[squid-users] Squid 2.7 STABLE8 (Win2008) can't get my MS Lync 2013 to work?
Mirza Dedic
mirza.dedic at outlook.com
Tue Oct 7 21:37:45 UTC 2014
We are using SQUID 2.7 STABLE8 on a Windows 2008 box, it is working except when a user tries to access Microsoft Lync 2013 they get a password prompt.
I've searched the web and spent countless hours on this with no luck, anyone able to shed some light?
When i start my Microsoft Lync 2013 client, on access.log I see the following hit when the proxy dialog box shows up within the Lync application.
1412717278.341 516 172.16.12.110 TCP_MISS/200 11695 CONNECT login.microsoftonline.com:443 - DIRECT/65.52.244.66 -
Here is my squid.conf file:
I've tried to add all of the published URLs and IPs that Microsoft lists for Office 365 and related products, but I still have no luck.. anyone able to assist?
# Port on which Squid will lisen onhttp_port 8080
# Authenticationauth_param ntlm program c:/squid/libexec/mswin_ntlm_auth.exe --helper-protocol=squid-2.5-ntlmsspauth_param ntlm children 5auth_param ntlm keep_alive onauth_param basic program c:/squid/libexec/mswin_ntlm_auth.exe --helper-protocol=squid-2.5-basicauth_param basic children 5auth_param basic realm Proxy Serverauth_param basic credentialsttl 2 hoursauth_param basic casesensitive offauthenticate_cache_garbage_interval 10 seconds
# Squid Defaultsacl all src allacl manager proto cache_objectacl localhost src 127.0.0.1
# Class C Internal Subnet - Defaultsacl localnet src 10.0.0.0/8acl localnet src 172.16.0.0/12acl localnet src 192.168.0.0/16
# ACLs# for destination machineacl lan_dst dst 172.16.0.0/16# for source machineacl lan_src src 172.16.0.0/16# for destination domainacl lan_domain dstdomain .contoso.com
# SSL Portsacl SSL_ports port 443 8180 8443 563 1494 2598 8531
# Standard Portsacl Safe_ports port 80 # httpacl Safe_ports port 81 # http for Pacific Brokerageacl Safe_ports port 21 # ftpacl Safe_ports port 443 563 # httpacl Safe_ports port 70 # gopheracl Safe_ports port 210 # waisacl Safe_ports port 280 # http-mgmtacl Safe_ports port 488 # gss-httpacl Safe_ports port 591 # filemakeracl Safe_ports port 777 # multiling httpacl Safe_ports port 8080 8081 8082 8088 8180acl Safe_ports port 3128 # Squid http serveracl Safe_ports port 1494 2598 # ICA - Citrixacl Safe_ports port 7000 8000 # Oracleacl Safe_ports port 9000 # Oracleacl Safe_ports port 8530 # WSUSacl Safe_ports port 55905 # WSUSacl Safe_ports port 1025-65535 # unregistered ports
external_acl_type AD_group %LOGIN c:/squid/libexec/mswin_check_ad_group.exe -Gacl AuthorizedUsers proxy_auth REQUIRED
# ACL - Microsoftacl msdomains dstdomain .windowsupdate.com acl msdomains dstdomain .microsoft.comacl msdomains dstdomain .windows.comacl msdomains dstdomain .live.comacl msdomains dstdomain .msecnd.netacl msdomains dstdomain .microsoftonline.comacl msdomains dstdomain .office365.comacl msdomains dstdomain .lync.comacl msdomains dstdomain .office.comacl msdomains dstdomain .onmicrosoft.comacl msdomains dstdomain .microsoftonline-p.comacl msdomains dstdomain .microsoftonline-p.netacl msdomains dstdomain .microsoftonlineimages.comacl msdomains dstdomain .microsoftonlinesupport.netacl msdomains dstdomain .msocdn.comacl msdomains dstdomain .msn.comacl msdomains dstdomain .msn.co.jpacl msdomains dstdomain .msn.co.ukacl msdomains dstdomain .office.netacl msdomains dstdomain .aadrm.comacl