On 25/07/20 2:48 am, Klaus Brandl wrote:
> sorry, i did not found this script, and the binary is not available on our
> product, because i'm no developer...
>
Darn. Okay that hinders testing a bit.
> But i think, we have a caching problem here, i found out, that the group
> informations are on
sorry, i did not found this script, and the binary is not available on our
product, because i'm no developer...
But i think, we have a caching problem here, i found out, that the group
informations are only updated on a squid reconfigure.
And also the acl note group ... seems to be cached as lo
Hai Rafael,
First, thank you for maintaining diladele, each time i read them,
i learned something :-) As usual, your manuals look great.
I have a few suggestion if i may point these out, just small update for the
site.
https://docs.diladele.com/administrator_guide_stable/active_directory/kerb
Thanks Amos, Kerberos is really hard to learn for a rookie like me, but you
explained it in an excellent and concise way.
In my case, the SQUID servers are joined to the domain with their
respective SPN and UPN that I mentioned in the msktutil command.
And in the case of the Load Balancer HAProxy I
On 24/07/20 7:06 pm, Thomas Elsaesser wrote:
> Dear all,
>
> my squid server are behind HW loadbalancer. This make TCP Healthchecks
> on squid port.
> Now(after update from squid 3 to 4) i have in the log massive messages:
> how can i discard this messages from this two LB ip's?
>
> acl noTran
Thanks, Brett, for the answer. I did exactly the same thing and it's
working for me now.
I only have to decrypt how to see the client's IP in SQUID's logs. I will
follow your instructions to try to achieve it.
Best regards,
Gabriel
El jue., 23 de jul. de 2020 a la(s) 21:23, Brett Lymn (
brett.l
forgot 1 thing. (sorry)
#
adduser proxyuser winbind_priv
or things might not work.
Van: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] Namens
L.P.H. van Belle
Verzonden: vrijdag 24 juli 2020 10:46
Aan: squid-users@lists.squid-cache.org
Onderwerp: Re: [squid-users] Problem
i would recommend to ..
1) use debian buster,
2) use squid 4.12
3) use samba (winbind).
needed in smb.conf ( only shown whats really needed ), there is more
offcourse.
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
# renew the kerberos ticket
Sorry forgot to add to Amos'es answer - use haproxy to handle *tcp* connections
and let the sslbump/authentication run on the cluster of squids - thus you
would get working auth on squid side and use keepalived/haproxy on the client
side.
I do not see any reason why it cannot work unless you sp
Hello Klaus, Brett, all list members,
This is the scheme with haproxy and Squid we use all the time in our test lab
for Web Safety - we need to constantly add/remove test nodes to the cluster
without breaking/changing anything in Kerberos settings for the constantly
running client pool -
https
Hi Brett,
but then you have a single point of failure, if your loadbalancer is down,
nothing will work. We need a solution, that each system can work by itself. So
at the moment we merge the keytabs of each system together, and we are able to
takeover the addresses of the other systems. Then we
Dear all,
my squid server are behind HW loadbalancer. This make TCP Healthchecks
on squid port.
Now(after update from squid 3 to 4) i have in the log massive messages:
how can i discard this messages from this two LB ip's?
acl noTransactionError src 10.XX.XX.XX 10.XX.XX.XX
access_log
12 matches
Mail list logo
