this?
Regards,
lk
>>>>> Amos Jeffries writes:
> On 5/10/23 19:30, Ludovit Koren wrote:
>> Hello,
>> I am using squid 5.9 with AD Kerberos authentication and could not
>> solve
>> the problem of sending incorrect request according
>>>>> Amos Jeffries writes:
> On 5/10/23 19:30, Ludovit Koren wrote:
>> Hello,
>> I am using squid 5.9 with AD Kerberos authentication and could not
>> solve
>> the problem of sending incorrect request according to client
>>
Hello,
I am using squid 5.9 with AD Kerberos authentication and could not solve
the problem of sending incorrect request according to client
configuration followed by the correct one, i.e.:
1695983264.808 0 x.y.z TCP_DENIED/407 4135 CONNECT th.bing.com:443 -
HIER_NONE/- text/html
16959832
>>>>> Amos Jeffries writes:
> On 12/10/22 21:12, Ludovit Koren wrote:
>> Hi,
>> I am running squid-5.7 on FreeBSD 12.3-STABLE r371879. Occasionally
>> I
>> get the following error:
>>
>> #3 0x00080111fcb1 in
Hi,
I am running squid-5.7 on FreeBSD 12.3-STABLE r371879. Occasionally I
get the following error:
Oct 12 09:40:59 x kernel: pid 88291 (squid), jid 0, uid 100: exited on
signal 6 (core dumped)
Oct 12 09:40:59 x squid[76820]: Squid Parent: squid-1 process 88291 exited
due to signal 6 w
> Markus Moeller writes:
> It could be the new AD server is setup to be backward compatible
> meaning it use RC4 despite being able to use AES. I suggest you crate
> an additional keytab entry for RC4. How did you create the keytab ?
Now it seems to work:
# /usr/local/libex
> Markus Moeller writes:
> It could be the new AD server is setup to be backward compatible
> meaning it use RC4 despite being able to use AES. I suggest you crate
> an additional keytab entry for RC4. How did you create the keytab ?
It was created with ktpass on AD. The exac
> Markus Moeller writes:
> Hi Ludovit,
> Firstly, these lines are contradictory
> permitted_enctypes = aes128-cts-hmac-sha1-96
> allow_weak_crypto = true
> weak crypto is des and permitted is aes. Do you use a mixed AD
> environment ( 2003/2008 ) ? 2003 does not
> Markus Moeller writes:
> Hi Ludovit,
> How did you create the keytab ? Usually there is an option allowing
> you to select the encryption type. The other place to check would be
> /etc/krb5.conf. It can contain a list of supported encryption
> types. See
>
http:/
> Markus Moeller writes:
> Hi Ludovit,
> Which Kerberos library version do you use ?Is it possible that
> the encryption types don't match ? I saw in your first email the
> following:
It is standard Heimdal library on FreeBSD:
# kinit --version
kinit (Heimdal 1.5.2)
Cop
> Markus Moeller writes:
> Hi Ludovit,
> I haven't seen that error before either, but when you test you sould
> have your own user credentials in the cache. You should use kinit
> @MDPT.LOCAL and then try again the test. is the hostname
> correctly set to squid1.mdpt.loc
Hi,
I have setup kerberos according to:
http://wiki.squid-cache.org/ConfigExamples/Authenticate/WindowsActiveDirectory
# klist
Credentials cache: FILE:/tmp/krb5cc_0
Principal: HTTP/squid1.mdpt.local@MDPT.LOCAL
IssuedExpires Principal
Feb 9 14:55:18 20
> Doug Sampson writes:
>> Hi,
>>
>> I have the similar problem on FreeBSD 10.1-STABLE #1 r275861 with
>> squid-3.4.10. I also applied MEMPOOLS=1 when starting squid. I
>> experience the process slowing down and unacceptable performance.
>>
>> Squid is configured
Hi,
I have the similar problem on FreeBSD 10.1-STABLE #1 r275861 with
squid-3.4.10. I also applied MEMPOOLS=1 when starting squid. I
experience the process slowing down and unacceptable performance.
Squid is configured to use kerberos and ntlm authentication and lap
group authentication. other
14 matches
Mail list logo
