Hello Amos Jeffries! I tried to use three parameters, but it did not work.
I did not understand why this is giving error... 2014-10-27 14:40 GMT-02:00 <squid-users-requ...@lists.squid-cache.org>: > Send squid-users mailing list submissions to > squid-users@lists.squid-cache.org > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.squid-cache.org/listinfo/squid-users > or, via email, send a message with subject or body 'help' to > squid-users-requ...@lists.squid-cache.org > > You can reach the person managing the list at > squid-users-ow...@lists.squid-cache.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of squid-users digest..." > > > Today's Topics: > > 1. Re: Delay Class 3 - Squid (Amos Jeffries) > 2. Re: Delay Class 3 - Squid (Amos Jeffries) > 3. Re: Filtering keywords on google search (Cassiano Martin) > 4. how to obtain info about actual active downloads? > (Frantisek Hanzlik) > 5. Re: how to obtain info about actual active downloads? > (Antony Stone) > 6. Re: how to obtain info about actual active downloads? > (Leonardo Rodrigues) > 7. Re: Kerberos Authentication Failing for Windows 7+ with BH > gss_accept_sec_context() failed (Pedro Lobo) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Tue, 28 Oct 2014 01:01:34 +1300 > From: Amos Jeffries <squ...@treenet.co.nz> > To: squid-users@lists.squid-cache.org > Subject: Re: [squid-users] Delay Class 3 - Squid > Message-ID: <544e341e.7080...@treenet.co.nz> > Content-Type: text/plain; charset=utf-8 > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 28/10/2014 12:57 a.m., Jorge Visentini wrote: > > Hello! > > > > Sorry my english. > > > > I'm racking my brain to figure out why the error. > > > > I've used a long time ago a rule delay pool but this time I am not > > able to implement ... > > > > In my squid.conf looks like this: > > > > delay_pools 1 delay_class 1 3 delay_parameters 1 50000/50000 > > 24000/24000 > > http://www.squid-cache.org/Doc/config/delay_parameters/ > > class 1 pools only have one speed parameter. Not two. > > > Amos > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.0.22 (MingW32) > > iQEcBAEBAgAGBQJUTjQeAAoJELJo5wb/XPRjm0IH/3Fwh9VhfFOhpMfn1Z20ii2b > 49SC9fhyMmVfoNdm49uOY9txb/7VDQpfRtb4yvNcAJJ+t0soNRlz8wcYrvJHeu52 > HMG1te3wySXVZgar/DzQbsI/k15Ar2uuUVmJJ/rkQextBjftqXF7HLXo6kBNRLG7 > xcwSSrtGy9SIY8yOZflz+4ANJr5Z1Fme1w2Cp88UXXBLuKXZ3JNeQrte06aRpJkn > KwWQwSLwv3KGF48PbuLRD2M8flA/eFkoqg0VK0CRzjytGwxb/b0OIE9shl/GH2A0 > oEcWVowZHqAXSsSbbpW9GIyNpKoxjndY80VBijaTvvXj+tBQK2DaIse7e7NaEGc= > =tJHs > -----END PGP SIGNATURE----- > > > ------------------------------ > > Message: 2 > Date: Tue, 28 Oct 2014 01:06:13 +1300 > From: Amos Jeffries <squ...@treenet.co.nz> > To: squid-users@lists.squid-cache.org > Subject: Re: [squid-users] Delay Class 3 - Squid > Message-ID: <544e3535.7050...@treenet.co.nz> > Content-Type: text/plain; charset=utf-8 > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 28/10/2014 1:01 a.m., Amos Jeffries wrote: > > On 28/10/2014 12:57 a.m., Jorge Visentini wrote: > >> Hello! > > > >> Sorry my english. > > > >> I'm racking my brain to figure out why the error. > > > >> I've used a long time ago a rule delay pool but this time I am > >> not able to implement ... > > > >> In my squid.conf looks like this: > > > >> delay_pools 1 delay_class 1 3 delay_parameters 1 50000/50000 > >> 24000/24000 > > > > http://www.squid-cache.org/Doc/config/delay_parameters/ > > > > class 1 pools only have one speed parameter. Not two. > > > > Meh, sorry. I mean class 3 has 3 parameters. > > Amos > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.0.22 (MingW32) > > iQEcBAEBAgAGBQJUTjU1AAoJELJo5wb/XPRjHYAIAI2oAOpjZTgsTlbdz20LZW+k > XAAAnm8QgJSDBI7ErmZAJ7AxJILfi2PR2M60411mN5AgrVYulofUriTebS13bguR > g0aoFmVMBj003T70sNZWwSgyf18Gr9ewu5X6sOSu1IdQg6M9VMJFaUUMs+FFy2bs > IOqfhEhkcszlz0wrmY+xhAxR7mm8qWenrRk47W6rQR90p5Ml5m6ha0cCyTMTo46H > euojiX3JHvbFa3NtoOiNTmNOK7ZVt6bE/KTDSGobx6ehNtsUgKQgMBfyQ9ET2269 > x8/MBDBjpK3JSld0UF3CjTkF8eWZHLAC+/Y6ZRR1vY6ihXi5B4yK7+Ve0ZvK5eU= > =7r5y > -----END PGP SIGNATURE----- > > > ------------------------------ > > Message: 3 > Date: Mon, 27 Oct 2014 11:05:33 -0200 > From: Cassiano Martin <cassi...