Wel first, great, you made it to install it,
Yes, but your auth pop-up can be normal, but we need more
info, this can be multple things.
So, few small questions.
1) is the time
in sync with the proxy and AD server?
2) Did you set
the krb5.conf with or without the enctypes types?
3) Which
browser are you using?
4) Did you
configure the browser to use the kerberos auth?
5) Did
the PC join the domain, and are u using a domain user login?
6) Does
kinit user@REALM work? ( kdestroy to remove the user ticket )
7) Last,
does the proxy server have an A and PTR record?
Also check this site, review your
settings.
https://ping.force.com/Support/PingFederate/Integrations/How-to-configure-supported-browsers-for-Kerberos-NTLM
And last tip your auth line.
auth_param negotiate program
/usr/lib/squid/negotiate_kerberos_auth -s HTTP/hostname.domain.org@xxxxxxxxxx
Can also be a problem so test, if the upn
is setup incorrectly, then above does not work, below the should work.
auth_param negotiate program
/usr/lib/squid/negotiate_kerberos_auth -s GSS_C_NO_NAME
add -d to get more debug info.
greetz,
Louis
Van: Nilesh Gavali
[mailto:nilesh.gavali@xxxxxxx]
Verzonden: dinsdag 31 mei 2016
21:20
Aan:
squid-users@xxxxxxxxxxxxxxxxxxxxx
CC: L.P.H. van Belle
Onderwerp: missing
negotiate_kerberos_auth on my squid
Hello All;
Configured
the steps require for kerberos authentication as given at http://wiki.squid-cache.org/ConfigExamples/Authenticate/Kerberos
but
instead of SSO to work when we try to open url; it is prompt for username and
password, when passing credential it is not authenticating.
attached
is our squid config for your reference.
Kindly
let us know what went wrong.
we
are using windows 2012 AD.
Thanks
& Regards
Nilesh Suresh Gavali
From: Nilesh
Gavali/MUM/TCS
To: squid-users@xxxxxxxxxxxxxxxxxxxxx,
belle@xxxxxxxxx
Date: 27/05/2016
15:07
Subject:
missing negotiate_kerberos_auth on my squid
Thanks louise for reply.
but
Should be
include imo. -- not sure what is imo
Shoud be in any Squid-3.2 and later.
And on my debian server its locate here.
/usr/lib/squid/negotiate_kerberos_auth - check the path but it is not there on my linux box.
Did you enable :
--enable-auth-negotiate=kerberos,wrapper on compile ? ---- NO didn't gave this option while compilation
Run squid –v to check it. -- we
have"--enable-auth-negotiate" only and some other configured option.
can you help
me how to get hit recomipled with reuqire options.
Thanks
& Regards
Nilesh Suresh Gavali
----- Forwarded by Nilesh Gavali/MUM/TCS
on 27/05/2016 15:01 -----
From: squid-users-request@xxxxxxxxxxxxxxxxxxxxx
To: squid-users@xxxxxxxxxxxxxxxxxxxxx
Date: 27/05/2016
12:42
Subject: squid-users
Digest, Vol 21, Issue 101
Sent by: "squid-users"
<squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx>
Send
squid-users mailing list submissions to
squid-users@xxxxxxxxxxxxxxxxxxxxx
To subscribe or unsubscribe via the World Wide
Web, visit
http://lists.squid-cache.org/listinfo/squid-users
or, via email, send a message with subject or body
'help' to
squid-users-request@xxxxxxxxxxxxxxxxxxxxx
You can reach the person managing the list at
squid-users-owner@xxxxxxxxxxxxxxxxxxxxx
When replying, please edit your Subject line so it
is more specific
than "Re: Contents of squid-users
digest..."
