
I am posting below the contents of an HTTP request (especially the
"Proxy-Authorization:" header the browser is sending) to which squid's
negotiate_kerberos_auth replies:
"ERROR: Negotiate Authentication validating user. Result: {result=
Hello,
I have set up a squid Proxy that uses samba/ntlm/krb5 to do SSO AD
authentication in the Company.
This works fine.
My problem is that external Websites on the Internet that use NTLM
authentication of their own do not work. My users enter their Details
(DOMAIN\user and Password) and recei
On 30.09.14 16:13, Amos Jeffries wrote:
I'm trying to figure out if there's a way of convincing valgrind to
dump info about all the currently allocated memory while the
program is still running - there would be a lot of legitimate stuff
in the report, but hopefully a few hundred MB of memory tha
I just have one final question , I want to use tcp outgoing ipv6 based on user
authentication
I mean if user A ==>ipv61
If user B ==mailto:squid-users-boun...@lists.squid-cache.org] On Behalf
Of Ahmed Allzaeem
Sent: Tuesday, October 7, 2014 1:48 PM
To: 'Amos Jeffries'
Cc: squid-users@lists.squid-
Hi Amos , thank you so much for help ..its working with me now !!!
I just added http_port directive for the other ports and its okay now
Thanks a lot for your time
regards
:)
regards
-Original Message-
From: Amos Jeffries [mailto:squ...@treenet.co.nz]
Sent: Tuesday, October 7, 20
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 8/10/2014 8:28 a.m., Ahmed Allzaeem wrote:
> Hi AMOS , I think there were an issue with brackets of ipv6 and I
> removed it.
Good. Yes, brackets are only valid if it is potentially an ip:port pair.
(When I get time I will look into why squid is no
Hi to all!
I'm having an issue on squid 3.3.13 using basic_ldap_auth.
I'm using the following helpers:
auth_param negotiate program /usr/local/bin/negotiate_wrapper --ntlm
/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --domain=DOMAIN
--kerberos /usr/local/bin/squid_kerb_auth -s GSS_C_NO_NA
Thanks for the answer, i'll try that when i have some time :)
--
View this message in context:
http://squid-web-proxy-cache.1019090.n4.nabble.com/Kerberos-auth-not-working-tp4667646p4667735.html
Sent from the Squid - Users mailing list archive at Nabble.com.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
glenn.gro...@bradnams.com.au wrote:
>
> We have a weird issue where https sites apparently don't respond
> (get message "this page can't be displayed"). This mainly affects
> google websites and to a lesser affect youtube.
But if you switch off pro
Hi AMOS , I think there were an issue with brackets of ipv6 and I removed it.
The squid.conf file is as :
==
http_port 64000
http_port 40001
http_port 40002
acl user1 myportname xxx.41.9:40001
acl user2 myportname .41.9:40002
tcp_outgoing_address 2a01:7e00:e0
Hi Amos ,
Thanks a lot.
But I still have an errros !!!
Here is my squid.conf
===
# Squid normally listens to port 3128
http_port 64000
# Uncomment and adjust th;e following to add a disk cache directory.
#cache_dir ufs /var/cache/squid 100 16 256
# Leave coredumps in the fi
And my Kerberos server setup seems valid:
$ setenv KRB5_KTNAME /usr/local/etc/squid/squid.keytab
$ setenv KRB5_CONFIG /usr/local/etc/squid/krb5.conf
$ kdestroy
$ kinit -t $KRB5_KTNAME HTTP/proxy.sibptus.transneft.ru
$ klist
Credentials cache: FILE:/tmp/krb5cc_Ld5uU9
Principal:
HTTP/proxy.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
And my Kerberos server setup seems valid:
$ setenv KRB5_KTNAME /usr/local/etc/squid/squid.keytab
$ setenv KRB5_CONFIG /usr/local/etc/squid/krb5.conf
$ kdestroy
$ kinit -t $KRB5_KTNAME HTTP/proxy.sibptus.transneft.ru
$ klist
Credentials cache: FILE:/t
binsk5RlhimgD.bin
Description: application/pgp-encrypted
msg.asc
Description: Binary data
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 7/10/2014 8:49 p.m., Victor Sudakov wrote:
> Amos Jeffries wrote:
>> Interesting log. Can you get a full-body packet trace to me
>> privately? That is captured by using tcpdump -s 0 or -s 65535
>> option.
>>
>> And if possible the full cache.log co
Dear Eliezer,
Is there any way to inform me by mail the release of UBUNTU package ?
Thanks and waiting
--
View this message in context:
http://squid-web-proxy-cache.1019090.n4.nabble.com/Best-OS-for-latest-squid-tp4667666p4667727.html
Sent from the Squid - Users mailing list archive at Nabbl
Either find the error from the log file or run tcpdump to capture the
traffic to start with.
- CW
On 10/7/2014 11:51 AM, glenn.gro...@bradnams.com.au wrote:
Hi All,
We have a weird issue where https sites apparently don't respond (get message "this
page can't be displayed"). This mainly affec
Amos Jeffries wrote:
> Interesting log. Can you get a full-body packet trace to me privately?
> That is captured by using tcpdump -s 0 or -s 65535 option.
>
> And if possible the full cache.log contents?
>
With pleasure.
Can I have your PGP key please?
--
Victor Sudakov, VAS4-RIPE, VAS47-RI
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 7/10/2014 8:31 p.m., Amos Jeffries wrote:
> On 7/10/2014 7:40 p.m., Victor Sudakov wrote:
>> Amos Jeffries wrote:
>> Apparently so, but as I said, the very same client
>> software does work with the old "ntlm_auth" helper and
>> d
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 7/10/2014 7:40 p.m., Victor Sudakov wrote:
> Amos Jeffries wrote:
>>>
> Apparently so, but as I said, the very same client
> software does work with the old "ntlm_auth" helper and does
> not work with the new ntlm_smb_lm_auth one.
>
Victor Sudakov wrote:
> > Well, I have tried negotiate_kerberos_auth with Firefox (Windows)
>
> I have tried the same with MSIE 8 (Windows).
After some adjustment to domain group policies, the Windows host is
at last requesting and successfully receiving the ticket for the proxy
service. Wiresh
Hi all
i Have this kind of network:
1) A Squid "client" 3.3.13 with ssl-bump enabled transparent method.
2) A Squid Proxy 3.3.13 act has "parent" that listens 3128 but not in
transparent mode. It is just designed to retreive content directly from
Internet.
Browser –> SSL –> Squid client
44 matches
Mail list logo