@polaco.pro.br> > To: Job <j...@colliniconsulting.it> > Cc: "squid-us...@squid-cache.org" <squid-us...@squid-cache.org> > Subject: Re: [squid-users] Filtering keywords on google search > Message-ID: > < > caooxthnmwsp7xck4bpnxoo-wnnsge3e4jkxgfvslffesbk9...@mail.gmail.com> > Content-Type: text/plain; charset=UTF-8 > > I have some proof of concept on my github. it can be done thought DNS > hijacking. I modified a version of tinyproxy to enforce safe search. > you can check it out on https://github.com/polaco1782/tinyproxy > > 2014-10-25 9:49 GMT-02:00 Job <j...@colliniconsulting.it>: > > Hello, since Google switch definitely on SSL connection it seems there > is no way to filter semantic (with danguardian, squidguard or squid). > > > > SSL Bump can help in this case, both on explicit or transparent proxying? > > > > Is there another way to filter searches (and image searches!)? > > > > Thank you! > > Francesco > > _______________________________________________ > > squid-users mailing list > > squid-users@lists.squid-cache.org > > http://lists.squid-cache.org/listinfo/squid-users > > > ------------------------------ > > Message: 4 > Date: Mon, 27 Oct 2014 14:32:39 +0100 > From: Frantisek Hanzlik <fra...@hanzlici.cz> > To: Squid users list <squid-us...@squid-cache.org> > Subject: [squid-users] how to obtain info about actual active > downloads? > Message-ID: <544e4977.3050...@hanzlici.cz> > Content-Type: text/plain; charset=UTF-8 > > Please, what is best way for determining who squid clients (their > PC IP addresses) have which downloads active? > I want it to determine which clients burden our slow internet line. > Examining 'access.log' does not help much in this case, because users > can download large files and it may take a few minutes or hours (e.g. > in case of consuming some audio/video streams). > > I tried inspecting informations in 'Client-side Active Requests' menu > in cachemgr.cgi, where are paragraphs as: > > Connection: 0x7f442037aa48 > FD 94, read 5892, wrote 148211583 > FD desc: Reading next request > in: buf 0x7f440efc9150, offset 0, size 4096 > remote: 192.168.1.44:1631 > local: 192.168.1.254:3128 > nrequests: 7 > uri http://ice.abradio.cz/prachen64.mp3 > logType TCP_MISS > out.offset 148178800, out.size 148179207 > req_sz 724 > entry 0x7f440d5d6220/A1AD3A830E803B23F9295A9BCB9C1949 > start 1414389495.929684 (18515.473233 seconds ago) > username > delay_pool 0 > > which seems to contain the necessary items and it would not be a big > problem adjust them to shorter form using e.g. awk or sed script, > and this informations is possible obtain in batch with some as: > > wget -q -O - ' > http://localhost/Squid/cgi-bin/cachemgr.cgi?host=localhost&port=3128&user_name=&operation=active_requests > ' > or > lynx -dump ' > http://localhost/Squid/cgi-bin/cachemgr.cgi?host=localhost&port=3128&user_name=&operation=active_requests > ' > > But is this the correct way? Or Squid offers other tools for this > case? Or is possible cachemgr.cgi supply/enwrap with some filter > which output needed info in some customized format? > We are using squid-3.3.13/Linux i686 now, it run on our LAN internet > router, LAN has approx. twenty PCs. > > Thanks in advance, Franta Hanzlik > > > > ------------------------------ > > Message: 5 > Date: Mon, 27 Oct 2014 14:47:00 +0100 > From: Antony Stone <antony.st...