Today's Topics:
1. NULL characters (joe)
2. Re: Looking for a way to route into
cache_peer traffic
dynamically. (Alex Rousskov)
3. The system returned: (111) Connection
refused; (deepa ganu)
4. Re: NULL characters (Eliezer Croitoru)
5. missing negotiate_kerberos_auth on my
squid (Nilesh Gavali)
6. Re: missing negotiate_kerberos_auth on
my squid (L.P.H. van Belle)
----------------------------------------------------------------------
Message: 1
Date: Thu, 26 May 2016 07:30:16 -0700 (PDT)
From: joe <chip_pop@xxxxxxxxxxx>
To: squid-users@xxxxxxxxxxxxxxxxxxxxx
Subject: NULL characters
Message-ID:
<1464273016183-4677691.post@xxxxxxxxxxxxx>
Content-Type: text/plain; charset=us-ascii
2016/05/26 06:41:28 kid1| ctx: enter level
0:
'http://js.advert.mirtesen.ru/data/js/82090.js'
2016/05/26 06:41:28 kid1| WARNING: HTTP header
contains NULL characters
{Server: nginx
Date: Thu, 26 May 2016 03:46:52 GMT
Content-Type: application/_javascript_;charset=utf-8
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding
X-MaxSize: 5
X-MaxShm: 5
X-ShmTol: 2
X-Loc: 2347
X-MID: 16
X-Node: ssel6
X-ChosenReserve: 2
X-TotalPrimary: 290
X-ExclByGeo: 266
X-TotalPrimaryPayable: 219
X-ChosenPrimary: 3
X-ExclByTime: 18
X-ShmNews: 1989237,2010118,2009700,
X-TotalPrimaryExchange: 0
X-TotalReserve: 332
X-ChosenPayable: 3
X-ShmCnt: 3
Set-Cookie: nid}
NULL
{Server: nginx
Date: Thu, 26 May 2016 03:46:52 GMT
Content-Type: application/_javascript_;charset=utf-8
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding
X-MaxSize: 5
X-MaxShm: 5
X-ShmTol: 2
X-Loc: 2347
X-MID: 16
X-Node: ssel6
X-ChosenReserve: 2
X-TotalPrimary: 290
X-ExclByGeo: 266
X-TotalPrimaryPayable: 219
X-ChosenPrimary: 3
X-ExclByTime: 18
X-ShmNews: 1989237,2010118,2009700,
X-TotalPrimaryExchange: 0
X-TotalReserve: 332
X-ChosenPayable: 3
X-ShmCnt: 3
Set-Cookie: nid
2016/05/26 06:41:28 kid1| ctx: exit level 0
is it bad ?????
--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/NULL-characters-tp4677691.html
Sent from the Squid - Users mailing list archive
at Nabble.com.
------------------------------
Message: 2
Date: Thu, 26 May 2016 09:16:52 -0600
From: Alex Rousskov
<rousskov@xxxxxxxxxxxxxxxxxxxxxxx>
To: squid-users@xxxxxxxxxxxxxxxxxxxxx
Subject: Re: Looking for a way to
route into cache_peer
traffic dynamically.
Message-ID: <57471364.4030007@xxxxxxxxxxxxxxxxxxxxxxx>
Content-Type: text/plain; charset=utf-8
On 05/26/2016 03:52 AM, Eliezer Croitoru wrote:
> I think that the best way is to use an ICAP
meta header instead of altering
> the request itself
Agreed.
> but I am not sure if it is possible
It is not possible today: Converting ICAP headers
into annotations
understood by Squid ACLs is only supported for
eCAP services.
IIRC, somebody posted a patch (on squid-dev) with
a similar feature for
ICAP, but that implementation needed to be redone
to be officially
accepted (IMO). I do not know whether the author
will adjust their code
to follow my recommendations. Perhaps you can do
it for them.
Alex.
------------------------------
Message: 3
Date: Fri, 27 May 2016 14:25:19 +0530
From: deepa ganu <deepaganu@xxxxxxxxx>
To: squid-users@xxxxxxxxxxxxxxxxxxxxx
Subject: The system returned: (111)
Connection refused;
Message-ID:
<CA+qV5k+cSUThvZYCS1JLcNuXsFCA8Vnk1Rmc5opK1w15W6asyg@xxxxxxxxxxxxxx>
Content-Type: text/plain;
charset="utf-8"
Hi
I am using squid as a reverse.
