|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Condolences. Windows is not the most common platform for Squid. But personally I do not see a fundamental difference in the implementation of authentication with AD on Windows or Unix. You have already tried something to do or so, looking ready-to-use configuration? 12.05.16 23:15, Nilesh Gavali пишет: > Hello Antony; > we have Squid 3.5 on Windows 2012 R2 OS & for which I need to integrate squid with AD. I search online but all of the link are based on linux platform squid. > I am looking for squid running on Windows Platform which need to integrate with AD authentication. > > Thanks & Regards > Nilesh Suresh Gavali > > > > From: squid-users-request@xxxxxxxxxxxxxxxxxxxxx > To: squid-users@xxxxxxxxxxxxxxxxxxxxx > Date: 12/05/2016 17:33 > Subject: squid-users Digest, Vol 21, Issue 54 > Sent by: "squid-users" <squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx> > ------------------------- > > > > Send squid-users mailing list submissions to > squid-users@xxxxxxxxxxxxxxxxxxxxx > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.squid-cache.org/listinfo/squid-users > or, via email, send a message with subject or body 'help' to > squid-users-request@xxxxxxxxxxxxxxxxxxxxx > > You can reach the person managing the list at > squid-users-owner@xxxxxxxxxxxxxxxxxxxxx > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of squid-users digest..." > > > Today's Topics: > > 1. Re: Problems configuring Squid with C-ICAP+Squidclamav > (SOLVED) (Amos Jeffries) > 2. Re: Linking with *SSL (Spil Oss) > 3. Re: Getting the full file content on a range request, but not > on EVERY get ... (Hans-Peter Jansen) > 4. Windows Squid with AD authentication (Nilesh Gavali) > 5. Re: Getting the full file content on a range request, but not > on EVERY get ... (Heiler Bemerguy) > 6. Re: Windows Squid with AD authentication (Antony Stone) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Fri, 13 May 2016 00:00:05 +1200 > From: Amos Jeffries <squid3@xxxxxxxxxxxxx> > To: squid-users@xxxxxxxxxxxxxxxxxxxxx > Subject: Re: Problems configuring Squid with > C-ICAP+Squidclamav (SOLVED) > Message-ID: <dc535419-e24f-b6ee-00ac-45970ec67304@xxxxxxxxxxxxx> > Content-Type: text/plain; charset=utf-8 > > On 12/05/2016 11:13 p.m., C. L. Martinez wrote: > > > > But when squid sents an OPTIONS request to ICAP, why works when I use 127.0.0.1 and not localhost?? Maybe it is a problem with openbsd's package ... > > > > It is quite possible. 127.0.0.1 is not the only address modern computers > use for localhost. Double check what your hosts file contains. > > Amos > > > > ------------------------------ > > Message: 2 > Date: Thu, 12 May 2016 15:33:30 +0200 > From: Spil Oss <spil.oss@xxxxxxxxx> > To: squid-users@xxxxxxxxxxxxxxxxxxxxx, timp87@xxxxxxxxx > Subject: Re: Linking with *SSL > Message-ID: > <CAEJyAvM8O6uVCgSipvzXAK1OsUrH3izc7BVTgaS0kPkWmAn3BQ@xxxxxxxxxxxxxx> > Content-Type: text/plain; charset=UTF-8 > > > Hi! > > When we worked on squid port on FreeBSD one of the FreeBSD user > > (Bernard Spil) noticed: > > > > When working on this, I ran into another issue. Perhaps maintainer can > > fix that with upstream. I've now added LIBOPENSSL_LIBS="-lcrypto > > -lssl" because of configure failing in configure.ac line 1348. > > > > > AC_CHECK_LIB(ssl,[SSL_library_init],[LIBOPENSSL_LIBS="-lssl $LIBOPENSSL_LIBS"],[AC_MSG_ERROR([library 'ssl' is required for OpenSSL]) > > > > You cannot link against libssl when not linking libcrypto as well > > leading to an error with LibreSSL. This check should add -lcrypto in > > addition to -lssl to pass. > > > > Is this something someone could take a look at? > > Hi All, > > Sorry for replying out-of-thread. > > What happens is