[squid-users] Windows Squid with AD authentication
Yuri Voinov
yvoinov at gmail.com
Thu May 12 17:23:24 UTC 2016
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hm.
We have Wiki: http://wiki.squid-cache.org/ConfigExamples#Authentication
with some examples. Is this hepls?
12.05.16 23:27, Nilesh Gavali пишет:
> Hello yuri;
> I haven't tried it as didn't know from where to start, So need some
documentation to start with , Squid on Widnows to be integrated with AD
authentication..
>
> Thanks & Regards
> Nilesh Suresh Gavali
>
>
>
>
> From: squid-users-request at lists.squid-cache.org
> To: squid-users at lists.squid-cache.org
> Date: 12/05/2016 17:55
> Subject: squid-users Digest, Vol 21, Issue 56
> Sent by: "squid-users" <squid-users-bounces at lists.squid-cache.org>
> -------------------------
>
>
>
> Send squid-users mailing list submissions to
> squid-users at lists.squid-cache.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://lists.squid-cache.org/listinfo/squid-users
> or, via email, send a message with subject or body 'help' to
> squid-users-request at lists.squid-cache.org
>
> You can reach the person managing the list at
> squid-users-owner at lists.squid-cache.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of squid-users digest..."
>
>
> Today's Topics:
>
> 1. Re: squid-users Digest, Vol 21, Issue 54 (Yuri Voinov)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Thu, 12 May 2016 22:55:47 +0600
> From: Yuri Voinov <yvoinov at gmail.com>
> To: squid-users at lists.squid-cache.org
> Subject: Re: [squid-users] squid-users Digest, Vol 21, Issue 54
> Message-ID: <27d6af04-7c67-0b8e-968f-2b3e7828200c at gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
>
> Condolences. Windows is not the most common platform for Squid.
>
> But personally I do not see a fundamental difference in the
> implementation of authentication with AD on Windows or Unix. You have
> already tried something to do or so, looking ready-to-use configuration?
>
>
> 12.05.16 23:15, Nilesh Gavali пишет:
> > Hello Antony;
> > we have Squid 3.5 on Windows 2012 R2 OS & for which I need to
> integrate squid with AD. I search online but all of the link are based
> on linux platform squid.
> > I am looking for squid running on Windows Platform which need to
> integrate with AD authentication.
>
> > Thanks & Regards
> > Nilesh Suresh Gavali
>
>
>
> > From: squid-users-request at lists.squid-cache.org
> > To: squid-users at lists.squid-cache.org
> > Date: 12/05/2016 17:33
> > Subject: squid-users Digest, Vol 21, Issue 54
> > Sent by: "squid-users"
<squid-users-bounces at lists.squid-cache.org>
> > -------------------------
>
>
>
> > Send squid-users mailing list submissions to
> > squid-users at lists.squid-cache.org
>
> > To subscribe or unsubscribe via the World Wide Web, visit
> > http://lists.squid-cache.org/listinfo/squid-users
> > or, via email, send a message with subject or body 'help' to
> > squid-users-request at lists.squid-cache.org
>
> > You can reach the person managing the list at
> > squid-users-owner at lists.squid-cache.org
>
> > When replying, please edit your Subject line so it is more specific
> > than "Re: Contents of squid-users digest..."
>
>
> > Today's Topics:
>
> > 1. Re: Problems configuring Squid with C-ICAP+Squidclamav
> > (SOLVED) (Amos Jeffries)
> > 2. Re: Linking with *SSL (Spil Oss)
> > 3. Re: Getting the full file content on a range
> request, but not
> > on EVERY get ... (Hans-Peter Jansen)
> > 4. Windows Squid with AD authentication (Nilesh Gavali)
> > 5. Re: Getting the full file content on a range request, but not
> > on EVERY get ... (Heiler Bemerguy)
> > 6. Re: Windows Squid with AD authentication (Antony Stone)
>
>
> > ----------------------------------------------------------------------
>
> > Message: 1
> > Date: Fri, 13 May 2016 00:00:05 +1200
> > From: Amos Jeffries <squid3 at treenet.co.nz>
> > To: squid-users at lists.squid-cache.org
> > Subject: Re: [squid-users] Problems configuring Squid with
> > C-ICAP+Squidclamav (SOLVED)
> > Message-ID: <dc535419-e24f-b6ee-00ac-45970ec67304 at treenet.co.nz>
> > Content-Type: text/plain; charset=utf-8
>
> > On 12/05/2016 11:13 p.m., C. L. Martinez wrote:
> > >
> > > But when squid sents an OPTIONS request to ICAP, why works when I
> use 127.0.0.1 and not localhost?? Maybe it is a problem with openbsd's
> package ...