msdomains dstdomain .cloudapp.netacl msdomains dstdomain .windowsazure.comacl msdomains dstdomain .phonefactor.netacl msdomains dstdomain .symcb.com
# ACL - SSL Providersacl registars dstdomain .verisign.comacl registars dstdomain .godaddy.com
# LYNCacl lync2013 dst 65.54.54.128/25acl lync2013 dst 65.55.121.128/27acl lync2013 dst 65.55.127.0/24acl lync2013 dst 111.221.17.128/27acl lync2013 dst 111.221.22.64/26acl lync2013 dst 111.221.76.96/27acl lync2013 dst 111.221.76.128/25acl lync2013 dst 111.221.77.0/26acl lync2013 dst 134.170.0.0/25acl lync2013 dst 157.55.40.128/25acl lync2013 dst 157.55.46.0/27acl lync2013 dst 157.55.46.64/26acl lync2013 dst 157.55.104.96/27acl lync2013 dst 157.55.229.128/27acl lync2013 dst 157.55.232.128/26acl lync2013 dst 157.55.238.0/25acl lync2013 dst 207.46.5.0/24acl lync2013 dst 207.46.7.128/27acl lync2013 dst 207.46.57.0/25
# OFFICE 365 PORTAL AND IDENTITYacl 365portal dst 23.96.208.238acl 365portal dst 23.97.64.252acl 365portal dst 23.97.68.113acl 365portal dst 23.97.70.147acl 365portal dst 23.97.72.158acl 365portal dst 23.97.72.161acl 365portal dst 23.97.72.165acl 365portal dst 23.97.98.128acl 365portal dst 23.97.99.4acl 365portal dst 23.97.99.164acl 365portal dst 23.97.100.76acl 365portal dst 23.97.100.92acl 365portal dst 23.97.100.105acl 365portal dst 23.97.100.152acl 365portal dst 23.97.102.90acl 365portal dst 23.97.148.36acl 365portal dst 23.97.148.228acl 365portal dst 23.98.66.168acl 365portal dst 23.98.69.116acl 365portal dst 23.98.70.90acl 365portal dst 23.99.129.26acl 365portal dst 23.99.129.173acl 365portal dst 23.99.194.77acl 365portal dst 23.99.196.232acl 365portal dst 23.99.226.167acl 365portal dst 23.99.227.124acl 365portal dst 23.102.64.16acl 365portal dst 23.102.64.255acl 365portal dst 23.102.65.171acl 365portal dst 23.102.65.203acl 365portal dst 23.102.65.221acl 365portal dst 65.52.64.61acl 365portal dst 65.52.64.230acl 365portal dst 65.52.136.224acl 365portal dst 65.52.144.125acl 365portal dst 65.52.148.27acl 365portal dst 65.52.184.75acl 365portal dst 65.52.196.64acl 365portal dst 65.52.228.75acl 365portal dst 65.52.228.100acl 365portal dst 65.52.236.160acl 365portal dst 65.52.244.66acl 365portal dst 65.54.54.32/27acl 365portal dst 65.54.55.201acl 365portal dst 65.54.74.0/23acl 365portal dst 65.54.80.0/20acl 365portal dst 65.54.165.0/25acl 365portal dst 65.55.86.0/23acl 365portal dst 65.55.233.0/27acl 365portal dst 65.55.239.168acl 365portal dst 70.37.56.152acl 365portal dst 70.37.97.234acl 365portal dst 70.37.128.0/23acl 365portal dst 70.37.142.0/23acl 365portal dst 70.37.150.128/25acl 365portal dst 70.37.159.0/24acl 365portal dst 70.37.160.72acl 365portal dst 70.37.160.202acl 365portal dst 94.245.68.0/22acl 365portal dst 94.245.82.0/23acl 365portal dst 94.245.84.0/24acl 365portal dst 94.245.86.0/24acl 365portal dst 94.245.88.223acl 365portal dst 94.245.88.194acl 365portal dst 94.245.117.53acl 365portal dst 94.245.108.85acl 365portal dst 111.221.16.0/21acl 365portal dst 111.221.24.0/21acl 365portal dst 111.221.70.0/25acl 365portal dst 111.221.71.0/25acl 365portal dst 111.221.111.196acl 365portal dst 111.221.127.112/28acl 365portal dst 132.245.0.0/16acl 365portal dst 134.170.0.0/16acl 365portal dst 137.135.47.6acl 365portal dst 137.135.47.4acl 365portal dst 137.135.47.28acl 365portal dst 137.116.32.43acl 365portal dst 137.116.32.61acl 365portal dst 137.116.48.66acl 365portal dst 