#http_port 80 accel defaultsite=202.53.13.19
https_port 443 accel
cert=/var/www/html/webrtc/imp/teleuniv.net.crt
key=/var/www/html/webrtc/imp/teleuniv.net.key
cafile=/var/www/html/webrtc/imp/intermediate.crt
defaultsite=202.53.13.19
no-vhost
#this ACL is url path specific which accepts only
portal urls and deny
others.
acl portal urlpath_regex ^/portal6may
cache_peer 172.20.36.144 parent 80 0 no-query
originserver name=portalserver
cache_peer_access portalserver allow portal
cache_peer_access portalserver deny all
http_access allow portal
cache_peer 172.20.36.150 parent 443 0 no-query
originserver ssl
sslflags=DONT_VERIFY_PEER login=PASS
connection-auth=off name=teleuniv
acl our_sites dstdomain 202.53.13.19
http_access allow our_sites
cache_peer_access teleuniv allow our_sites
cache_peer_access teleuniv deny all
SO when i try to access the url MailScanner heeft een e-mail met mogelijk een poging tot fraude gevonden van "202.53.13.19" MailScanner warning: numerical links are often malicious:
https://202.53.13.19/ I get the following
error
"The following error was encountered while
trying to retrieve the URL: The
system returned: (111) Connection refused; The
remote host or network may
be down. Please try the request again."
It only gives for 172.20.36.144 not for the
urlpath acl. But this happens
only sometimes. When I physically go to that
server (172.20.36.150) and
click on the wired connection (one of the LAN
options using linux). It
works again. I am very confused
--
Regards
Deepa Ganu
R&D Head(CSE) KMIT
Ph no : 9908036660
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160527/998e60f3/attachment-0001.html>
------------------------------
Message: 4
Date: Fri, 27 May 2016 14:17:17 +0300
From: "Eliezer Croitoru"
<eliezer@xxxxxxxxxxxx>
To: "'joe'" <chip_pop@xxxxxxxxxxx>,
<squid-users@xxxxxxxxxxxxxxxxxxxxx>
Subject: Re: NULL characters
Message-ID:
<33b501d1b809$541a9620$fc4fc260$@ngtech.co.il>
Content-Type: text/plain;
charset="utf-8"
If it ended with some kind of server issues else
then the logs, then it would be considered not nice.
Eliezer
----
Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: eliezer@xxxxxxxxxxxx
-----Original Message-----
From: squid-users [mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of joe
Sent: Thursday, May 26, 2016 5:30 PM
To: squid-users@xxxxxxxxxxxxxxxxxxxxx
Subject: NULL characters
2016/05/26 06:41:28 kid1| ctx: enter level
0:
'http://js.advert.mirtesen.ru/data/js/82090.js'
2016/05/26 06:41:28 kid1| WARNING: HTTP header
contains NULL characters
{Server: nginx
Date: Thu, 26 May 2016 03:46:52 GMT
Content-Type: application/_javascript_;charset=utf-8
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding
X-MaxSize: 5
X-MaxShm: 5
X-ShmTol: 2
X-Loc: 2347
X-MID: 16
X-Node: ssel6
X-ChosenReserve: 2
X-TotalPrimary: 290
X-ExclByGeo: 266
X-TotalPrimaryPayable: 219
X-ChosenPrimary: 3
X-ExclByTime: 18
X-ShmNews: 1989237,2010118,2009700,
X-TotalPrimaryExchange: 0
X-TotalReserve: 332
X-ChosenPayable: 3
X-ShmCnt: 3
Set-Cookie: nid}
NULL
{Server: nginx
Date: Thu, 26 May 2016 03:46:52 GMT
Content-Type: application/_javascript_;charset=utf-8
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding
X-MaxSize: 5
X-MaxShm: 5
X-ShmTol: 2
X-Loc: 2347
X-MID: 16
X-Node: ssel6
X-ChosenReserve: 2
X-TotalPrimary: 290
X-ExclByGeo: 266
X-TotalPrimaryPayable: 219
X-ChosenPrimary: 3
X-ExclByTime: 18
X-ShmNews: 1989237,2010118,2009700,
X-TotalPrimaryExchange: 0
X-TotalReserve: 332
X-ChosenPayable: 3
X-ShmCnt: 3
Set-Cookie: nid
2016/05/26 06:41:28 kid1| ctx: exit level 0
is it bad ?????
--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/NULL-characters-tp4677691.html
Sent from the Squid - Users mailing list archive
at Nabble.com.
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
------------------------------
Message: 5
Date: Fri, 27 May 2016 12:32:15 +0100
From: Nilesh Gavali <nilesh.gavali@xxxxxxx>
To: squid-users@xxxxxxxxxxxxxxxxxxxxx
Subject: missing
negotiate_kerberos_auth on my squid
Message-ID:
<OF9C6F8F89.5CF2ECB1-ON80257FC0.003EE232-80257FC0.003F5EF7@xxxxxxx>
Content-Type: text/plain;
charset="utf-8"
Hello ;
I have installed latest squid 3.5.19 on red hat
Linux yesterday. That
means I am new to squid and linux.
able to start the squid and its working fine.
now we are trying to authenticate user via
Kerberos with windows AD. but
facing issues.
followed the steps provided on
http://wiki.squid-cache.org/ConfigExamples/Authenticate/Kerberos
But unable to find negotiate_kerberos_auth
on my Linux box at any
location.
now I need to know where i can find/download
negotiate_kerberos_auth and
compile it to make authentication successful.
