Search squid archive

Re: You MUST specify at least one Domain Controller.You can use either \ or / as separator between the domain name

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,
That is how NTLM works. It doesn't (normally) indicate anything is wrong. You do seem to have a /lot/ of DENIED though.
NTLM Auth will slow down browsing somewhat because authentication is performed for every object retrieved. Google Maps can be a real nasty because it loads lots of small images for the map tiles. However I don't know /how/ slow your access is so I can't really say if it's likely to be a problem. 

Cheers

Alex

On 19/12/14 23:50, Ahmed Allzaeem wrote:

Thank  you Amos , don’t know wt to say , u helped me a lot !

Now it get user/pwd

But still a new issue appeared !!

Now the browsing is so slow !!

I check the logs of squid I found a lot of TCP_denied and some of TCP_MISS


The question is being asked ... why a lot of requests is being deinied ans some is  being accepted ???

Here is a sample :
1418996889.904      1 192.168.1.5 TCP_DENIED/407 3972 GET http://google.com/ - NONE/- text/html
1418996889.925      1 192.168.1.5 TCP_DENIED/407 4189 GET http://google.com/ - NONE/- text/html
1418996889.936      2 192.168.1.5 TCP_DENIED/407 4506 GET http://google.com/ - NONE/- text/html
1418996889.943      2 192.168.1.5 TCP_DENIED/407 4189 GET http://google.com/ - NONE/- text/html
1418996897.774   7830 192.168.1.5 TCP_MISS/302 1258 GET http://google.com/ b DIRECT/74.125.232.228 text/html
1418996905.927   8142 192.168.1.5 TCP_MISS/302 1266 GET http://www.google.ps/? b DIRECT/74.125.232.247 text/html
1418996905.943      3 192.168.1.5 TCP_DENIED/407 4128 CONNECT dtex4kvbppovt.cloudfront.net:443 - NONE/- text/html
1418996905.946      2 192.168.1.5 TCP_DENIED/407 4128 CONNECT dtex4kvbppovt.cloudfront.net:443 - NONE/- text/html
1418996905.949      4 192.168.1.5 TCP_DENIED/407 4128 CONNECT dtex4kvbppovt.cloudfront.net:443 - NONE/- text/html
1418996905.949      4 192.168.1.5 TCP_DENIED/407 4128 CONNECT dtex4kvbppovt.cloudfront.net:443 - NONE/- text/html
1418996905.953      2 192.168.1.5 TCP_DENIED/407 3851 CONNECT www.google.ps:443 - NONE/- text/html
1418996905.955      4 192.168.1.5 TCP_DENIED/407 4128 CONNECT dtex4kvbppovt.cloudfront.net:443 - NONE/- text/html
1418996905.969      2 192.168.1.5 TCP_DENIED/407 4068 CONNECT www.google.ps:443 - NONE/- text/html
1418996905.973      1 192.168.1.5 TCP_DENIED/407 4393 CONNECT www.google.ps:443 - NONE/- text/html
1418996905.980      1 192.168.1.5 TCP_DENIED/407 4068 CONNECT www.google.ps:443 - NONE/- text/html
1418996908.011      1 192.168.1.5 TCP_DENIED/407 4103 POST http://clients1.google.com/ocsp - NONE/- text/html
1418996908.015      1 192.168.1.5 TCP_DENIED/407 4320 POST http://clients1.google.com/ocsp - NONE/- text/html
1418996908.019      2 192.168.1.5 TCP_DENIED/407 4661 POST http://clients1.google.com/ocsp - NONE/- text/html
1418996909.041      1 192.168.1.5 TCP_DENIED/407 3859 CONNECT ssl.gstatic.com:443 - NONE/- text/html
1418996909.089      2 192.168.1.5 TCP_DENIED/407 4076 CONNECT ssl.gstatic.com:443 - NONE/- text/html
1418996909.097      2 192.168.1.5 TCP_DENIED/407 4405 CONNECT ssl.gstatic.com:443 - NONE/- text/html
1418996909.104      2 192.168.1.5 TCP_DENIED/407 4076 CONNECT ssl.gstatic.com:443 - NONE/- text/html
1418996910.755      1 192.168.1.5 TCP_DENIED/407 3859 CONNECT www.gstatic.com:443 - NONE/- text/html
1418996910.784      1 192.168.1.5 TCP_DENIED/407 4076 CONNECT www.gstatic.com:443 - NONE/- text/html
