<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns="http://www.w3.org/TR/REC-html40">

<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<!--[if !mso]>
<style>
v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style>
<![endif]-->
<style>
<!--
 /* Font Definitions */
 @font-face
        {font-family:Courier;
        panose-1:2 7 4 9 2 2 5 2 4 4;}
@font-face
        {font-family:Tahoma;
        panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
        {font-family:sans-serif;
        panose-1:0 0 0 0 0 0 0 0 0 0;}
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0cm;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman";}
a:link, span.MsoHyperlink
        {color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {color:blue;
        text-decoration:underline;}
pre
        {margin:0cm;
        margin-bottom:.0001pt;
        background:#F0ECE6;
        border:none;
        padding:0cm;
        font-size:10.0pt;
        font-family:Courier;}
span.E-mailStijl17
        {mso-style-type:personal-reply;
        font-family:Arial;
        color:navy;}
@page Section1
        {size:595.3pt 841.9pt;
        margin:70.85pt 70.85pt 70.85pt 70.85pt;}
div.Section1
        {page:Section1;}
-->
</style>

</head>

<body lang=NL link=blue vlink=blue>

<div class=Section1>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Hai. <o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>First before you read through all. <o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Please check if the squid user kan read
the keytab file.<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>This can be a thing. And check the KVNO
with the auth here can be a mismatch also. <o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Second, test with in the negotiate
wrapper. <o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>    --kerberos
/usr/lib/squid/negotiate_kerberos_auth -s GSS_C_NO_NAME <o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>I did read. <o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><a
href="http://wiki.squid-cache.org/ConfigExamples/Authenticate/WindowsActiveDirectory">http://wiki.squid-cache.org/ConfigExamples/Authenticate/WindowsActiveDirectory</a><o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>This is not entry correct anymore due to
last changed in samba, dont know how this applies to Win 2012 ADDC these
patches also applied to windows. <o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Sorry no windows here anymore, only samba.<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Now, below is all tested on debian with
samba 4.4.3 AD and squid 3.5.19. <o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>This needed te be added in smb.conf to
make sure all auth is done over encrypted layers. <o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>    server signing = mandatory<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>    ntlm auth = no<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>    #Add and Update TLS Key of your proxy
and Root ) <o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>    tls enabled = yes<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>    tls keyfile = /etc/ssl/local/private/-proxy.key.pem<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>    tls certfile = /etc/ssl/local/certs/proxy.cert.pem<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>    tls cafile = /etc/ssl/certs/INTERNALROOT-ca.pem<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Extra info  on  tls cafile =
/etc/ssl/certs/INTERNALROOT-ca.pem. <o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>The original file is located in
/usr/local/ca-certificates/companyname/ <o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>When the “correct” ca setup is
done, then you see a simlink in /etc/ssl/certs. <o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>The “correct” way to setup the
ROOT CA  Look here. <o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><a
href="http://ram.kossboss.com/debian-install-trusted-ssl/">http://ram.kossboss.com/debian-install-trusted-ssl/</a>
<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>works fine also with own certs, thats what
i use internal here also.<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>In /etc/ldap/ldap.conf<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Make sure you have al least. <o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'># TLS certificates (needed for GnuTLS)<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>TLS_CACERT     
/etc/ssl/certs/ca-certificates.crt<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>TLS_REQCERT allow <o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>This is what i now use in squid auth. <o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Kerberos , fallback to NTLM , fallback to
basic LDAP(S) auth.<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>auth_param negotiate program
/usr/lib/squid/negotiate_wrapper_auth \<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>    --kerberos
/usr/lib/squid/negotiate_kerberos_auth -s HTTP/proxy1.internal.dnsdomain.tld@REALM
\<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>    --ntlm /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp --domain=NTDOMAIN<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'># A NOT SSL HOST format –h setup. <o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>#auth_param basic program /usr/lib/squid/basic_ldap_auth
-R -v 3 \<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>#    -b "ou=Office,dc=internal,dc=domain,dc=tld"
\<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>#    -D bind-user@REALM \<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>#    -W /etc/squid/private/bind-user \<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>#    -f (sAMAccountName=%s) \<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>#    -h dc2.internal.dnsdomain.tld \<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>#    -h dc1.internal.dnsdomain.tld<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>## A SSL enabled URI format -H  setup<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>auth_param basic program
/usr/lib/squid/basic_ldap_auth -R -v 3 \<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>    -b "ou=Office,dc=internal,dc=domain,dc=tld"
\<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>    -D bind-user@REALM \<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>    -W /etc/squid/private/bind-user \<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>    -f sAMAccountName=%s \<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>    -H ldaps:// dc2.internal.dnsdomain.tld
\<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>    -H ldaps://dc1.internal.dnsdomain.tld \<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>For /etc/krb5.conf  i only have <o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>[libdefaults]<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>    default_realm = REALM<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>    dns_lookup_kdc = true<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>    dns_lookup_realm = false<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>If above does not help, well then ask for
more help here.  <o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Greetz, <o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Louis<o:p></o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>

<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>

<div style='border:none;border-left:solid blue 1.5pt;padding:0cm 0cm 0cm 4.0pt'>

<div>

<div class=MsoNormal align=center style='text-align:center'><font size=3
face="Times New Roman"><span style='font-size:12.0pt'>

<hr size=2 width="100%" align=center tabindex=-1>

</span></font></div>

<p class=MsoNormal><b><font size=2 face=Tahoma><span style='font-size:10.0pt;
font-family:Tahoma;font-weight:bold'>Van:</span></font></b><font size=2
face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'> Nilesh Gavali
[mailto:nilesh.gavali@tcs.com] <br>
<b><span style='font-weight:bold'>Verzonden:</span></b> woensdag 1 juni 2016
14:45<br>
<b><span style='font-weight:bold'>Aan:</span></b> L.P.H. van Belle<br>
<b><span style='font-weight:bold'>CC:</span></b> squid-users@squid-cache.org<br>
<b><span style='font-weight:bold'>Onderwerp:</span></b> RE: missing
negotiate_kerberos_auth on my squid</span></font><o:p></o:p></p>