Thanks & Regards
Nilesh Suresh Gavali
Tata Consultancy Services
3rd Floor, Tithebarn House
Tithebarn Street
Liverpool - L2 2NZ
United Kingdom
Mailto: nilesh.gavali@xxxxxxx
Website: http://www.tcs.com
____________________________________________
Experience certainty. IT Services
Business Solutions
Consulting
____________________________________________
Tata Consultancy Services Limited , incorporated
with limited liability
and registered with Registrar of Companies,
Mumbai, India - No: 11-84781
HQ : Nirmal Building , 9th Floor, Nariman Point,
Mumbai - 400 021, India -
Registered in UK : 18 Grosvenor Place,
London SW1X 7HS - BR :007627
=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain
confidential or privileged information. If you are
not the intended recipient, any dissemination,
use,
review, distribution, printing or copying of the
information contained in this e-mail message
and/or attachments to it are strictly prohibited.
If
you have received this communication in error,
please notify us by reply e-mail or telephone and
immediately and permanently delete the message
and any attachments. Thank you
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160527/b812d6ac/attachment-0001.html>
------------------------------
Message: 6
Date: Fri, 27 May 2016 13:41:34 +0200
From: L.P.H. van Belle <belle@xxxxxxxxx>
To: squid-users@xxxxxxxxxxxxxxx
<squid-users@xxxxxxxxxxxxxxx>
Subject: Re: missing
negotiate_kerberos_auth on my squid
Message-ID:
<vmime.5748326e.63bf.32264d027089be4e@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Content-Type: text/plain; charset="windows-1252"
Should be include imo.
Shoud be in any Squid-3.2 and later.
And on my debian server its locate here.
/usr/lib/squid/negotiate_kerberos_auth
Did you enable :
--enable-auth-negotiate=kerberos,wrapper on compile ?
Run squid –v to check it.
Greetz,
Louis
Van: squid-users [mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx] Namens Nilesh Gavali
Verzonden: vrijdag 27 mei 2016 13:32
Aan: squid-users@xxxxxxxxxxxxxxxxxxxxx
Onderwerp: missing
negotiate_kerberos_auth on my squid
Hello ;
I have installed latest squid 3.5.19 on red
hat Linux yesterday. That means I am new to squid and linux.
able to start the squid and its working fine.
now we are trying to authenticate user via
Kerberos with windows AD. but facing issues.
followed the steps provided on http://wiki.squid-cache.org/ConfigExamples/Authenticate/Kerberos
But unable to find negotiate_kerberos_auth
on my Linux box at any location.
now I need to know where i can find/download
negotiate_kerberos_auth and compile it to make authentication successful.
Thanks & Regards
Nilesh Suresh Gavali
Tata Consultancy Services
3rd Floor, Tithebarn House
Tithebarn Street
Liverpool - L2 2NZ
United Kingdom
Mailto: nilesh.gavali@xxxxxxx
Website: http://www.tcs.com
____________________________________________
Experience certainty.
IT Services
Business Solutions
Consulting
____________________________________________
Tata Consultancy Services Limited , incorporated
with limited liability and registered with Registrar of Companies,
Mumbai, India - No: 11-84781
HQ : Nirmal Building , 9th Floor, Nariman Point,
Mumbai - 400 021, India - Registered in UK : 18 Grosvenor Place,
London SW1X 7HS - BR :007627
=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain
confidential or privileged information. If you are
not the intended recipient, any dissemination,
use,
review, distribution, printing or copying of the
information contained in this e-mail message
and/or attachments to it are strictly prohibited.
If
you have received this communication in error,
please notify us by reply e-mail or telephone and
immediately and permanently delete the message
and any attachments. Thank you
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160527/bbeb60e2/attachment.html>
------------------------------
Subject: Digest Footer
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
------------------------------
End of squid-users Digest, Vol 21, Issue 101
********************************************
