|
Hi Nilesh,
Just add a –d to
# enable kerberos authentication
auth_param negotiate program /usr/lib/squid/negotiate_kerberos_auth -s HTTP/hostname.domain.org@xxxxxxxxxx
like
# enable kerberos authentication
auth_param negotiate program /usr/lib/squid/negotiate_kerberos_auth -s HTTP/hostname.domain.org@xxxxxxxxxx
–d
Then you get debug output in your cache.log file.
Markus
"Markus Moeller" <huaraz@xxxxxxxxxxxxxxxx> wrote in message
news:nikoqr$i2m$1@xxxxxxxxxxxxx... What does the log say when you use the –d option with the helper
Markus
"Nilesh Gavali" <nilesh.gavali@xxxxxxx> wrote in message
news:OF059DEDF2.DD0EB7D2-ON80257FC4.006A0132-80257FC4.006A2AD0@xxxxxxx... Hello All; Configured the steps require for kerberos authentication as given at http://wiki.squid-cache.org/ConfigExamples/Authenticate/Kerberos but instead of SSO to work when we try to open url; it is prompt for username and password, when passing credential it is not authenticating. attached is our squid config for your reference. Kindly let us know what went wrong. we are using windows 2012 AD. Thanks & Regards Nilesh Suresh Gavali From: Nilesh Gavali/MUM/TCS To: squid-users@xxxxxxxxxxxxxxxxxxxxx, belle@xxxxxxxxx Date: 27/05/2016 15:07 Subject: missing negotiate_kerberos_auth on my squid Thanks louise for reply. but Should be include imo. -- not sure what is imo Shoud be in any Squid-3.2 and later. And on my debian server its locate here. /usr/lib/squid/negotiate_kerberos_auth - check the path but it is not there on my linux box. Did you enable : --enable-auth-negotiate=kerberos,wrapper on compile ? ---- NO didn't gave this option while compilation Run squid –v to check it. -- we have"--enable-auth-negotiate" only and some other configured option. can you help me how to get hit recomipled with reuqire options. Thanks & Regards Nilesh Suresh Gavali ----- Forwarded by Nilesh Gavali/MUM/TCS on 27/05/2016 15:01 ----- From: squid-users-request@xxxxxxxxxxxxxxxxxxxxx To: squid-users@xxxxxxxxxxxxxxxxxxxxx Date: 27/05/2016 12:42 Subject: squid-users Digest, Vol 21, Issue 101 Sent by: "squid-users" <squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx> Send squid-users mailing list submissions to squid-users@xxxxxxxxxxxxxxxxxxxxx To subscribe or unsubscribe via the World Wide Web, visit http://lists.squid-cache.org/listinfo/squid-users or, via email, send a message with subject or body 'help' to squid-users-request@xxxxxxxxxxxxxxxxxxxxx You can reach the person managing the list at squid-users-owner@xxxxxxxxxxxxxxxxxxxxx When replying, please edit your Subject line so it is more specific than "Re: Contents of squid-users digest..." Today's Topics: 1. NULL characters (joe) 2. Re: Looking for a way to route into cache_peer traffic dynamically. (Alex Rousskov) 3. The system returned: (111) Connection refused; (deepa ganu) 4. Re: NULL characters (Eliezer Croitoru) 5. missing negotiate_kerberos_auth on my squid (Nilesh Gavali) 6. Re: missing negotiate_kerberos_auth on my squid (L.P.H. van Belle) ---------------------------------------------------------------------- Message: 1 Date: Thu, 26 May 2016 07:30:16 -0700 (PDT) From: joe <chip_pop@xxxxxxxxxxx> To: squid-users@xxxxxxxxxxxxxxxxxxxxx Subject: NULL characters Message-ID: <1464273016183-4677691.post@xxxxxxxxxxxxx> Content-Type: text/plain; charset=us-ascii 2016/05/26 06:41:28 kid1| ctx: enter level 0: 'http://js.advert.mirtesen.ru/data/js/82090.js' 2016/05/26 06:41:28 kid1| WARNING: HTTP header contains NULL characters {Server: nginx Date: Thu, 26 May 2016 03:46:52 GMT Content-Type: application/_javascript_;charset=utf-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-MaxSize: 5 X-MaxShm: 5 X-ShmTol: 2 X-Loc: 2347 X-MID: 