</div>

<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'><o:p> </o:p></span></font></p>

<p class=MsoNormal><font size=2 face=sans-serif><span style='font-size:10.0pt;
font-family:sans-serif'>Hi Louise;</span></font> <br>
<font size=2 face=sans-serif><span style='font-size:10.0pt;font-family:sans-serif'>refer
the comment on below questions.</span></font> <br>
<br>
<font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'> </span></font>
<br>
<font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>1)</span></font><font
size=1><span style='font-size:7.5pt'>       </span></font><font
size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>is the time
in sync with the proxy and AD server?  - YES</span></font> <br>
<font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>2)</span></font><font
size=1><span style='font-size:7.5pt'>       </span></font><font
size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>Did you set
the krb5.conf  with or without the enctypes types? it is set with enctypes</span></font>
<br>
<font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>3)</span></font><font
size=1><span style='font-size:7.5pt'>       </span></font><font
size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>Which
browser are you using? we tried using IE and chorme.</span></font> <br>
<font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>4)</span></font><font
size=1><span style='font-size:7.5pt'>       </span></font><font
size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>Did you
configure the browser to use the kerberos auth? YES.</span></font> <br>
<font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>5)</span></font><font
size=1><span style='font-size:7.5pt'>       </span></font><font
size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>Did the PC
join the domain, and are u using a domain user login? YES.</span></font> <br>
<font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>6)</span></font><font
size=1><span style='font-size:7.5pt'>       </span></font><font
size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>Does kinit
user@REALM work?  ( kdestroy to remove the user ticket ) YES. it shows the
desire O/P</span></font> <br>
<font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>7)</span></font><font
size=1><span style='font-size:7.5pt'>       </span></font><font
size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>Last, does
the proxy server have an A and PTR record? YES.</span></font> <br>
<br>
<font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>below
error got in cache.log</span></font> <br>
<br>
<font size=2 face=sans-serif><span style='font-size:10.0pt;font-family:sans-serif'>negotiate_kerberos_auth:ERROR:
gss_accept_sec_context() failed: Unsepecified GSS failure. Minor code may
provide more information.</span></font> <br>
<font size=2 face=sans-serif><span style='font-size:10.0pt;font-family:sans-serif'>Kid1
| ERROR: negotiate Authentication validating user. Error returned 'BH
gss_accept_sec_context_() failed: Unspecified GSS failure. Minor code may
provide more information.</span></font> <br>
<br>
<br>
<font size=2 face=sans-serif><span style='font-size:10.0pt;font-family:sans-serif'>Thanks
& Regards<br>
Nilesh Suresh Gavali<br>
</span></font><br>
<font size=2 face=sans-serif><span style='font-size:10.0pt;font-family:sans-serif'><br>
</span></font><br>
<br>
<br>
<br>
<font size=1 color="#5f5f5f" face=sans-serif><span style='font-size:7.5pt;
font-family:sans-serif;color:#5F5F5F'>From:        </span></font><font
size=1 face=sans-serif><span style='font-size:7.5pt;font-family:sans-serif'>L.P.H.
van Belle <belle@bazuin.nl></span></font> <br>
<font size=1 color="#5f5f5f" face=sans-serif><span style='font-size:7.5pt;
font-family:sans-serif;color:#5F5F5F'>To:        </span></font><font
size=1 face=sans-serif><span style='font-size:7.5pt;font-family:sans-serif'>Nilesh
Gavali <nilesh.gavali@tcs.com></span></font> <br>
<font size=1 color="#5f5f5f" face=sans-serif><span style='font-size:7.5pt;
font-family:sans-serif;color:#5F5F5F'>Cc:        </span></font><font
size=1 face=sans-serif><span style='font-size:7.5pt;font-family:sans-serif'>squid-users@squid-cache.org
<squid-users@squid-cache.org></span></font> <br>
<font size=1 color="#5f5f5f" face=sans-serif><span style='font-size:7.5pt;
font-family:sans-serif;color:#5F5F5F'>Date:        </span></font><font
size=1 face=sans-serif><span style='font-size:7.5pt;font-family:sans-serif'>01/06/2016
09:53</span></font> <br>
<font size=1 color="#5f5f5f" face=sans-serif><span style='font-size:7.5pt;
font-family:sans-serif;color:#5F5F5F'>Subject:        </span></font><font
size=1 face=sans-serif><span style='font-size:7.5pt;font-family:sans-serif'>RE:
missing negotiate_kerberos_auth on my squid</span></font> <o:p></o:p></p>

<div class=MsoNormal align=center style='text-align:center'><font size=3
face="Times New Roman"><span style='font-size:12.0pt'>