1418996910.791      2 192.168.1.5 TCP_DENIED/407 4405 CONNECT www.gstatic.com:443 - NONE/- text/html
1418996910.796      1 192.168.1.5 TCP_DENIED/407 4076 CONNECT www.gstatic.com:443 - NONE/- text/html
1418996917.152      2 192.168.1.5 TCP_DENIED/407 4103 POST http://clients1.google.com/ocsp - NONE/- text/html
1418996917.156      2 192.168.1.5 TCP_DENIED/407 4320 POST http://clients1.google.com/ocsp - NONE/- text/html
1418996917.161      2 192.168.1.5 TCP_DENIED/407 4663 POST http://clients1.google.com/ocsp - NONE/- text/html
1418996920.312      1 192.168.1.5 TCP_DENIED/407 3903 CONNECT tiles.services.mozilla.com:443 - NONE/- text/html
1418996920.334      4 192.168.1.5 TCP_DENIED/407 4120 CONNECT tiles.services.mozilla.com:443 - NONE/- text/html
1418996920.471      2 192.168.1.5 TCP_DENIED/407 4483 CONNECT tiles.services.mozilla.com:443 - NONE/- text/html
1418996926.896      1 192.168.1.5 TCP_DENIED/407 4120 CONNECT tiles.services.mozilla.com:443 - NONE/- text/html
1418996935.623      1 192.168.1.5 TCP_DENIED/407 4079 POST http://ocsp.digicert.com/ - NONE/- text/html
1418996935.630      3 192.168.1.5 TCP_DENIED/407 4296 POST http://ocsp.digicert.com/ - NONE/- text/html
1418996935.633      2 192.168.1.5 TCP_DENIED/407 4635 POST http://ocsp.digicert.com/ - NONE/- text/html
1418996935.640      2 192.168.1.5 TCP_DENIED/407 4296 POST http://ocsp.digicert.com/ - NONE/- text/html
1418996935.810   7242 192.168.1.5 TCP_MISS/200 6448 GET http://whatismyipaddress.com/ b DIRECT/66.171.248.172 text/html
1418996935.852      1 192.168.1.5 TCP_DENIED/407 4349 GET http://maps.google.com/maps/api/js? - NONE/- text/html
1418996935.862      2 192.168.1.5 TCP_DENIED/407 4566 GET http://maps.google.com/maps/api/js? - NONE/- text/html
1418996935.868      4 192.168.1.5 TCP_DENIED/407 4901 GET http://maps.google.com/maps/api/js? - NONE/- text/html
1418996935.876      3 192.168.1.5 TCP_DENIED/407 4566 GET http://maps.google.com/maps/api/js? - NONE/- text/html
1418996935.904      0 192.168.1.5 TCP_DENIED/407 4076 GET http://cdn.whatismyipaddress.com/favicon.ico - NONE/- text/html
1418996935.918      1 192.168.1.5 TCP_DENIED/407 4293 GET http://cdn.whatismyipaddress.com/favicon.ico - NONE/- text/html
1418996935.925      1 192.168.1.5 TCP_DENIED/407 4650 GET http://cdn.whatismyipaddress.com/favicon.ico - NONE/- text/html
1418996935.934      1 192.168.1.5 TCP_DENIED/407 4293 GET http://cdn.whatismyipaddress.com/favicon.ico - NONE/- text/html
1418996937.486      1 192.168.1.5 TCP_DENIED/407 3863 CONNECT aus4.mozilla.org:443 - NONE/- text/html
1418996937.493      1 192.168.1.5 TCP_DENIED/407 4080 CONNECT aus4.mozilla.org:443 - NONE/- text/html
1418996937.498      3 192.168.1.5 TCP_DENIED/407 4413 CONNECT aus4.mozilla.org:443 - NONE/- text/html
1418996937.505      1 192.168.1.5 TCP_DENIED/407 4080 CONNECT aus4.mozilla.org:443 - NONE/- text/html
1418996937.615   1974 192.168.1.5 TCP_MISS/000 0 POST http://ocsp.digicert.com/ b DIRECT/ocsp.digicert.com -
1418996937.621      1 192.168.1.5 TCP_DENIED/407 3903 CONNECT tiles.services.mozilla.com:443 - NONE/- text/html
1418996937.628      2 192.168.1.5 TCP_DENIED/407 4120 CONNECT tiles.services.mozilla.com:443 - NONE/- text/html
1418996937.633      3 192.168.1.5 TCP_DENIED/407 4485 CONNECT tiles.services.mozilla.com:443 - NONE/- text/html
1418996937.641      1 192.168.1.5 TCP_DENIED/407 4120 CONNECT tiles.services.mozilla.com:443 - NONE/- text/html
1418996943.423   7545 192.168.1.5 TCP_MISS/200 1613 GET http://maps.google.com/maps/api/js? b DIRECT/216.58.209.128 text/javascript