@squid.open.source.it> > To: squid-users@lists.squid-cache.org > Subject: Re: [squid-users] how to obtain info about actual active > downloads? > Message-ID: <201410271447.00509.antony.st...@squid.open.source.it> > Content-Type: Text/Plain; charset="utf-8" > > On Monday 27 October 2014 at 14:32:39 (EU time), Frantisek Hanzlik wrote: > > > Please, what is best way for determining who squid clients (their > > PC IP addresses) have which downloads active? > > I want it to determine which clients burden our slow internet line. > > Examining 'access.log' does not help much in this case, because users > > can download large files and it may take a few minutes or hours (e.g. > > in case of consuming some audio/video streams). > > I would use the tool 'iptraf', either running on your squid server, or on a > machine which can sniff your internal network traffic (possibly with the > use of a > spanning port on the switch). > > That can give you real-time bandwidth measurements per IP address. > > Regards, > > > Antony. > > -- > Anything that improbable is effectively impossible. > > - Murray Gell-Mann, Nobel Prizewinner in Physics > > Please reply to the > list; > please *don't* CC > me. > > > ------------------------------ > > Message: 6 > Date: Mon, 27 Oct 2014 14:37:43 -0200 > From: Leonardo Rodrigues <leolis...@solutti.com.br> > To: squid-users@lists.squid-cache.org > Subject: Re: [squid-users] how to obtain info about actual active > downloads? > Message-ID: <544e74d7.2030...@solutti.com.br> > Content-Type: text/plain; charset=utf-8; format=flowed > > On 27/10/14 11:47, Antony Stone wrote: > > On Monday 27 October 2014 at 14:32:39 (EU time), Frantisek Hanzlik wrote: > > > >> Please, what is best way for determining who squid clients (their > >> PC IP addresses) have which downloads active? > >> I want it to determine which clients burden our slow internet line. > >> Examining 'access.log' does not help much in this case, because users > >> can download large files and it may take a few minutes or hours (e.g. > >> in case of consuming some audio/video streams). > > I would use the tool 'iptraf', either running on your squid server, or > on a > > machine which can sniff your internal network traffic (possibly with the > use of a > > spanning port on the switch). > > > > That can give you real-time bandwidth measurements per IP address. > > > > I use this script: > > http://samm.kiev.ua/sqstat/ > > Set it to auto-update on 15/15 seconds, for example, and you'll > have a great and easy way to evaluate active connections and high > bandwidth use connections. > > -- > > > Atenciosamente / Sincerily, > Leonardo Rodrigues > Solutti Tecnologia > http://www.solutti.com.br > > Minha armadilha de SPAM, NÃO mandem email > gertru...@solutti.com.br > My SPAMTRAP, do not email it > > > > > > ------------------------------ > > Message: 7 > Date: Mon, 27 Oct 2014 16:39:17 +0000 > From: "Pedro Lobo" <pal...@gmail.com> > To: "Markus Moeller" <hua...@moeller.plus.com> > Cc: squid-us...@squid-cache.org > Subject: Re: [squid-users] Kerberos Authentication Failing for Windows > 7+ with BH gss_accept_sec_context() failed > Message-ID: <94f74226-f24b-4910-95b7-b86ace815...