> > >
>
> > It is quite possible. 127.0.0.1 is not the only address modern computers
> > use for localhost. Double check what your hosts file contains.
>
> > Amos
>
>
>
> > ------------------------------
>
> > Message: 2
> > Date: Thu, 12 May 2016 15:33:30 +0200
> > From: Spil Oss <spil.oss at gmail.com>
> > To: squid-users at lists.squid-cache.org, timp87 at gmail.com
> > Subject: Re: [squid-users] Linking with *SSL
> > Message-ID:
>
> <CAEJyAvM8O6uVCgSipvzXAK1OsUrH3izc7BVTgaS0kPkWmAn3BQ at mail.gmail.com>
> > Content-Type: text/plain; charset=UTF-8
>
> > > Hi!
> > > When we worked on squid port on FreeBSD one of the FreeBSD user
> > > (Bernard Spil) noticed:
> > >
> > > When working on this, I ran into another issue. Perhaps maintainer can
> > > fix that with upstream. I've now added LIBOPENSSL_LIBS="-lcrypto
> > > -lssl" because of configure failing in configure.ac line 1348.
> > >
> > > > AC_CHECK_LIB(ssl,[SSL_library_init],[LIBOPENSSL_LIBS="-lssl
> $LIBOPENSSL_LIBS"],[AC_MSG_ERROR([library 'ssl' is required for OpenSSL])
> > >
> > > You cannot link against libssl when not linking libcrypto as well
> > > leading to an error with LibreSSL. This check should add -lcrypto in
> > > addition to -lssl to pass.
> > >
> > > Is this something someone could take a look at?
>
> > Hi All,
>
> > Sorry for replying out-of-thread.
>
> > What happens is that the check for SSL_library_init fails as -lcrypto
> > is missing.
>
> > Output from configure
>
> > > checking for CRYPTO_new_ex_data in -lcrypto... yes
> > > checking for SSL_library_init in -lssl... no
> > > configure: error: library 'ssl' is required for OpenSSL
> > > ===> Script "configure" failed unexpectedly.
>
> > What I usually see in autoconf scripts is that temp CFLAGS etc are set
> > before the test for SSL libs and reversed after the test.
>
> > Adding LIBOPENSSL_LIBS="-lcrypto -lssl" to configure works as well
>
> > Would be great if you can fix this!
>
> > Thanks,
>
> > Bernard Spil.
> > https://wiki.freebsd.org/BernardSpil
> > https://wiki.freebsd.org/LibreSSL
> > https://wiki.freebsd.org/OpenSSL
>
>
> > ------------------------------
>
> > Message: 3
> > Date: Thu, 12 May 2016 16:06:40 +0200
> > From: Hans-Peter Jansen <hpj at urpla.net>
> > To: squid-users at lists.squid-cache.org
> > Subject: Re: [squid-users] Getting the full file content on a range
> > request, but not on EVERY get ...
> > Message-ID: <2575073.4c7f0552JP at xrated>
> > Content-Type: text/plain; charset="us-ascii"
>
> > On Mittwoch, 11. Mai 2016 21:37:17 Heiler Bemerguy wrote:
> > > Hey guys,
> > >
> > > First take a look at the log:
> > >
> > > root at proxy:/var/log/squid# tail -f access.log |grep
> > >
>
http://download.cdn.mozilla.net/pub/firefox/releases/45.0.1/update/win32/pt->
> BR/firefox-45.0.1.complete.mar 1463011781.572 8776 10.1.3.236
TCP_MISS/206
> > > 300520 GET
> > [...]