<hr size=2 width="100%" noshade color="#a0a0a0" align=center>

</span></font></div>

<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'><br>
<br>
<br>
</span></font><font size=2 face=Arial><span style='font-size:10.0pt;font-family:
Arial'>Wel first, great, you made it to install it, </span></font><br>
<font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'> </span></font>
<br>
<font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>Yes,
but your auth pop-up can be normal, but we need more info, this can be multple
things. </span></font><br>
<font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'> </span></font>
<br>
<font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>So,
few small questions. </span></font><br>
<font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'> </span></font>
<br>
<font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>1)</span></font><font
size=1><span style='font-size:7.5pt'>       </span></font><font
size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>is the time
in sync with the proxy and AD server? </span></font><br>
<font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>2)</span></font><font
size=1><span style='font-size:7.5pt'>       </span></font><font
size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>Did you set
the krb5.conf  with or without the enctypes types? </span></font><br>
<font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>3)</span></font><font
size=1><span style='font-size:7.5pt'>       </span></font><font
size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>Which
browser are you using?</span></font> <br>
<font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>4)</span></font><font
size=1><span style='font-size:7.5pt'>       </span></font><font
size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>Did you
configure the browser to use the kerberos auth? </span></font><br>
<font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>5)</span></font><font
size=1><span style='font-size:7.5pt'>       </span></font><font
size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>Did the PC
join the domain, and are u using a domain user login? </span></font><br>
<font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>6)</span></font><font
size=1><span style='font-size:7.5pt'>       </span></font><font
size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>Does kinit
user@REALM work?  ( kdestroy to remove the user ticket ) </span></font><br>
<font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>7)</span></font><font
size=1><span style='font-size:7.5pt'>       </span></font><font
size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>Last, does
the proxy server have an A and PTR record? </span></font><br>
<font size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'> </span></font>
<br>
<font size=2 color=navy face=Arial><span style='font-size:10.0pt;font-family:
Arial;color:navy'>Also check this site, review your settings. </span></font><br>
<a
href="https://ping.force.com/Support/PingFederate/Integrations/How-to-configure-supported-browsers-for-Kerberos-NTLM"><font
size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'>https://ping.force.com/Support/PingFederate/Integrations/How-to-configure-supported-browsers-for-Kerberos-NTLM</span></font></a><font
size=2 color=navy face=Arial><span style='font-size:10.0pt;font-family:Arial;
color:navy'> </span></font><br>
<font size=2 color=navy face=Arial><span style='font-size:10.0pt;font-family:
Arial;color:navy'> </span></font> <br>
<font size=2 color=navy face=Arial><span style='font-size:10.0pt;font-family:
Arial;color:navy'>And last tip your auth line. </span></font><br>
<font size=2 color=navy face=Arial><span style='font-size:10.0pt;font-family:
Arial;color:navy'>auth_param negotiate program
/usr/lib/squid/negotiate_kerberos_auth -s </span></font><a
href="mailto:HTTP/hostname.domain.org@DOMAIN.ORG"><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'>HTTP/hostname.domain.org@DOMAIN.ORG</span></font></a><font
size=2 color=navy face=Arial><span style='font-size:10.0pt;font-family:Arial;
color:navy'> </span></font><br>
<font size=2 color=navy face=Arial><span style='font-size:10.0pt;font-family:
Arial;color:navy'> </span></font> <br>
<font size=2 color=navy face=Arial><span style='font-size:10.0pt;font-family:
Arial;color:navy'>Can also be a problem so test, if the upn is setup
incorrectly, then above does not work, below the should work. </span></font><br>
<font size=2 color=navy face=Arial><span style='font-size:10.0pt;font-family:
Arial;color:navy'>auth_param negotiate program
/usr/lib/squid/negotiate_kerberos_auth -s GSS_C_NO_NAME</span></font> <br>
<font size=2 color=navy face=Arial><span style='font-size:10.0pt;font-family:
Arial;color:navy'> </span></font> <br>
<font size=2 color=navy face=Arial><span style='font-size:10.0pt;font-family:
Arial;color:navy'>add  -d to get more debug info. </span></font><br>
<font size=2 color=navy face=Arial><span style='font-size:10.0pt;font-family:
Arial;color:navy'> </span></font> <br>
<font size=2 color=navy face=Arial><span style='font-size:10.0pt;font-family:
Arial;color:navy'>greetz, </span></font><br>
<font size=2 color=navy face=Arial><span style='font-size:10.0pt;font-family:
Arial;color:navy'> </span></font> <br>
<font size=2 color=navy face=Arial><span style='font-size:10.0pt;font-family:
Arial;color:navy'>Louis</span></font> <br>
<font size=2 color=navy face=Arial><span style='font-size:10.0pt;font-family:
Arial;color:navy'> </span></font> <o:p></o:p></p>

<div class=MsoNormal align=center style='text-align:center'><font size=3
face="Times New Roman"><span style='font-size:12.0pt'>

<hr size=2 width="100%" align=center>

</span></font></div>

<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'><br>
</span></font><b><font size=2 face=Tahoma><span style='font-size:10.0pt;
font-family:Tahoma;font-weight:bold'>Van:</span></font></b><font size=2
face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'> Nilesh Gavali [</span></font><a
href="mailto:nilesh.gavali@tcs.com"><font size=2 face=Tahoma><span
style='font-size:10.0pt;font-family:Tahoma'>mailto:nilesh.gavali@tcs.com</span></font></a><font
size=2 face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'>] <b><span
style='font-weight:bold'><br>
Verzonden:</span></b> dinsdag 31 mei 2016 21:20<b><span style='font-weight:
bold'><br>
Aan:</span></b> squid-users@lists.squid-cache.org<b><span style='font-weight:
bold'><br>
CC:</span></b> L.P.H. van Belle<b><span style='font-weight:bold'><br>
Onderwerp:</span></b> missing negotiate_kerberos_auth on my squid</span></font>
<br>
  <br>
<font size=2 face=sans-serif><span style='font-size:10.0pt;font-family:sans-serif'>Hello
All;</span></font> <br>
<font size=2 face=sans-serif><span style='font-size:10.0pt;font-family:sans-serif'><br>
Configured the steps require for kerberos authentication as given at </span></font><a
href="http://wiki.squid-cache.org/ConfigExamples/Authenticate/Kerberos"><font
size=2 face=sans-serif><span style='font-size:10.0pt;font-family:sans-serif'>http://wiki.squid-cache.org/ConfigExamples/Authenticate/Kerberos</span></font></a>
<font size=2 face=sans-serif><span style='font-size:10.0pt;font-family:sans-serif'><br>
but instead of SSO to work when we try to open url; it is prompt for username
and password, when passing credential it is not authenticating.</span></font> <font
size=2 face=sans-serif><span style='font-size:10.0pt;font-family:sans-serif'><br>
attached is our squid config for your reference. </span></font><br>
<font size=2 face=sans-serif><span style='font-size:10.0pt;font-family:sans-serif'><br>
Kindly let us know what went wrong.</span></font> <br>
<font size=2 face=sans-serif><span style='font-size:10.0pt;font-family:sans-serif'><br>
we are using windows 2012 AD.</span></font> <br>
<br>
<br>
<font size=2 face=sans-serif><span style='font-size:10.0pt;font-family:sans-serif'><br>
Thanks & Regards<br>
Nilesh Suresh Gavali</span></font><br>
<br>
<br>
<br>
<font size=1 color="#5f5f5f" face=sans-serif><span style='font-size:7.5pt;
font-family:sans-serif;color:#5F5F5F'><br>
From:        </span></font><font size=1 face=sans-serif><span
style='font-size:7.5pt;font-family:sans-serif'>Nilesh Gavali/MUM/TCS</span></font>
<font size=1 color="#5f5f5f" face=sans-serif><span style='font-size:7.5pt;
font-family:sans-serif;color:#5F5F5F'><br>
To:        </span></font><font size=1 face=sans-serif><span
style='font-size:7.5pt;font-family:sans-serif'>squid-users@lists.squid-cache.org,
belle@bazuin.nl</span></font> <font size=1 color="#5f5f5f" face=sans-serif><span
style='font-size:7.5pt;font-family:sans-serif;color:#5F5F5F'><br>
Date:        </span></font><font size=1 face=sans-serif><span
style='font-size:7.5pt;font-family:sans-serif'>27/05/2016 15:07</span></font> <font
size=1 color="#5f5f5f" face=sans-serif><span style='font-size:7.5pt;font-family:
sans-serif;color:#5F5F5F'><br>
Subject:        </span></font><font size=1 face=sans-serif><span
style='font-size:7.5pt;font-family:sans-serif'> missing negotiate_kerberos_auth
on my squid</span></font> <o:p></o:p></p>

