Re: squid-users Digest, Vol 21, Issue 54

[Nilesh Gavali <nilesh.gavali@xxxxxxx>]

Hello Antony;
we have Squid 3.5 on Windows 2012 R2
OS & for which I need to integrate squid with AD. I search online but
all of the link are based on linux platform squid.
I am looking for squid running on Windows
Platform which need to integrate with AD authentication.

Thanks & Regards
Nilesh Suresh Gavali



From:      
 squid-users-request@xxxxxxxxxxxxxxxxxxxxx
To:      
 squid-users@xxxxxxxxxxxxxxxxxxxxx
Date:      
 12/05/2016 17:33
Subject:    
   squid-users
Digest, Vol 21, Issue 54
Sent by:    
   "squid-users"
<squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx>

---

Send squid-users mailing list submissions to
                
squid-users@xxxxxxxxxxxxxxxxxxxxx

To subscribe or unsubscribe via the World Wide Web, visit
                
http://lists.squid-cache.org/listinfo/squid-users
or, via email, send a message with subject or body 'help' to
                
squid-users-request@xxxxxxxxxxxxxxxxxxxxx

You can reach the person managing the list at
                
squid-users-owner@xxxxxxxxxxxxxxxxxxxxx

When replying, please edit your Subject line so it is more specific
than "Re: Contents of squid-users digest..."


Today's Topics:

   1. Re: Problems configuring Squid with C-ICAP+Squidclamav
      (SOLVED) (Amos Jeffries)
   2. Re: Linking with *SSL (Spil Oss)
   3. Re: Getting the full file content on a range request,  
              but not
      on EVERY get ... (Hans-Peter Jansen)
   4. Windows Squid with AD authentication (Nilesh Gavali)
   5. Re: Getting the full file content on a range request, but not
      on EVERY get ... (Heiler Bemerguy)
   6. Re: Windows Squid with AD authentication (Antony Stone)


----------------------------------------------------------------------

Message: 1
Date: Fri, 13 May 2016 00:00:05 +1200
From: Amos Jeffries <squid3@xxxxxxxxxxxxx>
To: squid-users@xxxxxxxxxxxxxxxxxxxxx
Subject: Re:  Problems configuring Squid with
                
C-ICAP+Squidclamav (SOLVED)
Message-ID: <dc535419-e24f-b6ee-00ac-45970ec67304@xxxxxxxxxxxxx>
Content-Type: text/plain; charset=utf-8

On 12/05/2016 11:13 p.m., C. L. Martinez wrote:
> 
> But when squid sents an OPTIONS request to ICAP, why works when I
use 127.0.0.1 and not localhost?? Maybe it is a problem with openbsd's
package ...
> 

It is quite possible. 127.0.0.1 is not the only address modern computers
use for localhost. Double check what your hosts file contains.

Amos



------------------------------

Message: 2
Date: Thu, 12 May 2016 15:33:30 +0200
From: Spil Oss <spil.oss@xxxxxxxxx>
To: squid-users@xxxxxxxxxxxxxxxxxxxxx, timp87@xxxxxxxxx
Subject: Re:  Linking with *SSL
Message-ID:
                
<CAEJyAvM8O6uVCgSipvzXAK1OsUrH3izc7BVTgaS0kPkWmAn3BQ@xxxxxxxxxxxxxx>
Content-Type: text/plain; charset=UTF-8

> Hi!
> When we worked on squid port on FreeBSD one of the FreeBSD user
> (Bernard Spil) noticed:
>
> When working on this, I ran into another issue. Perhaps maintainer
can
> fix that with upstream. I've now added LIBOPENSSL_LIBS="-lcrypto
> -lssl" because of configure failing in configure.ac line 1348.
>
> > AC_CHECK_LIB(ssl,[SSL_library_init],[LIBOPENSSL_LIBS="-lssl
$LIBOPENSSL_LIBS"],[AC_MSG_ERROR([library 'ssl' is required for OpenSSL])
>
> You cannot link against libssl when not linking libcrypto as well
> leading to an error with LibreSSL. This check should add -lcrypto
in
> addition to -lssl to pass.
>
> Is this something someone could take a look at?

Hi All,

Sorry for replying out-of-thread.

What happens is that the check for SSL_library_init fails as -lcrypto
is missing.

Output from configure

> checking for CRYPTO_new_ex_data in -lcrypto... yes
> checking for SSL_library_init in -lssl... no
> configure: error: library 'ssl' is required for OpenSSL
> ===>  Script "configure" failed unexpectedly.

What I usually see in autoconf scripts is that temp CFLAGS etc are set
before the test for SSL libs and reversed after the test.

Adding LIBOPENSSL_LIBS="-lcrypto -lssl" to configure works as
well

Would be great if you can fix this!