> > > Now think: An user is just doing a segmented/ranged download, right?
> > > Squid won't cache the file because it is a range-download, not a full
> > > file download.
> > > But I WANT squid to cache it. So I decide to use "range_offset_limit
> > > -1", but then on every GET squid will re-download the file from the
> > > beginning, opening LOTs of simultaneous connections and using too much
> > > bandwidth, doing just the OPPOSITE it's meant to!
> > >
> > > Is there a smart way to allow squid to download it from the
beginning to
> > > the end (to actually cache it), but only on the FIRST request/get?
Even
> > > if it makes the user wait for the full download, or cancel it
> > > temporarily, or.. whatever!! Anything!!
>
> > Well, this is exactly, what my squid_dedup helper was created for!
>
> > See my announcement:
>
> > Subject: [squid-users] New StoreID helper: squid_dedup
> > Date: Mon, 09 May 2016 23:56:45 +0200
>
> > My openSUSE environment is fetching _all_ updates with byte-ranges
> from many
> > servers. Therefor, I created squid_dedup.
>
> > Your specific config could look like this:
>
> > /etc/squid/dedup/mozilla.conf:
> > [mozilla]
> > match: http\:\/\/download\.cdn\.mozilla\.net/(.*)
> > replace: http://download.cdn.mozilla.net.%(intdomain)s/\1
<http://download.cdn.mozilla.net.%(intdomain)s//1>
> <http://download.cdn.mozilla.net.%(intdomain)s//1>
> > fetch: true
>
> > The fetch parameter is unique among the other StoreID helper (AFAIK):
> it is
> > fetching the object after a certain delay with a pool of fetcher
threads.
>
> > The idea is: after the first access for an object, wait a bit (global
> setting,
> > default: 15 secs), and then fetch the whole thing once. It won't solve
> > anything for the first client, but for all subsequent accesses.
>
> > The fetcher avoids fetching anything more than once by checking the http
> > headers.
>
> > This is a pretty new project, but be assured, that the basic
functions are
> > working fine, and I will do my best to solve any upcoming issues. It is
> > implemented with Python3 and prepared for supporting additional features
> > easily, while keeping a good part of an eye on efficiency.
>
> > Let me know, if you're going to try it.
>
> > Pete
>
>
> > ------------------------------
>
> > Message: 4
> > Date: Thu, 12 May 2016 17:46:36 +0100
> > From: Nilesh Gavali <nilesh.gavali at tcs.com>
> > To: squid-users at lists.squid-cache.org
> > Subject: [squid-users] Windows Squid with AD authentication
> > Message-ID:
>
> <OFC3392A46.462F0184-ON80257FB1.00598D57-80257FB1.0059AB8F at tcs.com>
> > Content-Type: text/plain; charset="utf-8"
>
> > Team;
> > we have squid running on Windows and need to integrate it with
Windows AD
> > .can anyone help me with steps to be perform to get this done.
>
> > Thanks & Regards
> > Nilesh Suresh Gavali
> > =====-----=====-----=====
> > Notice: The information contained in this e-mail
> > message and/or attachments to it may contain
> > confidential or privileged information. If you are
> > not the intended recipient, any dissemination, use,
> > review, distribution, printing or copying of the
> > information contained in this e-mail message
> > and/or attachments to it are strictly prohibited. If
> > you have received this communication in error,
> > please notify us by reply e-mail or telephone and
> > immediately and permanently delete the message
> > and any attachments. Thank you
>
>
> > -------------- next part --------------
> > An HTML attachment was scrubbed...
> > URL:
>
<http://lists.squid-cache.org/pipermail/squid-users/attachments/20160512/327a38cb/attachment-0001.html>
>
> > ------------------------------
>
> > Message: 5
> > Date: Thu, 12 May 2016 13:28:00 -0300
> > From: Heiler Bemerguy <heiler.bemerguy at cinbesa.com.br>
> > To: squid-users at lists.squid-cache.org
> > Subject: Re: [squid-users] Getting the full file content on a range
> > request, but not on EVERY get ...