<div class=MsoNormal align=center style='text-align:center'><font size=3
face="Times New Roman"><span style='font-size:12.0pt'>

<hr size=2 width="100%" noshade color="#a0a0a0" align=center>

</span></font></div>

<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'><br>
<br>
</span></font><font size=2 face=sans-serif><span style='font-size:10.0pt;
font-family:sans-serif'><br>
Thanks louise for reply.</span></font> <br>
<font size=2 face=sans-serif><span style='font-size:10.0pt;font-family:sans-serif'><br>
but</span></font> <br>
<font size=2 face="Courier New"><span style='font-size:10.0pt;font-family:"Courier New"'><br>
Should be include imo. -- <b><span style='font-weight:bold'>not sure what is
imo</span></b><br>
<br>
<br>
<br>
Shoud be in any Squid-3.2 and later.<br>
<br>
<br>
<br>
And on my debian server its locate here. <br>
<br>
/usr/lib/squid/negotiate_kerberos_auth - <b><span style='font-weight:bold'>check
the path but it is not there on my linux box.</span></b><br>
<br>
<br>
<br>
Did you enable : --enable-auth-negotiate=kerberos,wrapper on compile ?
 ---- <b><span style='font-weight:bold'>NO didn't gave this option while
compilation</span></b><br>
<br>
<br>
<br>
Run squid –v to check it. -- we have"--enable-auth-negotiate"
only and some other configured option.</span></font> <br>
<font size=2 face="Courier New"><span style='font-size:10.0pt;font-family:"Courier New"'><br>
can you help me how to get hit recomipled with reuqire options.</span></font> <br>
<br>
<font size=2 face=sans-serif><span style='font-size:10.0pt;font-family:sans-serif'><br>
Thanks & Regards<br>
Nilesh Suresh Gavali</span></font><br>
<font size=1 color=purple face=sans-serif><span style='font-size:7.5pt;
font-family:sans-serif;color:purple'><br>
----- Forwarded by Nilesh Gavali/MUM/TCS on 27/05/2016 15:01 -----</span></font>
<br>
<font size=1 color="#5f5f5f" face=sans-serif><span style='font-size:7.5pt;
font-family:sans-serif;color:#5F5F5F'><br>
From:        </span></font><font size=1 face=sans-serif><span
style='font-size:7.5pt;font-family:sans-serif'>squid-users-request@lists.squid-cache.org</span></font>
<font size=1 color="#5f5f5f" face=sans-serif><span style='font-size:7.5pt;
font-family:sans-serif;color:#5F5F5F'><br>
To:        </span></font><font size=1 face=sans-serif><span
style='font-size:7.5pt;font-family:sans-serif'>squid-users@lists.squid-cache.org</span></font>
<font size=1 color="#5f5f5f" face=sans-serif><span style='font-size:7.5pt;
font-family:sans-serif;color:#5F5F5F'><br>
Date:        </span></font><font size=1 face=sans-serif><span
style='font-size:7.5pt;font-family:sans-serif'>27/05/2016 12:42</span></font> <font
size=1 color="#5f5f5f" face=sans-serif><span style='font-size:7.5pt;font-family:
sans-serif;color:#5F5F5F'><br>
Subject:        </span></font><font size=1 face=sans-serif><span
style='font-size:7.5pt;font-family:sans-serif'>squid-users Digest, Vol 21,
Issue 101</span></font> <font size=1 color="#5f5f5f" face=sans-serif><span
style='font-size:7.5pt;font-family:sans-serif;color:#5F5F5F'><br>
Sent by:        </span></font><font size=1 face=sans-serif><span
style='font-size:7.5pt;font-family:sans-serif'>"squid-users"
<squid-users-bounces@lists.squid-cache.org></span></font> <o:p></o:p></p>

<div class=MsoNormal align=center style='text-align:center'><font size=3
face="Times New Roman"><span style='font-size:12.0pt'>