137.116.48.69acl 365portal dst 137.116.64.162acl 365portal dst 137.116.129.62/32acl 365portal dst 137.117.99.175acl 365portal dst 137.117.103.21acl 365portal dst 137.135.41.12/32acl 365portal dst 137.135.42.195/32acl 365portal dst 137.135.43.100/32acl 365portal dst 137.135.44.5/32acl 365portal dst 137.135.44.73/32acl 365portal dst 137.135.48.128/32acl 365portal dst 138.91.17.43acl 365portal dst 138.91.17.108acl 365portal dst 138.91.18.52acl 365portal dst 138.91.2.208acl 365portal dst 138.91.2.210acl 365portal dst 138.91.2.212acl 365portal dst 157.55.45.128/25acl 365portal dst 157.55.59.128/25acl 365portal dst 157.55.80.175acl 365portal dst 157.55.80.182acl 365portal dst 157.55.84.13/32acl 365portal dst 157.55.84.19/32acl 365portal dst 157.55.84.80/32acl 365portal dst 157.55.84.237/32acl 365portal dst 157.55.130.0/25acl 365portal dst 157.55.145.0/25acl 365portal dst 157.55.155.0/25acl 365portal dst 157.55.168.18acl 365portal dst 157.55.176.63acl 365portal dst 157.55.185.100acl 365portal dst 157.55.194.46acl 365portal dst 157.55.208.198acl 365portal dst 157.55.227.192/26acl 365portal dst 157.55.252.101acl 365portal dst 157.56.0.0/16acl 365portal dst 168.61.33.178/32acl 365portal dst 168.61.35.252/32acl 365portal dst 168.61.36.121acl 365portal dst 168.61.37.63/32acl 365portal dst 168.61.38.105acl 365portal dst 168.61.39.14/32acl 365portal dst 168.61.82.81/32acl 365portal dst 168.61.83.48/32acl 365portal dst 168.61.85.180/32acl 365portal dst 168.61.85.193/32acl 365portal dst 168.61.144.76acl 365portal dst 168.61.208.197acl 365portal dst 168.62.4.28acl 365portal dst 168.62.11.24acl 365portal dst 168.62.11.117acl 365portal dst 168.62.16.112acl 365portal dst 168.62.16.140acl 365portal dst 168.62.16.149acl 365portal dst 168.62.24.104acl 365portal dst 168.62.24.114acl 365portal dst 168.62.24.150acl 365portal dst 168.62.41.25acl 365portal dst 168.62.42.89acl 365portal dst 168.62.52.198acl 365portal dst 168.62.52.203acl 365portal dst 168.62.60.71acl 365portal dst 168.62.60.80acl 365portal dst 168.62.104.146acl 365portal dst 168.62.176.34acl 365portal dst 168.62.179.4acl 365portal dst 168.62.180.151acl 365portal dst 168.63.16.66/32acl 365portal dst 168.63.16.112/32acl 365portal dst 168.63.16.114/32acl 365portal dst 168.63.16.141acl 365portal dst 168.63.17.221/32acl 365portal dst 168.63.25.227acl 365portal dst 168.63.27.2acl 365portal dst 168.63.166.200acl 365portal dst 168.63.165.67acl 365portal dst 168.63.164.177acl 365portal dst 168.63.208.73/32acl 365portal dst 168.63.213.203/32acl 365portal dst 168.63.214.35/32acl 365portal dst 168.63.216.117/32acl 365portal dst 168.63.250.173/32acl 365portal dst 168.63.252.39/32acl 365portal dst 168.63.252.71/32acl 365portal dst 191.232.2.128/25acl 365portal dst 191.233.32.111acl 365portal dst 191.233.32.201acl 365portal dst 191.234.6.0/24acl 365portal dst 191.235.135.139acl 365portal dst 191.235.135.222acl 365portal dst 191.236.192.179acl 365portal dst 191.237.128.159acl 365portal dst 191.238.80.160acl 365portal dst 191.238.81.69acl 365portal dst 191.238.83.220acl 365portal dst 207.46.57.128/25acl 365portal dst 207.46.70.0/24acl 365portal dst 207.46.73.250acl 365portal dst 207.46.198.0/25acl 365portal dst 207.46.206.0/23acl 365portal dst 207.46.216.54acl 365portal dst 213.199.128.58acl 365portal dst 213.199.128.91acl 365portal dst 213.199.148.0/23acl 365portal dst 213.199.182.128/25
# OFFICE ONLINEacl office365 dst 134.170.27.64/26acl office365 dst 134.170.48.0/26acl office365 dst 134.170.65.64/26acl office365 dst 134.170.128.192/26acl office365 dst 134.170.170.64/26acl office365 dst 191.232.2.64/26
acl dropbox dstdomain .dropbox.comacl icloud dstdomain .icloud.com
