[squid-users] squid-users Digest, Vol 21, Issue 54

Nilesh Gavali nilesh.gavali at tcs.com
Thu May 12 17:15:44 UTC 2016


Hello Antony;
we have Squid 3.5 on Windows 2012 R2 OS & for which I need to integrate 
squid with AD. I search online but all of the link are based on linux 
platform squid.
I am looking for squid running on Windows Platform which need to integrate 
with AD authentication.

Thanks & Regards
Nilesh Suresh Gavali



From:   squid-users-request at lists.squid-cache.org
To:     squid-users at lists.squid-cache.org
Date:   12/05/2016 17:33
Subject:        squid-users Digest, Vol 21, Issue 54
Sent by:        "squid-users" <squid-users-bounces at lists.squid-cache.org>



Send squid-users mailing list submissions to
                 squid-users at lists.squid-cache.org

To subscribe or unsubscribe via the World Wide Web, visit
                 http://lists.squid-cache.org/listinfo/squid-users
or, via email, send a message with subject or body 'help' to
                 squid-users-request at lists.squid-cache.org

You can reach the person managing the list at
                 squid-users-owner at lists.squid-cache.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of squid-users digest..."


Today's Topics:

   1. Re: Problems configuring Squid with C-ICAP+Squidclamav
      (SOLVED) (Amos Jeffries)
   2. Re: Linking with *SSL (Spil Oss)
   3. Re: Getting the full file content on a range request, but not
      on EVERY get ... (Hans-Peter Jansen)
   4. Windows Squid with AD authentication (Nilesh Gavali)
   5. Re: Getting the full file content on a range request, but not
      on EVERY get ... (Heiler Bemerguy)
   6. Re: Windows Squid with AD authentication (Antony Stone)


----------------------------------------------------------------------

Message: 1
Date: Fri, 13 May 2016 00:00:05 +1200
From: Amos Jeffries <squid3 at treenet.co.nz>
To: squid-users at lists.squid-cache.org
Subject: Re: [squid-users] Problems configuring Squid with
                 C-ICAP+Squidclamav (SOLVED)
Message-ID: <dc535419-e24f-b6ee-00ac-45970ec67304 at treenet.co.nz>
Content-Type: text/plain; charset=utf-8

On 12/05/2016 11:13 p.m., C. L. Martinez wrote:
> 
> But when squid sents an OPTIONS request to ICAP, why works when I use 
127.0.0.1 and not localhost?? Maybe it is a problem with openbsd's package 
...
> 

It is quite possible. 127.0.0.1 is not the only address modern computers
use for localhost. Double check what your hosts file contains.

Amos



------------------------------

Message: 2
Date: Thu, 12 May 2016 15:33:30 +0200
From: Spil Oss <spil.oss at gmail.com>
To: squid-users at lists.squid-cache.org, timp87 at gmail.com
Subject: Re: [squid-users] Linking with *SSL
Message-ID:
 <CAEJyAvM8O6uVCgSipvzXAK1OsUrH3izc7BVTgaS0kPkWmAn3BQ at mail.gmail.com>
Content-Type: text/plain; charset=UTF-8

> Hi!
> When we worked on squid port on FreeBSD one of the FreeBSD user
> (Bernard Spil) noticed:
>
> When working on this, I ran into another issue. Perhaps maintainer can
> fix that with upstream. I've now added LIBOPENSSL_LIBS="-lcrypto
> -lssl" because of configure failing in configure.ac line 1348.
>
> > AC_CHECK_LIB(ssl,[SSL_library_init],[LIBOPENSSL_LIBS="-lssl 
$LIBOPENSSL_LIBS"],[AC_MSG_ERROR([library 'ssl' is required for OpenSSL])
>
> You cannot link against libssl when not linking libcrypto as well
> leading to an error with LibreSSL. This check should add -lcrypto in
> addition to -lssl to pass.
>
> Is this something someone could take a look at?

Hi All,

Sorry for replying out-of-thread.

What happens is that the check for SSL_library_init fails as -lcrypto
is missing.

Output from configure

> checking for CRYPTO_new_ex_data in -lcrypto... yes
> checking for SSL_library_init in -lssl... no
> configure: error: library 'ssl' is required for OpenSSL
> ===>  Script "configure" failed unexpectedly.

What I usually see in autoconf scripts is that temp CFLAGS etc are set
before the test for SSL libs and reversed after the test.

Adding LIBOPENSSL_LIBS="-lcrypto -lssl" to configure works as well

Would be great if you can fix this!