<hr size=2 width="100%" noshade color="#a0a0a0" align=center>

</span></font></div>

<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'><br>
<br>
<br>
</span></font><font size=2 face="Courier New"><span style='font-size:10.0pt;
font-family:"Courier New"'><br>
Send squid-users mailing list submissions to<br>
             
 squid-users@lists.squid-cache.org<br>
<br>
To subscribe or unsubscribe via the World Wide Web, visit<br>
               </span></font><a
href="http://lists.squid-cache.org/listinfo/squid-users"><font size=2
face="Courier New"><span style='font-size:10.0pt;font-family:"Courier New"'>http://lists.squid-cache.org/listinfo/squid-users</span></font></a><font
size=2 face="Courier New"><span style='font-size:10.0pt;font-family:"Courier New"'><br>
or, via email, send a message with subject or body 'help' to<br>
               squid-users-request@lists.squid-cache.org<br>
<br>
You can reach the person managing the list at<br>
             
 squid-users-owner@lists.squid-cache.org<br>
<br>
When replying, please edit your Subject line so it is more specific<br>
than "Re: Contents of squid-users digest..."<br>
<br>
<br>
Today's Topics:<br>
<br>
 1. NULL characters (joe)<br>
 2. Re: Looking for a way to route into cache_peer traffic<br>
    dynamically. (Alex Rousskov)<br>
 3. The system returned: (111) Connection refused; (deepa ganu)<br>
 4. Re: NULL characters (Eliezer Croitoru)<br>
 5. missing negotiate_kerberos_auth on my squid (Nilesh Gavali)<br>
 6. Re: missing negotiate_kerberos_auth on my squid (L.P.H. van Belle)<br>
<br>
<br>
----------------------------------------------------------------------<br>
<br>
Message: 1<br>
Date: Thu, 26 May 2016 07:30:16 -0700 (PDT)<br>
From: joe <chip_pop@hotmail.com><br>
To: squid-users@lists.squid-cache.org<br>
Subject: [squid-users] NULL characters<br>
Message-ID: <1464273016183-4677691.post@n4.nabble.com><br>
Content-Type: text/plain; charset=us-ascii<br>
<br>
2016/05/26 06:41:28 kid1| ctx: enter level  0:<br>
'http://js.advert.mirtesen.ru/data/js/82090.js'<br>
2016/05/26 06:41:28 kid1| WARNING: HTTP header contains NULL characters<br>
{Server: nginx<br>
Date: Thu, 26 May 2016 03:46:52 GMT<br>
Content-Type: application/javascript;charset=utf-8<br>
Transfer-Encoding: chunked<br>
Connection: close<br>
Vary: Accept-Encoding<br>
X-MaxSize: 5<br>
X-MaxShm: 5<br>
X-ShmTol: 2<br>
X-Loc: 2347<br>
X-MID: 16<br>
X-Node: ssel6<br>
X-ChosenReserve: 2<br>
X-TotalPrimary: 290<br>
X-ExclByGeo: 266<br>
X-TotalPrimaryPayable: 219<br>
X-ChosenPrimary: 3<br>
X-ExclByTime: 18<br>
X-ShmNews: 1989237,2010118,2009700,<br>
X-TotalPrimaryExchange: 0<br>
X-TotalReserve: 332<br>
X-ChosenPayable: 3<br>
X-ShmCnt: 3<br>
Set-Cookie: nid}<br>
NULL<br>
{Server: nginx<br>
Date: Thu, 26 May 2016 03:46:52 GMT<br>
Content-Type: application/javascript;charset=utf-8<br>
Transfer-Encoding: chunked<br>
Connection: close<br>
Vary: Accept-Encoding<br>
X-MaxSize: 5<br>
X-MaxShm: 5<br>
X-ShmTol: 2<br>
X-Loc: 2347<br>
X-MID: 16<br>
X-Node: ssel6<br>
X-ChosenReserve: 2<br>
X-TotalPrimary: 290<br>
X-ExclByGeo: 266<br>
X-TotalPrimaryPayable: 219<br>
X-ChosenPrimary: 3<br>
X-ExclByTime: 18<br>
X-ShmNews: 1989237,2010118,2009700,<br>
X-TotalPrimaryExchange: 0<br>
X-TotalReserve: 332<br>
X-ChosenPayable: 3<br>
X-ShmCnt: 3<br>
Set-Cookie: nid<br>
2016/05/26 06:41:28 kid1| ctx: exit level  0<br>
<br>
is it bad ?????<br>
<br>
<br>
<br>
--<br>
View this message in context: </span></font><a
href="http://squid-web-proxy-cache.1019090.n4.nabble.com/NULL-characters-tp4677691.html"><font
size=2 face="Courier New"><span style='font-size:10.0pt;font-family:"Courier New"'>http://squid-web-proxy-cache.1019090.n4.nabble.com/NULL-characters-tp4677691.html</span></font></a><font
size=2 face="Courier New"><span style='font-size:10.0pt;font-family:"Courier New"'><br>
Sent from the Squid - Users mailing list archive at Nabble.com.<br>
<br>
<br>
------------------------------<br>
<br>
Message: 2<br>
Date: Thu, 26 May 2016 09:16:52 -0600<br>
From: Alex Rousskov <rousskov@measurement-factory.com><br>
To: squid-users@lists.squid-cache.org<br>
Subject: Re: [squid-users] Looking for a way to route into cache_peer<br>
               traffic dynamically.<br>
Message-ID: <57471364.4030007@measurement-factory.com><br>
Content-Type: text/plain; charset=utf-8<br>
<br>
On 05/26/2016 03:52 AM, Eliezer Croitoru wrote:<br>
<br>
> I think that the best way is to use an ICAP meta header instead of
altering<br>
> the request itself <br>
<br>
Agreed.<br>
<br>
<br>
> but I am not sure if it is possible<br>
<br>
It is not possible today: Converting ICAP headers into annotations<br>
understood by Squid ACLs is only supported for eCAP services.<br>
<br>
IIRC, somebody posted a patch (on squid-dev) with a similar feature for<br>
ICAP, but that implementation needed to be redone to be officially<br>
accepted (IMO). I do not know whether the author will adjust their code<br>
to follow my recommendations. Perhaps you can do it for them.<br>
<br>
Alex.<br>
<br>
<br>
<br>
------------------------------<br>
<br>
Message: 3<br>
Date: Fri, 27 May 2016 14:25:19 +0530<br>
From: deepa ganu <deepaganu@gmail.com><br>
To: squid-users@lists.squid-cache.org<br>
Subject: [squid-users] The system returned: (111) Connection refused;<br>
Message-ID:<br>
             