Thanks,

Bernard Spil.
https://wiki.freebsd.org/BernardSpil
https://wiki.freebsd.org/LibreSSL
https://wiki.freebsd.org/OpenSSL


------------------------------

Message: 3
Date: Thu, 12 May 2016 16:06:40 +0200
From: Hans-Peter Jansen <hpj@xxxxxxxxx>
To: squid-users@xxxxxxxxxxxxxxxxxxxxx
Subject: Re:  Getting the full file content on a range
                
request,                
but not on EVERY get ...
Message-ID: <2575073.4c7f0552JP@xrated>
Content-Type: text/plain; charset="us-ascii"

On Mittwoch, 11. Mai 2016 21:37:17 Heiler Bemerguy wrote:
> Hey guys,
> 
> First take a look at the log:
> 
> root@proxy:/var/log/squid# tail -f access.log |grep
> http://download.cdn.mozilla.net/pub/firefox/releases/45.0.1/update/win32/pt->
BR/firefox-45.0.1.complete.mar 1463011781.572   8776 10.1.3.236 TCP_MISS/206
> 300520 GET
[...] 
> Now think: An user is just doing a segmented/ranged download, right?
> Squid won't cache the file because it is a range-download, not a full
> file download.
> But I WANT squid to cache it. So I decide to use "range_offset_limit
> -1", but then on every GET squid will re-download the file from
the
> beginning, opening LOTs of simultaneous connections and using too
much
> bandwidth, doing just the OPPOSITE it's meant to!
> 
> Is there a smart way to allow squid to download it from the beginning
to
> the end (to actually cache it), but only on the FIRST request/get?
Even
> if it makes the user wait for the full download, or cancel it
> temporarily, or.. whatever!! Anything!!

Well, this is exactly, what my squid_dedup helper was created for!

See my announcement: 

                
Subject:  New StoreID helper: squid_dedup
                
Date: Mon, 09 May 2016 23:56:45 +0200

My openSUSE environment is fetching _all_ updates with byte-ranges from
many 
servers. Therefor, I created squid_dedup.

Your specific config could look like this:

/etc/squid/dedup/mozilla.conf:
[mozilla]
match: http\:\/\/download\.cdn\.mozilla\.net/(.*)
replace: http://download.cdn.mozilla.net.%(intdomain)s/\1
fetch: true

The fetch parameter is unique among the other StoreID helper (AFAIK): it
is 
fetching the object after a certain delay with a pool of fetcher threads.

The idea is: after the first access for an object, wait a bit (global setting,
default: 15 secs), and then fetch the whole thing once. It won't solve
anything for the first client, but for all subsequent accesses. 

The fetcher avoids fetching anything more than once by checking the http
headers.

This is a pretty new project, but be assured, that the basic functions
are 
working fine, and I will do my best to solve any upcoming issues. It is
implemented with Python3 and prepared for supporting additional features
easily, while keeping a good part of an eye on efficiency.

Let me know, if you're going to try it.

Pete


------------------------------

Message: 4
Date: Thu, 12 May 2016 17:46:36 +0100
From: Nilesh Gavali <nilesh.gavali@xxxxxxx>
To: squid-users@xxxxxxxxxxxxxxxxxxxxx
Subject:  Windows Squid with AD authentication
Message-ID:
                
<OFC3392A46.462F0184-ON80257FB1.00598D57-80257FB1.0059AB8F@xxxxxxx>
Content-Type: text/plain; charset="utf-8"

Team;
we have squid running on Windows and need to integrate it with Windows
AD 
.can anyone help me with steps to be perform to get this done.

Thanks & Regards
Nilesh Suresh Gavali
=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain 
confidential or privileged information. If you are 
not the intended recipient, any dissemination, use, 
review, distribution, printing or copying of the 
information contained in this e-mail message 
and/or attachments to it are strictly prohibited. If 
you have received this communication in error, 
please notify us by reply e-mail or telephone and 
immediately and permanently delete the message 
and any attachments. Thank you


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160512/327a38cb/attachment-0001.html>

------------------------------

Message: 5
Date: Thu, 12 May 2016 13:28:00 -0300
From: Heiler Bemerguy <heiler.bemerguy@xxxxxxxxxxxxxx>
To: squid-users@xxxxxxxxxxxxxxxxxxxxx
Subject: Re:  Getting the full file content on a range
                
request, but not on EVERY get ...
Message-ID: <61bf3ff3-c8b2-647f-9b5e-3112b2f43d6c@xxxxxxxxxxxxxx>
Content-Type: text/plain; charset="utf-8"; Format="flowed"


Hi Pete, thanks for replying... let me see if I got it right..

Will I need to specify every url/domain I want it to act on ? I want 
squid to do it for every range-request downloads that should/would be 
cached (based on other rules, pattern_refreshs etc)

It doesn't need to delay any downloads as long as it isn't a dupe of 
what's already being downloaded.....