Thanks,

Bernard Spil.
https://wiki.freebsd.org/BernardSpil
https://wiki.freebsd.org/LibreSSL
https://wiki.freebsd.org/OpenSSL


------------------------------

Message: 3
Date: Thu, 12 May 2016 16:06:40 +0200
From: Hans-Peter Jansen <hpj at urpla.net>
To: squid-users at lists.squid-cache.org
Subject: Re: [squid-users] Getting the full file content on a range
                 request,                but not on EVERY get ...
Message-ID: <2575073.4c7f0552JP at xrated>
Content-Type: text/plain; charset="us-ascii"

On Mittwoch, 11. Mai 2016 21:37:17 Heiler Bemerguy wrote:
> Hey guys,
> 
> First take a look at the log:
> 
> root at proxy:/var/log/squid# tail -f access.log |grep
> 
http://download.cdn.mozilla.net/pub/firefox/releases/45.0.1/update/win32/pt-
> BR/firefox-45.0.1.complete.mar 1463011781.572   8776 10.1.3.236 
TCP_MISS/206
> 300520 GET
[...] 
> Now think: An user is just doing a segmented/ranged download, right?
> Squid won't cache the file because it is a range-download, not a full
> file download.
> But I WANT squid to cache it. So I decide to use "range_offset_limit
> -1", but then on every GET squid will re-download the file from the
> beginning, opening LOTs of simultaneous connections and using too much
> bandwidth, doing just the OPPOSITE it's meant to!
> 
> Is there a smart way to allow squid to download it from the beginning to
> the end (to actually cache it), but only on the FIRST request/get? Even
> if it makes the user wait for the full download, or cancel it
> temporarily, or.. whatever!! Anything!!

Well, this is exactly, what my squid_dedup helper was created for!

See my announcement: 

                 Subject: [squid-users] New StoreID helper: squid_dedup
                 Date: Mon, 09 May 2016 23:56:45 +0200

My openSUSE environment is fetching _all_ updates with byte-ranges from 
many 
servers. Therefor, I created squid_dedup.

Your specific config could look like this:

/etc/squid/dedup/mozilla.conf:
[mozilla]
match: http\:\/\/download\.cdn\.mozilla\.net/(.*)
replace: http://download.cdn.mozilla.net.%(intdomain)s/\1
fetch: true

The fetch parameter is unique among the other StoreID helper (AFAIK): it 
is 
fetching the object after a certain delay with a pool of fetcher threads.

The idea is: after the first access for an object, wait a bit (global 
setting, 
default: 15 secs), and then fetch the whole thing once. It won't solve 
anything for the first client, but for all subsequent accesses. 

The fetcher avoids fetching anything more than once by checking the http 
headers.

This is a pretty new project, but be assured, that the basic functions are 

working fine, and I will do my best to solve any upcoming issues. It is 
implemented with Python3 and prepared for supporting additional features 
easily, while keeping a good part of an eye on efficiency.

Let me know, if you're going to try it.

Pete


------------------------------

Message: 4
Date: Thu, 12 May 2016 17:46:36 +0100
From: Nilesh Gavali <nilesh.gavali at tcs.com>
To: squid-users at lists.squid-cache.org
Subject: [squid-users] Windows Squid with AD authentication
Message-ID:
 <OFC3392A46.462F0184-ON80257FB1.00598D57-80257FB1.0059AB8F at tcs.com>
Content-Type: text/plain; charset="utf-8"

Team;
we have squid running on Windows and need to integrate it with Windows AD 
.can anyone help me with steps to be perform to get this done.

Thanks & Regards
Nilesh Suresh Gavali
=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain 
confidential or privileged information. If you are 
not the intended recipient, any dissemination, use, 
review, distribution, printing or copying of the 
information contained in this e-mail message 
and/or attachments to it are strictly prohibited. If 
you have received this communication in error, 
please notify us by reply e-mail or telephone and 
immediately and permanently delete the message 
and any attachments. Thank you


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <
http://lists.squid-cache.org/pipermail/squid-users/attachments/20160512/327a38cb/attachment-0001.html
>

------------------------------

Message: 5
Date: Thu, 12 May 2016 13:28:00 -0300
From: Heiler Bemerguy <heiler.bemerguy at cinbesa.com.br>
To: squid-users at lists.squid-cache.org
Subject: Re: [squid-users] Getting the full file content on a range
                 request, but not on EVERY get ...
Message-ID: <61bf3ff3-c8b2-647f-9b5e-3112b2f43d6c at cinbesa.com.br>
Content-Type: text/plain; charset="utf-8"; Format="flowed"


Hi Pete, thanks for replying... let me see if I got it right..

Will I need to specify every url/domain I want it to act on ? I want 
squid to do it for every range-request downloads that should/would be 
cached (based on other rules, pattern_refreshs etc)

It doesn't need to delay any downloads as long as it isn't a dupe of 
what's already being downloaded.....