> > Message-ID: <61bf3ff3-c8b2-647f-9b5e-3112b2f43d6c at cinbesa.com.br>
> > Content-Type: text/plain; charset="utf-8"; Format="flowed"
>
>
> > Hi Pete, thanks for replying... let me see if I got it right..
>
> > Will I need to specify every url/domain I want it to act on ? I want
> > squid to do it for every range-request downloads that should/would be
> > cached (based on other rules, pattern_refreshs etc)
>
> > It doesn't need to delay any downloads as long as it isn't a dupe of
> > what's already being downloaded.....
>
>
> > Best Regards,
>
>
> > --
> > Heiler Bemerguy - (91) 98151-4894
> > Assessor Técnico - CINBESA (91) 3184-1751
>
>
> > Em 12/05/2016 11:06, Hans-Peter Jansen escreveu:
> > > On Mittwoch, 11. Mai 2016 21:37:17 Heiler Bemerguy wrote:
> > >> Hey guys,
> > >>
> > >> First take a look at the log:
> > >>
> > >> root at proxy:/var/log/squid# tail -f access.log |grep
> > >>
>
http://download.cdn.mozilla.net/pub/firefox/releases/45.0.1/update/win32/pt->
> BR/firefox-45.0.1.complete.mar 1463011781.572 8776 10.1.3.236
TCP_MISS/206
> > >> 300520 GET
> > > [...]
> > >> Now think: An user is just doing a segmented/ranged download, right?
> > >> Squid won't cache the file because it is a range-download, not a full
> > >> file download.
> > >> But I WANT squid to cache it. So I decide to use "range_offset_limit
> > >> -1", but then on every GET squid will re-download the file from the
> > >> beginning, opening LOTs of simultaneous connections and using too
much
> > >> bandwidth, doing just the OPPOSITE it's meant to!
> > >>
> > >> Is there a smart way to allow squid to download it from the
> beginning to
> > >> the end (to actually cache it), but only on the FIRST
request/get? Even
> > >> if it makes the user wait for the full download, or cancel it
> > >> temporarily, or.. whatever!! Anything!!
> > > Well, this is exactly, what my squid_dedup helper was created for!
> > >
> > > See my announcement:
> > >
> > > Subject: [squid-users] New StoreID helper:
squid_dedup
> > > Date: Mon, 09 May 2016 23:56:45 +0200
> > >
> > > My openSUSE environment is fetching _all_ updates with byte-ranges
> from many
> > > servers. Therefor, I created squid_dedup.
> > >
> > > Your specific config could look like this:
> > >
> > > /etc/squid/dedup/mozilla.conf:
> > > [mozilla]
> > > match: http\:\/\/download\.cdn\.mozilla\.net/(.*)
> > > replace: http://download.cdn.mozilla.net.%(intdomain)s/\1
<http://download.cdn.mozilla.net.%(intdomain)s//1>
> <http://download.cdn.mozilla.net.%(intdomain)s//1>
> > > fetch: true
> > >
> > > The fetch parameter is unique among the other StoreID helper
> (AFAIK): it is
> > > fetching the object after a certain delay with a pool of fetcher
> threads.
> > >
> > > The idea is: after the first access for an object, wait a bit
> (global setting,
> > > default: 15 secs), and then fetch the whole thing once. It won't solve
> > > anything for the first client, but for all subsequent accesses.
> > >
> > > The fetcher avoids fetching anything more than once by checking
the http
> > > headers.
> > >
> > > This is a pretty new project, but be assured, that the basic
> functions are
> > > working fine, and I will do my best to solve any upcoming issues.
It is
> > > implemented with Python3 and prepared for supporting additional
features
> > > easily, while keeping a good part of an eye on efficiency.
> > >
> > > Let me know, if you're going to try it.
> > >
> > > Pete
> > > _______________________________________________
> > > squid-users mailing list
> > > squid-users at lists.squid-cache.org
> > > http://lists.squid-cache.org/listinfo/squid-users
>
> > -------------- next part --------------
> > An HTML attachment was scrubbed...