Best Regards,


-- 
Heiler Bemerguy - (91) 98151-4894
Assessor Técnico - CINBESA (91) 3184-1751


Em 12/05/2016 11:06, Hans-Peter Jansen escreveu:
> On Mittwoch, 11. Mai 2016 21:37:17 Heiler Bemerguy wrote:
>> Hey guys,
>>
>> First take a look at the log:
>>
>> root@proxy:/var/log/squid# tail -f access.log |grep
>> http://download.cdn.mozilla.net/pub/firefox/releases/45.0.1/update/win32/pt->
BR/firefox-45.0.1.complete.mar 1463011781.572   8776 10.1.3.236 TCP_MISS/206
>> 300520 GET
> [...]
>> Now think: An user is just doing a segmented/ranged download,
right?
>> Squid won't cache the file because it is a range-download, not
a full
>> file download.
>> But I WANT squid to cache it. So I decide to use "range_offset_limit
>> -1", but then on every GET squid will re-download the file
from the
>> beginning, opening LOTs of simultaneous connections and using
too much
>> bandwidth, doing just the OPPOSITE it's meant to!
>>
>> Is there a smart way to allow squid to download it from the beginning
to
>> the end (to actually cache it), but only on the FIRST request/get?
Even
>> if it makes the user wait for the full download, or cancel it
>> temporarily, or.. whatever!! Anything!!
> Well, this is exactly, what my squid_dedup helper was created for!
>
> See my announcement:
>
>                  Subject:
 New StoreID helper: squid_dedup
>                  Date:
Mon, 09 May 2016 23:56:45 +0200
>
> My openSUSE environment is fetching _all_ updates with byte-ranges
from many
> servers. Therefor, I created squid_dedup.
>
> Your specific config could look like this:
>
> /etc/squid/dedup/mozilla.conf:
> [mozilla]
> match: http\:\/\/download\.cdn\.mozilla\.net/(.*)
> replace: http://download.cdn.mozilla.net.%(intdomain)s/\1
> fetch: true
>
> The fetch parameter is unique among the other StoreID helper (AFAIK):
it is
> fetching the object after a certain delay with a pool of fetcher threads.
>
> The idea is: after the first access for an object, wait a bit (global
setting,
> default: 15 secs), and then fetch the whole thing once. It won't solve
> anything for the first client, but for all subsequent accesses.
>
> The fetcher avoids fetching anything more than once by checking the
http
> headers.
>
> This is a pretty new project, but be assured, that the basic functions
are
> working fine, and I will do my best to solve any upcoming issues.
It is
> implemented with Python3 and prepared for supporting additional features
> easily, while keeping a good part of an eye on efficiency.
>
> Let me know, if you're going to try it.
>
> Pete
> _______________________________________________
> squid-users mailing list
> squid-users@xxxxxxxxxxxxxxxxxxxxx
> http://lists.squid-cache.org/listinfo/squid-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160512/44b7d9df/attachment-0001.html>

------------------------------

Message: 6
Date: Thu, 12 May 2016 18:34:08 +0200
From: Antony Stone <Antony.Stone@xxxxxxxxxxxxxxxxxxxx>
To: squid-users@xxxxxxxxxxxxxxxxxxxxx
Subject: Re:  Windows Squid with AD authentication
Message-ID: <201605121834.08490.Antony.Stone@xxxxxxxxxxxxxxxxxxxx>
Content-Type: Text/Plain;  charset="iso-8859-15"

On Thursday 12 May 2016 at 18:46:36, Nilesh Gavali wrote:

> Team;
> we have squid running on Windows and need to integrate it with Windows
AD
> .can anyone help me with steps to be perform to get this done.

This specific question has appeared a few times on this list only recently.

Have you so far:

 - searched the list archives for likely answers to your question?

http://lists.squid-cache.org/pipermail/squid-users/

 - consulted the Squid documentation for guidance?

http://www.squid-cache.org/Doc/

 - looked for any independent HOWTOs etc which show how people have done
this 
in the past?

http://www.google.com/search?q=squid+active+directory+authentication


Here's some friendly advice:

1. The more information you give us (such as: which version of Squid are
you 
using, which version of Windows are you running under, which form of 
authentication are you using?), the easier it is for people here to help.

2. If you have tried something already and run into problems, tell us what
you 
have tried and what problems (log file extracts, complete client error
message, 
etc) you encountered, so we can offer specific suggestions.

3. If you haven't yet tried to implement anything, at least let us know
what 
documentation you have looked up and what problems you encountered when
following it, so we can try to fill in the gaps.


Regards,


Antony.

-- 
Most people have more than the average number of legs.

                    
                     
        Please reply to the list;
                    
                     
              please *don't* CC me.


------------------------------

Subject: Digest Footer

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users


------------------------------

End of squid-users Digest, Vol 21, Issue 54
*******************************************

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users