Best Regards,


-- 
Heiler Bemerguy - (91) 98151-4894
Assessor T├ęcnico - CINBESA (91) 3184-1751


Em 12/05/2016 11:06, Hans-Peter Jansen escreveu:
> On Mittwoch, 11. Mai 2016 21:37:17 Heiler Bemerguy wrote:
>> Hey guys,
>>
>> First take a look at the log:
>>
>> root at proxy:/var/log/squid# tail -f access.log |grep
>> 
http://download.cdn.mozilla.net/pub/firefox/releases/45.0.1/update/win32/pt-
> BR/firefox-45.0.1.complete.mar 1463011781.572   8776 10.1.3.236 
TCP_MISS/206
>> 300520 GET
> [...]
>> Now think: An user is just doing a segmented/ranged download, right?
>> Squid won't cache the file because it is a range-download, not a full
>> file download.
>> But I WANT squid to cache it. So I decide to use "range_offset_limit
>> -1", but then on every GET squid will re-download the file from the
>> beginning, opening LOTs of simultaneous connections and using too much
>> bandwidth, doing just the OPPOSITE it's meant to!
>>
>> Is there a smart way to allow squid to download it from the beginning 
to
>> the end (to actually cache it), but only on the FIRST request/get? Even
>> if it makes the user wait for the full download, or cancel it
>> temporarily, or.. whatever!! Anything!!
> Well, this is exactly, what my squid_dedup helper was created for!
>
> See my announcement:
>
>                Subject: [squid-users] New StoreID helper: squid_dedup
>                Date: Mon, 09 May 2016 23:56:45 +0200
>
> My openSUSE environment is fetching _all_ updates with byte-ranges from 
many
> servers. Therefor, I created squid_dedup.
>
> Your specific config could look like this:
>
> /etc/squid/dedup/mozilla.conf:
> [mozilla]
> match: http\:\/\/download\.cdn\.mozilla\.net/(.*)
> replace: http://download.cdn.mozilla.net.%(intdomain)s/\1
> fetch: true
>
> The fetch parameter is unique among the other StoreID helper (AFAIK): it 
is
> fetching the object after a certain delay with a pool of fetcher 
threads.
>
> The idea is: after the first access for an object, wait a bit (global 
setting,
> default: 15 secs), and then fetch the whole thing once. It won't solve
> anything for the first client, but for all subsequent accesses.
>
> The fetcher avoids fetching anything more than once by checking the http
> headers.
>
> This is a pretty new project, but be assured, that the basic functions 
are
> working fine, and I will do my best to solve any upcoming issues. It is
> implemented with Python3 and prepared for supporting additional features
> easily, while keeping a good part of an eye on efficiency.
>
> Let me know, if you're going to try it.
>
> Pete
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <
http://lists.squid-cache.org/pipermail/squid-users/attachments/20160512/44b7d9df/attachment-0001.html
>

------------------------------

Message: 6
Date: Thu, 12 May 2016 18:34:08 +0200
From: Antony Stone <Antony.Stone at squid.open.source.it>
To: squid-users at lists.squid-cache.org
Subject: Re: [squid-users] Windows Squid with AD authentication
Message-ID: <201605121834.08490.Antony.Stone at squid.open.source.it>
Content-Type: Text/Plain;  charset="iso-8859-15"

On Thursday 12 May 2016 at 18:46:36, Nilesh Gavali wrote:

> Team;
> we have squid running on Windows and need to integrate it with Windows 
AD
> .can anyone help me with steps to be perform to get this done.

This specific question has appeared a few times on this list only 
recently.

Have you so far:

 - searched the list archives for likely answers to your question?

http://lists.squid-cache.org/pipermail/squid-users/

 - consulted the Squid documentation for guidance?

http://www.squid-cache.org/Doc/

 - looked for any independent HOWTOs etc which show how people have done 
this 
in the past?

http://www.google.com/search?q=squid+active+directory+authentication


Here's some friendly advice:

1. The more information you give us (such as: which version of Squid are 
you 
using, which version of Windows are you running under, which form of 
authentication are you using?), the easier it is for people here to help.

2. If you have tried something already and run into problems, tell us what 
you 
have tried and what problems (log file extracts, complete client error 
message, 
etc) you encountered, so we can offer specific suggestions.

3. If you haven't yet tried to implement anything, at least let us know 
what 
documentation you have looked up and what problems you encountered when 
following it, so we can try to fill in the gaps.


Regards,


Antony.

-- 
Most people have more than the average number of legs.

                                                   Please reply to the 
list;
                                                         please *don't* CC 
me.


------------------------------

Subject: Digest Footer

_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users


------------------------------

End of squid-users Digest, Vol 21, Issue 54
*******************************************

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160512/0fd99a76/attachment-0001.html>


More information about the squid-users mailing list