16 X-Node: ssel6 X-ChosenReserve: 2 X-TotalPrimary: 290 X-ExclByGeo: 266 X-TotalPrimaryPayable: 219 X-ChosenPrimary: 3 X-ExclByTime: 18 X-ShmNews: 1989237,2010118,2009700, X-TotalPrimaryExchange: 0 X-TotalReserve: 332 X-ChosenPayable: 3 X-ShmCnt: 3 Set-Cookie: nid} NULL {Server: nginx Date: Thu, 26 May 2016 03:46:52 GMT Content-Type: application/_javascript_;charset=utf-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-MaxSize: 5 X-MaxShm: 5 X-ShmTol: 2 X-Loc: 2347 X-MID: 16 X-Node: ssel6 X-ChosenReserve: 2 X-TotalPrimary: 290 X-ExclByGeo: 266 X-TotalPrimaryPayable: 219 X-ChosenPrimary: 3 X-ExclByTime: 18 X-ShmNews: 1989237,2010118,2009700, X-TotalPrimaryExchange: 0 X-TotalReserve: 332 X-ChosenPayable: 3 X-ShmCnt: 3 Set-Cookie: nid 2016/05/26 06:41:28 kid1| ctx: exit level 0 is it bad ????? -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/NULL-characters-tp4677691.html Sent from the Squid - Users mailing list archive at Nabble.com. ------------------------------ Message: 2 Date: Thu, 26 May 2016 09:16:52 -0600 From: Alex Rousskov <rousskov@xxxxxxxxxxxxxxxxxxxxxxx> To: squid-users@xxxxxxxxxxxxxxxxxxxxx Subject: Re: Looking for a way to route into cache_peer traffic dynamically. Message-ID: <57471364.4030007@xxxxxxxxxxxxxxxxxxxxxxx> Content-Type: text/plain; charset=utf-8 On 05/26/2016 03:52 AM, Eliezer Croitoru wrote: > I think that the best way is to use an ICAP meta header instead of altering > the request itself Agreed. > but I am not sure if it is possible It is not possible today: Converting ICAP headers into annotations understood by Squid ACLs is only supported for eCAP services. IIRC, somebody posted a patch (on squid-dev) with a similar feature for ICAP, but that implementation needed to be redone to be officially accepted (IMO). I do not know whether the author will adjust their code to follow my recommendations. Perhaps you can do it for them. Alex. ------------------------------ Message: 3 Date: Fri, 27 May 2016 14:25:19 +0530 From: deepa ganu <deepaganu@xxxxxxxxx> To: squid-users@xxxxxxxxxxxxxxxxxxxxx Subject: The system returned: (111) Connection refused; Message-ID: <CA+qV5k+cSUThvZYCS1JLcNuXsFCA8Vnk1Rmc5opK1w15W6asyg@xxxxxxxxxxxxxx> Content-Type: text/plain; charset="utf-8" Hi I am using squid as a reverse. #http_port 80 accel defaultsite=202.53.13.19 https_port 443 accel cert=/var/www/html/webrtc/imp/teleuniv.net.crt key=/var/www/html/webrtc/imp/teleuniv.net.key cafile=/var/www/html/webrtc/imp/intermediate.crt defaultsite=202.53.13.19 no-vhost #this ACL is url path specific which accepts only portal urls and deny others. acl portal urlpath_regex ^/portal6may cache_peer 172.20.36.144 parent 80 0 no-query originserver name=portalserver cache_peer_access portalserver allow portal cache_peer_access portalserver deny all http_access allow portal cache_peer 172.20.36.150 parent 443 0 no-query originserver ssl sslflags=DONT_VERIFY_PEER login=PASS connection-auth=off name=teleuniv acl our_sites dstdomain 202.53.13.19 http_access allow our_sites cache_peer_access teleuniv allow our_sites cache_peer_access teleuniv deny all SO when i try to access the url https://202.53.13.19/ I get the following error "The following error was encountered while trying to retrieve the URL: The system returned: (111) Connection refused; The remote host or network may be down. Please try the request again." It only gives for 172.20.36.144 not for the urlpath acl. But this happens only sometimes. When I physically go to that server (172.20.36.150) and click on the wired connection (one of the LAN options using linux). It works again. I am very confused -- Regards Deepa Ganu R&D Head(CSE) KMIT Ph no : 9908036660 -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160527/998e60f3/attachment-0001.html> ------------------------------ Message: 4 Date: Fri, 27 May 2016 14:17:17 +0300 From: "Eliezer Croitoru" <eliezer@xxxxxxxxxxxx> To: "'joe'" <chip_pop@xxxxxxxxxxx>, <squid-users@xxxxxxxxxxxxxxxxxxxxx> Subject: Re: NULL characters Message-ID: <33b501d1b809$541a9620$fc4fc260$@ngtech.co.il> Content-Type: text/plain; charset="utf-8" If it ended with some kind of server issues else then the logs, then it would be considered not nice. Eliezer ---- Eliezer Croitoru Linux System Administrator Mobile: +972-5-28704261 Email: eliezer@xxxxxxxxxxxx -----Original Message----- From: squid-users [mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of joe Sent: Thursday, May 26, 2016 5:30 PM To: squid-users@xxxxxxxxxxxxxxxxxxxxx Subject: NULL characters 2016/05/26 06:41:28 kid1| ctx: enter level 0: 'http://js.advert.mirtesen.ru/data/js/82090.js' 2016/05/26 06:41:28 kid1| WARNING: HTTP header contains NULL characters {Server: nginx Date: Thu, 26 May 2016 03:46:52 GMT Content-Type: application/_javascript_;charset=utf-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-MaxSize: 5 X-MaxShm: 5 X-ShmTol: 2 X-Loc: 2347 X-MID: 16 X-Node: ssel6 X-ChosenReserve: 2 X-TotalPrimary: 290 X-ExclByGeo: 266 X-TotalPrimaryPayable: 219 X-ChosenPrimary: 3 X-ExclByTime: 18 X-ShmNews: 1989237,2010118,2009700, X-TotalPrimaryExchange: 0 X-TotalReserve: 332 X-ChosenPayable: 3 X-ShmCnt: 3 Set-Cookie: nid} NULL {Server: nginx Date: Thu, 26 May 2016 03:46:52 GMT Content-Type: application/_javascript_;charset=utf-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding X-MaxSize: 5 X-MaxShm: 5 X-ShmTol: 2 X-Loc: 2347 X-MID: 16 X-Node: ssel6 X-ChosenReserve: 2 X-TotalPrimary: 290 X-ExclByGeo: 266 X-TotalPrimaryPayable: 219 X-ChosenPrimary: 3 X-ExclByTime: 18 X-ShmNews: 1989237,2010118,2009700, X-TotalPrimaryExchange: 0 X-TotalReserve: 332 X-ChosenPayable: 3 X-ShmCnt: 3 Set-Cookie: nid 2016/05/26 06:41:28 kid1| ctx: exit level 0 is it bad ????? -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/NULL-characters-tp4677691.html Sent from the Squid - Users mailing list archive at Nabble.com. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users ------------------------------ Message: 5 Date: Fri, 27 May 2016 12:32:15 +0100 From: Nilesh Gavali <nilesh.gavali@xxxxxxx> To: squid-users@xxxxxxxxxxxxxxxxxxxxx Subject: missing negotiate_kerberos_auth on my squid Message-ID: <OF9C6F8F89.5CF2ECB1-ON80257FC0.003EE232-80257FC0.003F5EF7@xxxxxxx> Content-Type: text/plain; charset="utf-8" Hello ; I have installed latest squid 3.5.19 on red hat Linux yesterday. That means I am new to squid and linux. able to start the squid and its working fine. now we are trying to authenticate user via Kerberos with windows AD. but facing issues. followed the steps provided on http://wiki.squid-cache.org/ConfigExamples/Authenticate/Kerberos But unable to find negotiate_kerberos_auth on my Linux box at any location. now I need to know where i can find/download negotiate_kerberos_auth and compile it to make authentication successful. Thanks & Regards Nilesh Suresh Gavali Tata Consultancy Services 3rd Floor, Tithebarn House Tithebarn Street Liverpool - L2 2NZ United Kingdom Mailto: nilesh.gavali@xxxxxxx Website: http://www.tcs.com ____________________________________________ Experience certainty. IT Services Business Solutions Consulting ____________________________________________ Tata Consultancy Services Limited , incorporated with limited liability and registered with Registrar of Companies, Mumbai, India - No: 11-84781 HQ : Nirmal Building , 9th Floor, Nariman Point, Mumbai - 400 021, India - Registered in UK : 18 Grosvenor Place, London