@gmail.com> > Content-Type: text/plain; charset="utf-8" > > Hey Everybody, > > Seems as though I celebrated too soon on Saturday. Today things are back > to not working for Windows 7+ machines and XP/2003 machines are working > just fine. > > I've also checked the permissions on the keytab file and they haven't > changed since Saturday, so it's not that... ARGH!!!! > > Craving ideas and solutions right now... Pilot users are less than > satisfied ;) > > Cheers, > Pedro > > On 25 Oct 2014, at 14:13, Markus Moeller wrote: > > > Hi Pedro, > > > > I wonder if he upper case in the name is a problem. Can you try > > > > auth_param negotiate program /usr/lib/squid3/negotiate_kerberos_auth -d > -r -s GSS_C_NO_NAME > > > > instead of > > > > auth_param negotiate program /usr/lib/squid3/negotiate_kerberos_auth -d > -r -s HTTP/proxy01tst.fake.net > > > > Markus > > > > "Pedro Lobo" <pal...@gmail.com> wrote in message > news:fd6832b9-3f1f-48c6-a76f-47a224f16...@gmail.com... > > Hi Markus, > > > > I used msktutil to create the keytab. > > > > msktutil -c -s HTTP/proxy01tst.fake.net -h proxy01tst.fake.net -k > /etc/squid3/PROXY.keytab --computer-name proxy01-tst --upn HTTP/ > proxy01tst.fake.net --server srv01.fake.net --verbose > > Output of klist -ekt: > > > > 2 10/24/2014 22:59:50 proxy01-tst$@FAKE.NET (arcfour-hmac) > > 2 10/24/2014 22:59:50 proxy01-tst$@FAKE.NET (aes128-cts-hmac-sha1-96) > > 2 10/24/2014 22:59:50 proxy01-tst$@FAKE.NET (aes256-cts-hmac-sha1-96) > > 2 10/24/2014 22:59:50 HTTP/proxy01tst.fake....@fake.net (arcfour-hmac) > > 2 10/24/2014 22:59:50 HTTP/proxy01tst.fake....@fake.net > (aes128-cts-hmac-sha1-96) > > 2 10/24/2014 22:59:50 HTTP/proxy01tst.fake....@fake.net > (aes256-cts-hmac-sha1-96) > > 2 10/24/2014 22:59:50 host/proxy01tst.fake....@fake.net (arcfour-hmac) > > 2 10/24/2014 22:59:50 host/proxy01tst.fake....@fake.net > (aes128-cts-hmac-sha1-96) > > 2 10/24/2014 22:59:50 host/proxy01tst.fake....@fake.net > (aes256-cts-hmac-sha1-96) > > Yep, using MIT Kerberos > > > > Thanks in advance for any help. > > > > Cheers, > > Pedro > > > > On 25 Oct 2014, at 1:26, Markus Moeller wrote: > > > > Hi Pedro, > > > > How did you create your keytab ? What does klist –ekt <squid.keytab> > show ( I assume you use MIT Kerberos) ? > > > > Markus > > > > "Pedro Lobo" pal...@gmail.com wrote in message > news:40e1e0e7-50c6-4117-94aa-50b065734...@gmail.com... > > Hi Squid Gurus, > > > > I'm at my wit's end and in dire need of some squid expertise. > > > > We've got a production environment with a couple of squid 2.7 servers > using NTLM and basic authentication. Recently though, we decided to upgrade > and I'm now setting up squid 3.3 with Kerberos and NTLM Fallback. I've > followed just about every guide I could find and in my testing environment, > things were working great. Now that I've hooked it up to the main domain, > things are awry. > > > > If I use a machine that's not part of the domain, NTLM kicks in and I > can surf the web fine. If I use a Windows XP or Windows Server 2003, > kerberos works just fine, however, if I use a machine Windows 7, 8 or 2008 > server, I keep getting a popup asking me to authenticate and even then, > it's and endless loop until it fails. My cache.log is littered with: > > > > negotiate_kerberos_auth.cc(200): pid=1607 :2014/10/24 23:03:01| > negotiate_kerberos_auth: ERROR: gss_accept_sec_context() failed: > Unspecified GSS failure. Minor code may provide more information. > > 2014/10/24 23:03:01| ERROR: Negotiate Authentication validating user. > Error returned 'BH gss_accept_sec_context() failed: Unspecified GSS > failure. Minor code may provide more information. ' > > The odd thing, is that this has worked before. Help me Obi Wan... You're > my only hope! :) > > > > Current Setup > > Squid 3.3 running on Ubuntu 14.04 server. It's connected to a 2003 > server with function level 2000 (I know, we're trying to fase out the older > servers). > > > > krb5.conf > > > > [libdefaults] > > default_realm = FAKE.NET > > dns_lookup_kdc = yes > > dns_lookup_realm = yes > > ticket_lifetime = 24h > > default_keytab_name = /etc/squid3/PROXY.keytab > > > > ; for Windows 2003 > > default_tgs_enctypes = rc4-hmac des-cbc-crc des-cbc-md5 > > default_tkt_enctypes = rc4-hmac des-cbc-crc des-cbc-md5 > > permitted_enctypes = rc4-hmac des-cbc-crc des-cbc-md5 > > > > [realms] > > FAKE.NET = { > > kdc = srv01.fake.net > > kdc = srv02.fake.net > > kdc = srv03.fake.net > > admin_server = srv01.fake.net > > default_domain = fake.net > > } > > > > [domain_realm] > > .fake.net = FAKE.NET > > fake.net = FAKE.NET > > > > [logging] > > kdc = FILE:/var/log/kdc.log > > admin_server = FILE:/var/log/kadmin.log > > default = FILE:/var/log/krb5lib.log > > squid.conf > > > > auth_param negotiate program /usr/lib/squid3/negotiate_kerberos_auth -d > -r -s HTTP/proxy01tst.fake.net > > auth_param negotiate children 20 startup=0 idle=1 > > auth_param negotiate keep_alive off > > > > auth_param ntlm program /usr/bin/ntlm_auth --diagnostics > --helper-protocol=squid-2.5-ntlmssp --domain=FAKE.NET > > auth_param ntlm children 10 > > auth_param ntlm keep_alive off > > Cheers, > > Pedro > > > > Cumprimentos > > Pedro Lobo > > Solutions Architect | System Engineer > > > > pedro.l...@pt.clara.net > > Tlm.: +351 939 528 827 | Tel.: +351 214 127 314 > > > > Claranet Portugal > > Ed. Parque Expo > > Av. D. João II, 1.07-2.1, 4º Piso > > 1998-014 Lisboa > > www.claranet.pt > > > > Empresa certificada ISO 9001, ISO 20000 e ISO 27001 > > > > > > > ------------------------------------------------------------------------------ > > > > > ------------------------------------------------------------------------------ > > > > squid-users mailing list > > squid-users@lists.squid-cache.org > > http://lists.squid-cache.org/listinfo/squid-users > > > > > > > ------------------------------------------------------------------------------ > > > > squid-users mailing list > > squid-users@lists.squid-cache.org > > http://lists.squid-cache.org/listinfo/squid-users > > > > Cumprimentos > > Pedro Lobo > > Solutions Architect | System Engineer > > > > pedro.l...@pt.clara.net > > Tlm.: +351 939 528 827 | Tel.: +351 214 127 314 > > > > Claranet Portugal > > Ed. Parque Expo > > Av. D. João II, 1.07-2.1, 4º Piso > > 1998-014 Lisboa > > www.claranet.pt > > > > > > > > > > > > Empresa certificada ISO 9001, ISO 20000 e ISO 27001 > > > > > > > > > > > -------------------------------------------------------------------------------- > > _______________________________________________ > > squid-users mailing list > > squid-users@lists.squid-cache.org > > http://lists.squid-cache.org/listinfo/squid-users > > _______________________________________________ > > squid-users mailing list > > squid-users@lists.squid-cache.org > > http://lists.squid-cache.org/listinfo/squid-users > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: < > http://lists.squid-cache.org/pipermail/squid-users/attachments/20141027/219e87ff/attachment.html > > > -------------- next part -------------- > A non-text attachment was scrubbed... > Name: signature.asc > Type: application/pgp-signature > Size: 536 bytes > Desc: OpenPGP digital signature > URL: < > http://lists.squid-cache.org/pipermail/squid-users/attachments/20141027/219e87ff/attachment.sig > > > > ------------------------------ > > Subject: Digest Footer > > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users > > > ------------------------------ > > End of squid-users Digest, Vol 2, Issue 97 > ****************************************** >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