that the check for SSL_library_init fails as -lcrypto > is missing. > > Output from configure > > > checking for CRYPTO_new_ex_data in -lcrypto... yes > > checking for SSL_library_init in -lssl... no > > configure: error: library 'ssl' is required for OpenSSL > > ===> Script "configure" failed unexpectedly. > > What I usually see in autoconf scripts is that temp CFLAGS etc are set > before the test for SSL libs and reversed after the test. > > Adding LIBOPENSSL_LIBS="-lcrypto -lssl" to configure works as well > > Would be great if you can fix this! > > Thanks, > > Bernard Spil. > https://wiki.freebsd.org/BernardSpil > https://wiki.freebsd.org/LibreSSL > https://wiki.freebsd.org/OpenSSL > > > ------------------------------ > > Message: 3 > Date: Thu, 12 May 2016 16:06:40 +0200 > From: Hans-Peter Jansen <hpj@xxxxxxxxx> > To: squid-users@xxxxxxxxxxxxxxxxxxxxx > Subject: Re: Getting the full file content on a range > request, but not on EVERY get ... > Message-ID: <2575073.4c7f0552JP@xrated> > Content-Type: text/plain; charset="us-ascii" > > On Mittwoch, 11. Mai 2016 21:37:17 Heiler Bemerguy wrote: > > Hey guys, > > > > First take a look at the log: > > > > root@proxy:/var/log/squid# tail -f access.log |grep > > http://download.cdn.mozilla.net/pub/firefox/releases/45.0.1/update/win32/pt-> BR/firefox-45.0.1.complete.mar 1463011781.572 8776 10.1.3.236 TCP_MISS/206 > > 300520 GET > [...] > > Now think: An user is just doing a segmented/ranged download, right? > > Squid won't cache the file because it is a range-download, not a full > > file download. > > But I WANT squid to cache it. So I decide to use "range_offset_limit > > -1", but then on every GET squid will re-download the file from the > > beginning, opening LOTs of simultaneous connections and using too much > > bandwidth, doing just the OPPOSITE it's meant to! > > > > Is there a smart way to allow squid to download it from the beginning to > > the end (to actually cache it), but only on the FIRST request/get? Even > > if it makes the user wait for the full download, or cancel it > > temporarily, or.. whatever!! Anything!! > > Well, this is exactly, what my squid_dedup helper was created for! > > See my announcement: > > Subject: New StoreID helper: squid_dedup > Date: Mon, 09 May 2016 23:56:45 +0200 > > My openSUSE environment is fetching _all_ updates with byte-ranges from many > servers. Therefor, I created squid_dedup. > > Your specific config could look like this: > > /etc/squid/dedup/mozilla.conf: > [mozilla] > match: http\:\/\/download\.cdn\.mozilla\.net/(.*) > replace: http://download.cdn.mozilla.net.%(intdomain)s/\1 <http://download.cdn.mozilla.net.%(intdomain)s//1> > fetch: true > > The fetch parameter is unique among the other StoreID helper (AFAIK): it is > fetching the object after a certain delay with a pool of fetcher threads. > > The idea is: after the first access for an object, wait a bit (global setting, > default: 15 secs), and then fetch the whole thing once. It won't solve > anything for the first client, but for all subsequent accesses. > > The fetcher avoids fetching anything more than once by checking the http > headers. > > This is a pretty new project, but be assured, that the basic functions are > working fine, and I will do my best to solve any upcoming issues. It is > implemented with Python3 and prepared for supporting additional features > easily, while keeping a good part of an eye on efficiency. > > Let me know, if you're going to try it. > > Pete > > > ------------------------------ > > Message: 4 > Date: Thu, 12 May 2016 17:46:36 +0100 > From: Nilesh Gavali <nilesh.gavali@xxxxxxx> > To: squid-users@xxxxxxxxxxxxxxxxxxxxx > Subject: Windows Squid with AD authentication > Message-ID: > <OFC3392A46.462F0184-ON80257FB1.00598D57-80257FB1.0059AB8F@xxxxxxx> > Content-Type: text/plain; charset="utf-8" > > Team; > we have squid running on Windows and need to integrate it with Windows AD > .can anyone help me with steps to be perform to get this done. > > Thanks & Regards > Nilesh Suresh Gavali > =====-----=====-----===== > Notice: The information contained in this e-mail > message and/or attachments to it may contain > confidential or privileged information. If you are > not the intended recipient, any dissemination, use, > review, distribution, printing or copying of the > information contained in this e-mail message > and/or attachments to it are strictly prohibited. If > you have received this communication in error, > please notify us by reply e-mail or telephone and > immediately and permanently delete the message > and any attachments. Thank you > > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160512/327a38cb/attachment-0001.html> > > ------------------------------ > > Message: 5 > Date: Thu, 12 May 2016 13:28:00 -0300 > From: Heiler Bemerguy <heiler.bemerguy@xxxxxxxxxxxxxx> > To: squid-users@xxxxxxxxxxxxxxxxxxxxx > Subject: Re: Getting the full file content on a range > request, but not on EVERY get ... > Message-ID: <61bf3ff3-c8b2-647f-9b5e-3112b2f43d6c@xxxxxxxxxxxxxx> > Content-Type: text/plain; charset="utf-8"; Format="flowed" > > > Hi Pete, thanks for replying... let me see if I got it right.. > > Will I need to specify every url/domain I want it to act on ? I want > squid to do it for every range-request downloads that should/would be > cached (based on other rules, pattern_refreshs etc) > > It doesn't need to delay any downloads as long as it isn't a dupe of > what's already being downloaded..... > > > Best Regards, > > > -- > Heiler Bemerguy - (91) 98151-4894 > Assessor Técnico - CINBESA (91) 3184-1751 > > > Em 12/05/2016 11:06, Hans-Peter Jansen escreveu: > > On Mittwoch, 11. Mai 2016 21:37:17 Heiler Bemerguy wrote: > >> Hey guys, > >> > >> First take a look at the log: > >> > >> root@proxy:/var/log/squid# tail -f access.log |grep > >> http://download.cdn.mozilla.net/pub/firefox/releases/45.0.1/update/win32/pt-> BR/firefox-45.0.1.complete.mar 1463011781.572 8776 10.1.3.236 TCP_MISS/206 > >> 300520 GET > > [...] > >> Now think: An user is just doing a segmented/ranged download, right? > >> Squid won't cache the file because it is a range-download, not a full > >> file download. > >> But I WANT squid to cache it. So I decide to use "range_offset_limit > >> -1", but then on every GET squid will re-download the file from the > >> beginning, opening LOTs of simultaneous connections and using too much > >> bandwidth, doing just the OPPOSITE it's meant to! > >> > >> Is there a smart way to allow squid to download it from the beginning to > >> the end (to actually cache it), but only on the FIRST request/get? Even > >> if it makes the user wait for the full download, or cancel it > >> temporarily, or.. whatever!! Anything!! > > Well, this is exactly, what my squid_dedup helper was created for! > > > > See my announcement: > > > > Subject: New StoreID helper: squid_dedup > > Date: Mon, 09 May 2016 23:56:45 +0200 > > > > My openSUSE environment is fetching _all_ updates with byte-ranges from many > > servers. Therefor, I created squid_dedup. > > > > Your specific config could look like this: > > > > /etc/squid/dedup/mozilla.conf: > > [mozilla] > > match: http\:\/\/download\.cdn\.mozilla\.net/(.*) > > replace: http://download.cdn.mozilla.net.%(intdomain)s/\1 <http://download.cdn.mozilla.net.