[squid-users] Squid 3.5.9 Problems with Teamviewer

epytir auaauabubu at yahoo.de
Wed Apr 20 15:39:55 UTC 2016 

Hey Squid Users,

Sorry for my bad english im learning it currently.

I got a little problem with my squid proxy.
I installed it with ufdbguard and squidclamav and everything works fine.

The users login with kerberos ntlm or normal username passowrt
authentication.

My Problem is when Users start Teamviewer (every Version) some time
teamviewer doing nothing then the message "no connection please check proxy
settings" appears. Then i klick nothing after 10 more seconds the teamviewer
is connected without changing anything.
So Teamviewer needs up to 1 minute to connect through the proxy without i
need like 5 seconds.

Teamviewer is not blocked for the users with the problems and it connects
but needs to much time. I have 1500 User so the normal user dont understand
that he must wait and dont klick on change settings or abort.

I log squid in database and every connect i see is not blocked:
| 23731740 |   1461164861.040 | 2016-04-20 | 17:07:41  | 48 | ip  | TCP_MISS 
| 200 | 15623 | GET | www.teamviewer.com     | Username| FIRSTUP_PARENT    |
NULL | NULL   |
| 23733412 |   1461165077.533 | 2016-04-20 | 17:11:18  |  11 | ip  |
TCP_MEM_HIT | 200  |   15631 | GET   | www.teamviewer.com  | Username|
HIER_NONE         | NULL           | NULL      |

The parent Proxy is not the problem cause our old proxy is tmg from
microsoft and use the same proxy without teamviewer problems. (we want to
shutdown tmg cause its extremly slow and squid is so fast :) ) 


Here are some information:
Squid 3.5.9
UFDB 1.31-16
Server Ubuntu 14.04 LTS

Squid config snip:
auth_param negotiate program /usr/lib/squid3/negotiate_wrapper_auth  --ntlm 
/usr/lib/squid3/fakeauth_auth  --kerberos 
/usr/lib/squid3/negotiate_kerberos_auth -r -s GSS_C_NO_NA$
auth_param negotiate children 80
auth_param negotiate keep_alive on

auth_param ntlm program /usr/lib/squid3/fakeauth_auth x.x.x\DC
auth_param ntlm children 30
auth_param ntlm keep_alive off

#LDAP Authentication
auth_param basic program  /usr/lib/squid3/basic_ldap_auth -b
"dc=X,dc=X,dc=X" -D "XXX at X.X.X" -w "XXXXXXXXX" -v 3 -h ldaps://X.X.X
auth_param basic children 30
auth_param basic realm Domain-Internet-Proxy
auth_param basic credentialsttl 30 day  #How often ask for Login credentials
auth_param basic casesensitive off

acl ldap-auth proxy_auth REQUIRED # Rule authentication needed
never_direct allow all
# Deny requests to certain unsafe ports
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
#http_access allow CONNECT SSL_ports
http_access allow localnet
http_access allow localhost

#LDAP User are allowed to connect to the Internet
http_access allow ldap-auth
http_access allow CONNECT  SSL_ports ldap-auth


# And finally deny all other access to this proxy
http_access deny all
.
.
.

Normal ntlm dont work but we have some old programms that need ntlm so i use
fake tnlm for them browsers only use kerberos.

In squid log i see nothing no entrys for the connection time.

Hope someone got the same issues and solved it.

Greetings,

Epytir




 



--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-3-5-9-Problems-with-Teamviewer-tp4677176.html
Sent from the Squid - Users mailing list archive at Nabble.com.

More information about the squid-users mailing list