 <CA+qV5k+cSUThvZYCS1JLcNuXsFCA8Vnk1Rmc5opK1w15W6asyg@mail.gmail.com><br>
Content-Type: text/plain; charset="utf-8"<br>
<br>
Hi<br>
I am using squid as a reverse.<br>
<br>
#http_port  80 accel defaultsite=202.53.13.19<br>
https_port 443 accel  cert=/var/www/html/webrtc/imp/teleuniv.net.crt<br>
key=/var/www/html/webrtc/imp/teleuniv.net.key<br>
cafile=/var/www/html/webrtc/imp/intermediate.crt defaultsite=202.53.13.19<br>
no-vhost<br>
<br>
<br>
#this ACL is url path specific which accepts only portal urls and deny<br>
others.<br>
acl portal urlpath_regex ^/portal6may<br>
cache_peer 172.20.36.144 parent 80 0 no-query originserver name=portalserver<br>
cache_peer_access portalserver allow portal<br>
cache_peer_access portalserver deny all<br>
http_access allow portal<br>
<br>
<br>
cache_peer 172.20.36.150 parent 443 0 no-query originserver ssl<br>
sslflags=DONT_VERIFY_PEER login=PASS connection-auth=off name=teleuniv<br>
acl our_sites dstdomain 202.53.13.19<br>
http_access allow our_sites<br>
cache_peer_access teleuniv allow our_sites<br>
cache_peer_access teleuniv deny all<br>
<br>
SO when i try to access the url </span></font><a href="https://202.53.13.19/"><b><font
color=red><span style='color:red;font-weight:bold'>MailScanner heeft een e-mail
met mogelijk een poging tot fraude gevonden van "202.53.13.19" MailScanner
warning: numerical links are often malicious:</span></font></b> <font size=2
face="Courier New"><span style='font-size:10.0pt;font-family:"Courier New"'>https://202.53.13.19/</span></font></a><font
size=2 face="Courier New"><span style='font-size:10.0pt;font-family:"Courier New"'>
I get the following<br>
error<br>
"The following error was encountered while trying to retrieve the URL: The<br>
system returned: (111) Connection refused; The remote host or network may<br>
be down. Please try the request again."<br>
<br>
It only gives for 172.20.36.144 not for the urlpath acl. But this happens<br>
only sometimes. When I physically go to that server (172.20.36.150) and<br>
click on the wired connection (one of the LAN options using linux). It<br>
works again. I am very confused<br>
<br>
-- <br>
Regards<br>
Deepa Ganu<br>
R&D Head(CSE) KMIT<br>
Ph no : 9908036660<br>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL: <</span></font><a
href="http://lists.squid-cache.org/pipermail/squid-users/attachments/20160527/998e60f3/attachment-0001.html"><font
size=2 face="Courier New"><span style='font-size:10.0pt;font-family:"Courier New"'>http://lists.squid-cache.org/pipermail/squid-users/attachments/20160527/998e60f3/attachment-0001.html</span></font></a><font
size=2 face="Courier New"><span style='font-size:10.0pt;font-family:"Courier New"'>><br>
<br>
------------------------------<br>
<br>
Message: 4<br>
Date: Fri, 27 May 2016 14:17:17 +0300<br>
From: "Eliezer Croitoru" <eliezer@ngtech.co.il><br>
To: "'joe'" <chip_pop@hotmail.com>,<br>
             