%(intdomain)s//1> > > fetch: true > > > > The fetch parameter is unique among the other StoreID helper (AFAIK): it is > > fetching the object after a certain delay with a pool of fetcher threads. > > > > The idea is: after the first access for an object, wait a bit (global setting, > > default: 15 secs), and then fetch the whole thing once. It won't solve > > anything for the first client, but for all subsequent accesses. > > > > The fetcher avoids fetching anything more than once by checking the http > > headers. > > > > This is a pretty new project, but be assured, that the basic functions are > > working fine, and I will do my best to solve any upcoming issues. It is > > implemented with Python3 and prepared for supporting additional features > > easily, while keeping a good part of an eye on efficiency. > > > > Let me know, if you're going to try it. > > > > Pete > > _______________________________________________ > > squid-users mailing list > > squid-users@xxxxxxxxxxxxxxxxxxxxx > > http://lists.squid-cache.org/listinfo/squid-users > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160512/44b7d9df/attachment-0001.html> > > ------------------------------ > > Message: 6 > Date: Thu, 12 May 2016 18:34:08 +0200 > From: Antony Stone <Antony.Stone@xxxxxxxxxxxxxxxxxxxx> > To: squid-users@xxxxxxxxxxxxxxxxxxxxx > Subject: Re: Windows Squid with AD authentication > Message-ID: <201605121834.08490.Antony.Stone@xxxxxxxxxxxxxxxxxxxx> > Content-Type: Text/Plain; charset="iso-8859-15" > > On Thursday 12 May 2016 at 18:46:36, Nilesh Gavali wrote: > > > Team; > > we have squid running on Windows and need to integrate it with Windows AD > > .can anyone help me with steps to be perform to get this done. > > This specific question has appeared a few times on this list only recently. > > Have you so far: > > - searched the list archives for likely answers to your question? > > http://lists.squid-cache.org/pipermail/squid-users/ > > - consulted the Squid documentation for guidance? > > http://www.squid-cache.org/Doc/ > > - looked for any independent HOWTOs etc which show how people have done this > in the past? > > http://www.google.com/search?q=squid+active+directory+authentication > > > Here's some friendly advice: > > 1. The more information you give us (such as: which version of Squid are you > using, which version of Windows are you running under, which form of > authentication are you using?), the easier it is for people here to help. > > 2. If you have tried something already and run into problems, tell us what you > have tried and what problems (log file extracts, complete client error message, > etc) you encountered, so we can offer specific suggestions. > > 3. If you haven't yet tried to implement anything, at least let us know what > documentation you have looked up and what problems you encountered when > following it, so we can try to fill in the gaps. > > > Regards, > > > Antony. > > -- > Most people have more than the average number of legs. > > Please reply to the list; > please *don't* CC me. > > > ------------------------------ > > Subject: Digest Footer > > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users > > > ------------------------------ > > End of squid-users Digest, Vol 21, Issue 54 > ******************************************* > > > > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJXNLWTAAoJENNXIZxhPexGLs4IAIxzjIvko7Qcgr5sYPuSOl16 fpMti5wfA6jj5J+F3YuobYdzHIp20U08gNR4hWm/9cE1NEfOi1x08m87MEFyb/Nf Ix2/S1Hfa34HCaEZpJbouk/27Ym5sgTIOF4x19IhJTaEiTiHKV4jq92uxvHZ1vNv 4R539OludR3iVDERhcIo8CeKh2KwfIMxLw/mlpZPMcm0+HdNV19tqUdsVyrWlmJ/ H6FIHsLEXTFM7Z4RlDDnaaRCI5pZJKikD87LjEkOe5a93e7IejpYM8yGKsDtk+zV tnZr4vloal/xRC9LqRcrZi6EtEz1eB4DhMEjtJMwx59mbjNoJLxJaHocBj+ce/0= =+Y8y -----END PGP SIGNATURE----- |
Attachment:
0x613DEC46.asc
Description: application/pgp-keys
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