> > URL:
>
<http://lists.squid-cache.org/pipermail/squid-users/attachments/20160512/44b7d9df/attachment-0001.html>
>
> > ------------------------------
>
> > Message: 6
> > Date: Thu, 12 May 2016 18:34:08 +0200
> > From: Antony Stone <Antony.Stone at squid.open.source.it>
> > To: squid-users at lists.squid-cache.org
> > Subject: Re: [squid-users] Windows Squid with AD authentication
> > Message-ID: <201605121834.08490.Antony.Stone at squid.open.source.it>
> > Content-Type: Text/Plain; charset="iso-8859-15"
>
> > On Thursday 12 May 2016 at 18:46:36, Nilesh Gavali wrote:
>
> > > Team;
> > > we have squid running on Windows and need to integrate it with
> Windows AD
> > > .can anyone help me with steps to be perform to get this done.
>
> > This specific question has appeared a few times on this list only
> recently.
>
> > Have you so far:
>
> > - searched the list archives for likely answers to your question?
>
> > http://lists.squid-cache.org/pipermail/squid-users/
>
> > - consulted the Squid documentation for guidance?
>
> > http://www.squid-cache.org/Doc/
>
> > - looked for any independent HOWTOs etc which show how people have
> done this
> > in the past?
>
> > http://www.google.com/search?q=squid+active+directory+authentication
>
>
> > Here's some friendly advice:
>
> > 1. The more information you give us (such as: which version of Squid
> are you
> > using, which version of Windows are you running under, which form of
> > authentication are you using?), the easier it is for people here to
help.
>
> > 2. If you have tried something already and run into problems, tell us
> what you
> > have tried and what problems (log file extracts, complete client error
> message,
> > etc) you encountered, so we can offer specific suggestions.
>
> > 3. If you haven't yet tried to implement anything, at least let us
> know what
> > documentation you have looked up and what problems you encountered when
> > following it, so we can try to fill in the gaps.
>
>
> > Regards,
>
>
> > Antony.
>
> > --
> > Most people have more than the average number of legs.
>
> > Please reply to the
> list;
> > please *don't*
> CC me.
>
>
> > ------------------------------
>
> > Subject: Digest Footer
>
> > _______________________________________________
> > squid-users mailing list
> > squid-users at lists.squid-cache.org
> > http://lists.squid-cache.org/listinfo/squid-users
>
>
> > ------------------------------
>
> > End of squid-users Digest, Vol 21, Issue 54
> > *******************************************
>
>
>
> > _______________________________________________
> > squid-users mailing list
> > squid-users at lists.squid-cache.org
> > http://lists.squid-cache.org/listinfo/squid-users
>
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
<http://lists.squid-cache.org/pipermail/squid-users/attachments/20160512/db5c07e2/attachment.html>
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: 0x613DEC46.asc
> Type: application/pgp-keys
> Size: 2437 bytes
> Desc: not available
> URL:
<http://lists.squid-cache.org/pipermail/squid-users/attachments/20160512/db5c07e2/attachment.key>
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
>
> ------------------------------
>
> End of squid-users Digest, Vol 21, Issue 56
> *******************************************
>
>
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJXNLwMAAoJENNXIZxhPexGVLkH/20BtQFa3MdE4+2HtbkEj/kv
VTaY6qmmZ8iPcqrrs5BscgbdMeUGI/FN0EQp+Z7v3Ex2LDyHhwXsKEdgDvv/zjjq
m0nuosdwTFaNoxYVAOR0LpvAyVsCTYgKoroS0+OhCzTWMkdNn3okpimEowLqykTo
Vm9Pln2ly2FX0Kyr8t6sHYEC4eHcyzcyIy2SUqimHscTMsUWCvaNKvKSyrXijz91
cFFpkjJ48+y7diWAHF9bJnjbFNyuOWf56Kvo59Ss6qZBpFr7VPb/txcuVTtqlGts
PN4IOu1u1Gy40tCNNhD9V/HRC0HRZrO3n1/ZKwTqGpWu0maMX+4LyZ/7SEy6ZVM=
=F9CD
-----END PGP SIGNATURE-----
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160512/5f6966ca/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x613DEC46.asc
Type: application/pgp-keys
Size: 2437 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160512/5f6966ca/attachment-0001.key>
More information about the squid-users
mailing list