 <squid-users@lists.squid-cache.org><br>
Subject: Re: [squid-users] NULL characters<br>
Message-ID: <33b501d1b809$541a9620$fc4fc260$@ngtech.co.il><br>
Content-Type: text/plain;              
  charset="utf-8"<br>
<br>
If it ended with some kind of server issues else then the logs, then it would
be considered not nice.<br>
<br>
Eliezer<br>
<br>
----<br>
Eliezer Croitoru<br>
Linux System Administrator<br>
Mobile: +972-5-28704261<br>
Email: eliezer@ngtech.co.il<br>
<br>
<br>
-----Original Message-----<br>
From: squid-users [</span></font><a
href="mailto:squid-users-bounces@lists.squid-cache.org"><font size=2
face="Courier New"><span style='font-size:10.0pt;font-family:"Courier New"'>mailto:squid-users-bounces@lists.squid-cache.org</span></font></a><font
size=2 face="Courier New"><span style='font-size:10.0pt;font-family:"Courier New"'>]
On Behalf Of joe<br>
Sent: Thursday, May 26, 2016 5:30 PM<br>
To: squid-users@lists.squid-cache.org<br>
Subject: [squid-users] NULL characters<br>
<br>
2016/05/26 06:41:28 kid1| ctx: enter level  0:<br>
'http://js.advert.mirtesen.ru/data/js/82090.js'<br>
2016/05/26 06:41:28 kid1| WARNING: HTTP header contains NULL characters<br>
{Server: nginx<br>
Date: Thu, 26 May 2016 03:46:52 GMT<br>
Content-Type: application/javascript;charset=utf-8<br>
Transfer-Encoding: chunked<br>
Connection: close<br>
Vary: Accept-Encoding<br>
X-MaxSize: 5<br>
X-MaxShm: 5<br>
X-ShmTol: 2<br>
X-Loc: 2347<br>
X-MID: 16<br>
X-Node: ssel6<br>
X-ChosenReserve: 2<br>
X-TotalPrimary: 290<br>
X-ExclByGeo: 266<br>
X-TotalPrimaryPayable: 219<br>
X-ChosenPrimary: 3<br>
X-ExclByTime: 18<br>
X-ShmNews: 1989237,2010118,2009700,<br>
X-TotalPrimaryExchange: 0<br>
X-TotalReserve: 332<br>
X-ChosenPayable: 3<br>
X-ShmCnt: 3<br>
Set-Cookie: nid}<br>
NULL<br>
{Server: nginx<br>
Date: Thu, 26 May 2016 03:46:52 GMT<br>
Content-Type: application/javascript;charset=utf-8<br>
Transfer-Encoding: chunked<br>
Connection: close<br>
Vary: Accept-Encoding<br>
X-MaxSize: 5<br>
X-MaxShm: 5<br>
X-ShmTol: 2<br>
X-Loc: 2347<br>
X-MID: 16<br>
X-Node: ssel6<br>
X-ChosenReserve: 2<br>
X-TotalPrimary: 290<br>
X-ExclByGeo: 266<br>
X-TotalPrimaryPayable: 219<br>
X-ChosenPrimary: 3<br>
X-ExclByTime: 18<br>
X-ShmNews: 1989237,2010118,2009700,<br>
X-TotalPrimaryExchange: 0<br>
X-TotalReserve: 332<br>
X-ChosenPayable: 3<br>
X-ShmCnt: 3<br>
Set-Cookie: nid<br>
2016/05/26 06:41:28 kid1| ctx: exit level  0<br>
<br>
is it bad ?????<br>
<br>
<br>
<br>
--<br>
View this message in context: </span></font><a
href="http://squid-web-proxy-cache.1019090.n4.nabble.com/NULL-characters-tp4677691.html"><font
size=2 face="Courier New"><span style='font-size:10.0pt;font-family:"Courier New"'>http://squid-web-proxy-cache.1019090.n4.nabble.com/NULL-characters-tp4677691.html</span></font></a><font
size=2 face="Courier New"><span style='font-size:10.0pt;font-family:"Courier New"'><br>
Sent from the Squid - Users mailing list archive at Nabble.com.<br>
_______________________________________________<br>
squid-users mailing list<br>
squid-users@lists.squid-cache.org</span></font><u><font color=blue><span
style='color:blue'><br>
</span></font></u><a href="http://lists.squid-cache.org/listinfo/squid-users"><font
size=2 face="Courier New"><span style='font-size:10.0pt;font-family:"Courier New"'>http://lists.squid-cache.org/listinfo/squid-users</span></font></a><font
size=2 face="Courier New"><span style='font-size:10.0pt;font-family:"Courier New"'><br>
<br>
<br>
<br>
------------------------------<br>
<br>
Message: 5<br>
Date: Fri, 27 May 2016 12:32:15 +0100<br>
From: Nilesh Gavali <nilesh.gavali@tcs.com><br>
To: squid-users@lists.squid-cache.org<br>
Subject: [squid-users] missing negotiate_kerberos_auth on my squid<br>
Message-ID:<br>
             
 <OF9C6F8F89.5CF2ECB1-ON80257FC0.003EE232-80257FC0.003F5EF7@tcs.com><br>
Content-Type: text/plain; charset="utf-8"<br>
<br>
Hello ;<br>
I have installed latest squid 3.5.19 on red hat Linux yesterday. That <br>
means I am new to squid and linux. <br>
able to start the squid and its working fine. <br>
now we are trying to authenticate user via Kerberos with windows AD. but <br>
facing issues.<br>
followed the steps provided on </span></font><u><font color=blue><span
style='color:blue'><br>
</span></font></u><a
href="http://wiki.squid-cache.org/ConfigExamples/Authenticate/Kerberos"><font
size=2 face="Courier New"><span style='font-size:10.0pt;font-family:"Courier New"'>http://wiki.squid-cache.org/ConfigExamples/Authenticate/Kerberos</span></font></a><font
size=2 face="Courier New"><span style='font-size:10.0pt;font-family:"Courier New"'><br>
But unable to find negotiate_kerberos_auth  on my Linux box at any <br>
location. <br>
now I need to know where i can find/download  negotiate_kerberos_auth
 and <br>
compile it to make authentication successful.<br>
<br>
Thanks & Regards<br>
Nilesh Suresh Gavali<br>
Tata Consultancy Services<br>
3rd Floor, Tithebarn House<br>
Tithebarn Street<br>
Liverpool - L2 2NZ<br>
United Kingdom<br>
Mailto: nilesh.gavali@tcs.com<br>
Website: </span></font><a href="http://www.tcs.com/"><font size=2
face="Courier New"><span style='font-size:10.0pt;font-family:"Courier New"'>http://www.tcs.com</span></font></a><font
size=2 face="Courier New"><span style='font-size:10.0pt;font-family:"Courier New"'><br>
____________________________________________<br>
Experience certainty.   IT Services<br>
                     
