Re: [squid-users] Squid 4.11 not building with Heimdal Kerberos

On 23.04.2020 13:50, Amos Jeffries wrote: > On 23/04/20 11:41 pm, Silamael Darkomen wrote: >> Hi, >> >> Just trying to build the new Squid 4.11 with Heimdal as Kerberos5 library. >> Unfortunately, the enctype fix made in >> src/acl/external/kerberos_ldap_group

[squid-users] Squid 4.11 not building with Heimdal Kerberos

Hi, Just trying to build the new Squid 4.11 with Heimdal as Kerberos5 library. Unfortunately, the enctype fix made in src/acl/external/kerberos_ldap_group/support_krb5.cc does not compile with Heimdal. Their krb5_creds structure does not have a keyblock member. For now I disabled the fix with #if

Re: [squid-users] Distributing users according to their LDAP groups on multiple cache peers

On 07.04.2020 16:52, Amos Jeffries wrote: > It would be something like this: > > acl groupCheck external ... > acl groupFoo note group foo > > http_access allow groupCheck > ... > cache_peer_access fooBar allow groupFoo > > > Amos Hi Amos, Thank you again for the quick reply, seems to wo

Re: [squid-users] Distributing users according to their LDAP groups on multiple cache peers

Hello Amos, Thank you for your quick reply. Could you perhaps give me a short configuration example, how this should lool like? Thank you very much! -- Matthias On 07.04.2020 09:01, Amos Jeffries wrote: > On 7/04/20 6:19 pm, Silamael Darkomen wrote: >> Hello, >> >> Is the

[squid-users] Distributing users according to their LDAP groups on multiple cache peers

Hello, Is there any possibility to distribute a bunch of users to different cache peers based on the user group in LDAP? For older versions this was possible by using the slow external ACL first for evaluation in the http_access clause and latter using the slow external ACLs again in the cache_pe

Re: [squid-users] Problem with Kerberos and ext_kerberos_ldap_group_acl not being able to reach realm's KDC

On 19.09.2016 14:08, L.P.H. van Belle wrote: > Well thats strange. > No i cant speak about openBSD, but below is pretty general. > > When you test, did you set this before the test. > KRB5_KTNAME=/etc/squid/proxy.keytab > And does that keytab contain the HTTP/SPN > And test/check if you see ht

Re: [squid-users] Problem with Kerberos and ext_kerberos_ldap_group_acl not being able to reach realm's KDC

On 16.09.2016 22:11, Markus Moeller wrote: > Hi Silamael, > > Can you perform a kinit u...@example.com ? Does the squid user > have read access to krb5.conf ? > > Markus Hello Markus, Yes, the permissions are correctly set up so that Squid and it's processes can read every file needed.

Re: [squid-users] Problem with Kerberos and ext_kerberos_ldap_group_acl not being able to reach realm's KDC

On 16.09.2016 10:52, L.P.H. van Belle wrote: > I think you forgot in your test, that you may need to modify the default > kerberos ticket used. > > > > > > I suggest you change you config a bit to something like > > > > external_acl_type internet-win-allowed %LOGIN > /usr/local/libexec/s

[squid-users] Problem with Kerberos and ext_kerberos_ldap_group_acl not being able to reach realm's KDC

Hello, I'm currently working on setting up our proxy to authenticate the users via Kerberos against a Windows AD. The simple user authentication through negotiate_kerberos_auth is already working. But the second step for checking the group of an authenticated users gives me some headache. Even wit

Re: [squid-users] Squid Memory Leak with certain FTP requests?

On 11.02.2015 21:05, Amos Jeffries wrote: >>> Some FTP files pointless to cache. >> >> Sure, maybe some FTP files are not to be cached. >> >>> >>> If it need just once. For what cache it? >> >> I do not want to cache any. And I think a 'cache deny all' does that. > > Correct. > >> Nevertheles