# Squid Cacheacl PURGE method PURGE
http_access deny manager !localhosthttp_access allow PURGE localhosthttp_access deny PURGE
# The method ACL type allows you to restrict access based on the request HTTP method, i.e. GET (used for downloading), POST (used for uploading) and CONNECT (used for SSL data transfers)# It is very important that you stop CONNECT type requests to non-SSL ports. The CONNECT method allows data transfer in any direction at any time, regardless of the transport protocol used.acl CONNECT method CONNECThttp_access deny CONNECT !SSL_ports
# Deny access to all ports except the ones definedhttp_access deny !Safe_ports# This blocks attempts to request http://localhost on the proxy server via the proxy. http_access deny localhost# Deny caching for everyone so that there is not caching at allcache deny all
http_access allow msdomainshttp_access allow lync2013http_access allow 365portalhttp_access allow office365http_access allow registarshttp_access allow dropboxhttp_access allow icloud
http_access allow CONNECT msdomainshttp_access allow CONNECT lync2013http_access allow CONNECT 365portalhttp_access allow CONNECT office365http_access allow CONNECT registarshttp_access allow CONNECT dropboxhttp_access allow CONNECT icloud
# Deny access to proxy to everyone except Authorized Users group in ADhttp_access deny !AuthorizedUsers
# Disable cachingalways_direct allow msdomains allalways_direct allow registars allalways_direct allow lync2013 allalways_direct allow 365portal allalways_direct allow office365 all
# Allow direct connection if the destination machine is on LANalways_direct allow lan_dst# Allow http access from machines on LANhttp_access allow lan_src# Default denyhttp_access deny allhttp_reply_access allow allicp_access allow all
# Squid should not check with neighbours'/parents' cache and should go to target web-server.hierarchy_stoplist cgi-bin ?
# Loggingcache_dir ufs c:/squid/var/cache 100 16 256access_log c:/squid/var/logs/access.log squidcache_log c:/squid/var/logs/cache.logcache_store_log nonelogfile_rotate 4log_ip_on_direct ondebug_options ALL,1log_fqdn off
# SquidGuardredirect_program c:/squidguard/squidguard.exe -c c:/squidguard/conf/squidguard.confredirect_children 5
# Cachingcache_mgr ittechs at oppy.comrefresh_pattern ^ftp: 1440 20% 10080refresh_pattern ^gopher: 1440 0% 1440refresh_pattern -i (/cgi-bin/|\?) 0 0% 0refresh_pattern . 0 20% 4320
# Dont cache these pagesacl DYNAMIC_CONTENT urlpath_regex cgi-bin \.cgi \.pl \.php3 \.asp \.phpno_cache deny DYNAMIC_CONTENT
# Other stuff?acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]upgrade_http0.9 deny shoutcastacl apache rep_header Server ^Apachebroken_vary_encoding allow apacheerror_directory c:/squid/share/errors/English
# Various features turned off.snmp_port 0icp_port 0htcp_port 0
coredump_dir c:/squid/var/cachepid_filename c:/squid/var/squid.pidmime_table c:/squid/etc/mime.confunlinkd_program c:/squid/libexec/unlinkd.exe
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20141007/45b92be1/attachment-0001.html>
More information about the squid-users
mailing list