Business Solutions<br>
                     
Consulting<br>
____________________________________________<br>
<br>
Tata Consultancy Services Limited , incorporated  with limited liability <br>
and registered with Registrar of Companies, Mumbai, India - No: 11-84781<br>
HQ : Nirmal Building , 9th Floor, Nariman Point, Mumbai - 400 021, India - <br>
Registered  in UK : 18 Grosvenor Place, London SW1X 7HS - BR :007627<br>
=====-----=====-----=====<br>
Notice: The information contained in this e-mail<br>
message and/or attachments to it may contain <br>
confidential or privileged information. If you are <br>
not the intended recipient, any dissemination, use, <br>
review, distribution, printing or copying of the <br>
information contained in this e-mail message <br>
and/or attachments to it are strictly prohibited. If <br>
you have received this communication in error, <br>
please notify us by reply e-mail or telephone and <br>
immediately and permanently delete the message <br>
and any attachments. Thank you<br>
<br>
<br>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL: <</span></font><a
href="http://lists.squid-cache.org/pipermail/squid-users/attachments/20160527/b812d6ac/attachment-0001.html"><font
size=2 face="Courier New"><span style='font-size:10.0pt;font-family:"Courier New"'>http://lists.squid-cache.org/pipermail/squid-users/attachments/20160527/b812d6ac/attachment-0001.html</span></font></a><font
size=2 face="Courier New"><span style='font-size:10.0pt;font-family:"Courier New"'>><br>
<br>
------------------------------<br>
<br>
Message: 6<br>
Date: Fri, 27 May 2016 13:41:34 +0200<br>
From: L.P.H. van Belle <belle@bazuin.nl><br>
To: squid-users@squid-cache.org  <squid-users@squid-cache.org><br>
Subject: Re: [squid-users] missing negotiate_kerberos_auth on my squid<br>
Message-ID:<br>
               <vmime.5748326e.63bf.32264d027089be4e@ms249-lin-003.rotterdam.bazuin.nl><br>
               <br>
Content-Type: text/plain; charset="windows-1252"<br>
<br>
Should be include imo. <br>
<br>
<br>
<br>
Shoud be in any Squid-3.2 and later.<br>
<br>
<br>
<br>
And on my debian server its locate here. <br>
<br>
/usr/lib/squid/negotiate_kerberos_auth <br>
<br>
<br>
<br>
Did you enable : --enable-auth-negotiate=kerberos,wrapper on compile ? <br>
<br>
<br>
<br>
Run squid –v to check it. <br>
<br>
<br>
<br>
Greetz, <br>
<br>
<br>
<br>
Louis<br>
<br>
<br>
<br>
<br>
<br>
<br>
Van: squid-users [</span></font><a
href="mailto:squid-users-bounces@lists.squid-cache.org"><font size=2
face="Courier New"><span style='font-size:10.0pt;font-family:"Courier New"'>mailto:squid-users-bounces@lists.squid-cache.org</span></font></a><font
size=2 face="Courier New"><span style='font-size:10.0pt;font-family:"Courier New"'>]
Namens Nilesh Gavali<br>
Verzonden: vrijdag 27 mei 2016 13:32<br>
Aan: squid-users@lists.squid-cache.org<br>
Onderwerp: [squid-users] missing negotiate_kerberos_auth on my squid<br>
<br>
<br>
<br>
<br>
Hello ; <br>
I have installed latest squid 3.5.19 on red hat Linux yesterday. That means I
am new to squid and linux. <br>
able to start the squid and its working fine. <br>
now we are trying to authenticate user via Kerberos with windows AD. but facing
issues. <br>
followed the steps provided on </span></font><a
href="http://wiki.squid-cache.org/ConfigExamples/Authenticate/Kerberos"><font
size=2 face="Courier New"><span style='font-size:10.0pt;font-family:"Courier New"'>http://wiki.squid-cache.org/ConfigExamples/Authenticate/Kerberos</span></font></a><font
size=2 face="Courier New"><span style='font-size:10.0pt;font-family:"Courier New"'>
<br>
But unable to find negotiate_kerberos_auth  on my Linux box at any
location. <br>
now I need to know where i can find/download  negotiate_kerberos_auth
 and compile it to make authentication successful. <br>
<br>
Thanks & Regards<br>
Nilesh Suresh Gavali<br>
Tata Consultancy Services<br>
3rd Floor, Tithebarn House<br>
Tithebarn Street<br>
Liverpool - L2 2NZ<br>
United Kingdom<br>
Mailto: nilesh.gavali@tcs.com<br>
Website: </span></font><a href="http://www.tcs.com/"><font size=2
face="Courier New"><span style='font-size:10.0pt;font-family:"Courier New"'>http://www.tcs.com</span></font></a><font
size=2 face="Courier New"><span style='font-size:10.0pt;font-family:"Courier New"'><br>
____________________________________________<br>
Experience certainty.        IT Services<br>
                     
Business Solutions<br>
                     
Consulting<br>
____________________________________________<br>
<br>
Tata Consultancy Services Limited , incorporated  with limited liability
and registered with Registrar of Companies, Mumbai, India - No: 11-84781<br>
HQ : Nirmal Building , 9th Floor, Nariman Point, Mumbai - 400 021, India -
 Registered  in UK : 18 Grosvenor Place, London SW1X 7HS - BR :007627<br>
<br>
=====-----=====-----=====<br>
Notice: The information contained in this e-mail<br>
message and/or attachments to it may contain <br>
confidential or privileged information. If you are <br>
not the intended recipient, any dissemination, use, <br>
review, distribution, printing or copying of the <br>
information contained in this e-mail message <br>
and/or attachments to it are strictly prohibited. If <br>
you have received this communication in error, <br>
please notify us by reply e-mail or telephone and <br>
immediately and permanently delete the message <br>
and any attachments. Thank you<br>
<br>
<br>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL: <</span></font><a
href="http://lists.squid-cache.org/pipermail/squid-users/attachments/20160527/bbeb60e2/attachment.html"><font
size=2 face="Courier New"><span style='font-size:10.0pt;font-family:"Courier New"'>http://lists.squid-cache.org/pipermail/squid-users/attachments/20160527/bbeb60e2/attachment.html</span></font></a><font
size=2 face="Courier New"><span style='font-size:10.0pt;font-family:"Courier New"'>><br>
<br>
------------------------------<br>
<br>
Subject: Digest Footer<br>
<br>
_______________________________________________<br>
squid-users mailing list<br>
squid-users@lists.squid-cache.org</span></font><u><font color=blue><span
style='color:blue'><br>
</span></font></u><a href="http://lists.squid-cache.org/listinfo/squid-users"><font
size=2 face="Courier New"><span style='font-size:10.0pt;font-family:"Courier New"'>http://lists.squid-cache.org/listinfo/squid-users</span></font></a><font
size=2 face="Courier New"><span style='font-size:10.0pt;font-family:"Courier New"'><br>
<br>
<br>
------------------------------<br>
<br>
End of squid-users Digest, Vol 21, Issue 101<br>
********************************************</span></font> <o:p></o:p></p>

</div>

</div>

</body>

</html>