SW1X 7HS - BR :007627 =====-----=====-----===== Notice: The information contained in this e-mail message and/or attachments to it may contain confidential or privileged information. If you are not the intended recipient, any dissemination, use, review, distribution, printing or copying of the information contained in this e-mail message and/or attachments to it are strictly prohibited. If you have received this communication in error, please notify us by reply e-mail or telephone and immediately and permanently delete the message and any attachments. Thank you -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160527/b812d6ac/attachment-0001.html> ------------------------------ Message: 6 Date: Fri, 27 May 2016 13:41:34 +0200 From: L.P.H. van Belle <belle@xxxxxxxxx> To: squid-users@xxxxxxxxxxxxxxx <squid-users@xxxxxxxxxxxxxxx> Subject: Re: missing negotiate_kerberos_auth on my squid Message-ID: <vmime.5748326e.63bf.32264d027089be4e@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> Content-Type: text/plain; charset="windows-1252" Should be include imo. Shoud be in any Squid-3.2 and later. And on my debian server its locate here. /usr/lib/squid/negotiate_kerberos_auth Did you enable : --enable-auth-negotiate=kerberos,wrapper on compile ? Run squid –v to check it. Greetz, Louis Van: squid-users [mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx] Namens Nilesh Gavali Verzonden: vrijdag 27 mei 2016 13:32 Aan: squid-users@xxxxxxxxxxxxxxxxxxxxx Onderwerp: missing negotiate_kerberos_auth on my squid Hello ; I have installed latest squid 3.5.19 on red hat Linux yesterday. That means I am new to squid and linux. able to start the squid and its working fine. now we are trying to authenticate user via Kerberos with windows AD. but facing issues. followed the steps provided on http://wiki.squid-cache.org/ConfigExamples/Authenticate/Kerberos But unable to find negotiate_kerberos_auth on my Linux box at any location. now I need to know where i can find/download negotiate_kerberos_auth and compile it to make authentication successful. Thanks & Regards Nilesh Suresh Gavali Tata Consultancy Services 3rd Floor, Tithebarn House Tithebarn Street Liverpool - L2 2NZ United Kingdom Mailto: nilesh.gavali@xxxxxxx Website: http://www.tcs.com ____________________________________________ Experience certainty. IT Services Business Solutions Consulting ____________________________________________ Tata Consultancy Services Limited , incorporated with limited liability and registered with Registrar of Companies, Mumbai, India - No: 11-84781 HQ : Nirmal Building , 9th Floor, Nariman Point, Mumbai - 400 021, India - Registered in UK : 18 Grosvenor Place, London SW1X 7HS - BR :007627 =====-----=====-----===== Notice: The information contained in this e-mail message and/or attachments to it may contain confidential or privileged information. If you are not the intended recipient, any dissemination, use, review, distribution, printing or copying of the information contained in this e-mail message and/or attachments to it are strictly prohibited. If you have received this communication in error, please notify us by reply e-mail or telephone and immediately and permanently delete the message and any attachments. Thank you -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160527/bbeb60e2/attachment.html> ------------------------------ Subject: Digest Footer _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users ------------------------------ End of squid-users Digest, Vol 21, Issue 101 ********************************************
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users |
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