regards

-----Original Message-----
From: Amos Jeffries [mailto:squid3@xxxxxxxxxxxxx]
Sent: Friday, December 19, 2014 5:42 AM
To: Ahmed Allzaeem; squid-users@xxxxxxxxxxxxxxxxxxxxx
Subject: Re:  You MUST specify at least one Domain Controller.You can use either \ or / as separator between the domain name

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 20/12/2014 12:13 p.m., Ahmed Allzaeem wrote:

HI amos , thanks for clarification , Actually I modified it with the
correct samba path with ==> /usr/bin/ntlm_auth whereas I checked and
found that helper !


So , my squid config  file to  : ======= ##Kerberos config for squid
auth_param ntlm program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-basic

That should be:
   --helper-protocol=squid-2.5-ntlmssp

Amos
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBAgAGBQJUlCsPAAoJELJo5wb/XPRjbX8IANahhzgeqoXQy9nVPbhfTAAB
53MDu/3ZzMXeK3mw60c/xzA0FV/F5iBQuXh+zydMlRUeqYDTU7WhRJ+Si0AbM0MX
6fsiHSJ++/1mY/4UyG/TlhmFc9ByxuXfYEoDFntUOb7hT3DDSrKZVYvZ6T4QdaCX
fqfDAHsxfaRt8j7gOcZhQOOeWA5khSbWxsTAsO7DKzBf2pZItNi3CLGzAg8OkVqo
6C1XtZ5sFGj3Ij/3tGngKYlNTnv6A3rt3N2+b63TWTbdWVvQLlkZqAfC5GF3tw0j
9wiBSOOuzxCSRTXo2/6r3dvnVK3tqMyBwngeIafOjIl0prmAbcegZVgLzX5hKBY=
=AFDb
-----END PGP SIGNATURE-----

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users



--
This message is intended only for the addressee and may contain
confidential information. Unless you are that person, you may not
disclose its contents or use it in any way and are requested to delete
the message along with any attachments and notify us immediately.
"Transact" is operated by Integrated Financial Arrangements plc. 29
Clement's Lane, London EC4N 7AE. Tel: (020) 7608 4900 Fax: (020) 7608
5300. (Registered office: as above; Registered in England and Wales
under number: 3727592). Authorised and regulated by the Financial
Conduct Authority (entered on the Financial Services Register; no. 190856).

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux