<font size=2 face="sans-serif">hello;</font>
<br><font size=2 face="sans-serif">where can I define below -</font>
<br>
<br><tt><font size=2>KRB5_KTNAME=/etc/squid3/PROXY.keytab<br>
export KRB5_KTNAME</font></tt>
<br>
<br><font size=2 face="sans-serif">Thanks & Regards<br>
Nilesh Suresh Gavali<br>
</font>
<br><font size=1 color=#800080 face="sans-serif">----- Forwarded by Nilesh
Gavali/MUM/TCS on 01/06/2016 20:27 -----</font>
<br>
<br><font size=1 color=#5f5f5f face="sans-serif">From:
</font><font size=1 face="sans-serif">squid-users-request@lists.squid-cache.org</font>
<br><font size=1 color=#5f5f5f face="sans-serif">To:
</font><font size=1 face="sans-serif">squid-users@lists.squid-cache.org</font>
<br><font size=1 color=#5f5f5f face="sans-serif">Date:
</font><font size=1 face="sans-serif">01/06/2016 15:19</font>
<br><font size=1 color=#5f5f5f face="sans-serif">Subject:
</font><font size=1 face="sans-serif">squid-users
Digest, Vol 22, Issue 5</font>
<br><font size=1 color=#5f5f5f face="sans-serif">Sent by:
</font><font size=1 face="sans-serif">"squid-users"
<squid-users-bounces@lists.squid-cache.org></font>
<br>
<hr noshade>
<br>
<br>
<br><tt><font size=2>Send squid-users mailing list submissions to<br>
squid-users@lists.squid-cache.org<br>
<br>
To subscribe or unsubscribe via the World Wide Web, visit<br>
</font></tt><a href="http://lists.squid-cache.org/listinfo/squid-users"><tt><font size=2>http://lists.squid-cache.org/listinfo/squid-users</font></tt></a><tt><font size=2><br>
or, via email, send a message with subject or body 'help' to<br>
squid-users-request@lists.squid-cache.org<br>
<br>
You can reach the person managing the list at<br>
squid-users-owner@lists.squid-cache.org<br>
<br>
When replying, please edit your Subject line so it is more specific<br>
than "Re: Contents of squid-users digest..."<br>
<br>
<br>
Today's Topics:<br>
<br>
1. Re: missing negotiate_kerberos_auth on my squid (L.P.H. van
Belle)<br>
<br>
<br>
----------------------------------------------------------------------<br>
<br>
Message: 1<br>
Date: Wed, 1 Jun 2016 16:18:28 +0200<br>
From: L.P.H. van Belle <belle@bazuin.nl><br>
To: squid-users@squid-cache.org <squid-users@squid-cache.org><br>
Subject: Re: [squid-users] missing negotiate_kerberos_auth on my squid<br>
Message-ID:<br>
<vmime.574eeeb4.1821.1fbd4eec458867f4@ms249-lin-003.rotterdam.bazuin.nl><br>
<br>
Content-Type: text/plain; charset="windows-1252"<br>
<br>
Hai. <br>
<br>
<br>
<br>
First before you read through all. <br>
<br>
<br>
<br>
Please check if the squid user kan read the keytab file.<br>
<br>
This can be a thing. And check the KVNO with the auth here can be a mismatch
also. <br>
<br>
<br>
<br>
Second, test with in the negotiate wrapper. <br>
<br>
--kerberos /usr/lib/squid/negotiate_kerberos_auth -s
GSS_C_NO_NAME <br>
<br>
<br>
<br>
I did read. <br>
<br>
</font></tt><a href="http://wiki.squid-cache.org/ConfigExamples/Authenticate/WindowsActiveDirectory"><tt><font size=2>http://wiki.squid-cache.org/ConfigExamples/Authenticate/WindowsActiveDirectory</font></tt></a><tt><font size=2><br>
<br>
This is not entry correct anymore due to last changed in samba, dont know
how this applies to Win 2012 ADDC these patches also applied to windows.
<br>
<br>
Sorry no windows here anymore, only samba.<br>
<br>
<br>
<br>
Now, below is all tested on debian with samba 4.4.3 AD and squid 3.5.19.
<br>
<br>
<br>
<br>
<br>
<br>
This needed te be added in smb.conf to make sure all auth is done over
encrypted layers. <br>
<br>
<br>
<br>
server signing = mandatory<br>
<br>
ntlm auth = no<br>
<br>
<br>
<br>
#Add and Update TLS Key of your proxy and Root ) <br>
<br>
tls enabled = yes<br>
<br>
tls keyfile = /etc/ssl/local/private/-proxy.key.pem<br>
<br>
tls certfile = /etc/ssl/local/certs/proxy.cert.pem<br>
<br>
tls cafile = /etc/ssl/certs/INTERNALROOT-ca.pem<br>
<br>
<br>
<br>
Extra info on tls cafile = /etc/ssl/certs/INTERNALROOT-ca.pem.
<br>
<br>
The original file is located in /usr/local/ca-certificates/companyname/
<br>
<br>
When the “correct” ca setup is done, then you see a simlink in /etc/ssl/certs.
<br>
<br>
<br>
<br>
The “correct” way to setup the ROOT CA Look here. <br>
<br>
</font></tt><a href="http://ram.kossboss.com/debian-install-trusted-ssl/"><tt><font size=2>http://ram.kossboss.com/debian-install-trusted-ssl/</font></tt></a><tt><font size=2>
<br>
<br>
works fine also with own certs, thats what i use internal here also.<br>
<br>
<br>
<br>
In /etc/ldap/ldap.conf<br>
<br>
Make sure you have al least. <br>
<br>
# TLS certificates (needed for GnuTLS)<br>
<br>
TLS_CACERT /etc/ssl/certs/ca-certificates.crt<br>
<br>
TLS_REQCERT allow <br>
<br>
<br>
<br>
<br>
<br>
This is what i now use in squid auth. <br>
<br>
Kerberos , fallback to NTLM , fallback to basic LDAP(S) auth.<br>
<br>
<br>
<br>
auth_param negotiate program /usr/lib/squid/negotiate_wrapper_auth \<br>
<br>
--kerberos /usr/lib/squid/negotiate_kerberos_auth -s
HTTP/proxy1.internal.dnsdomain.tld@REALM \<br>
<br>
--ntlm /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
--domain=NTDOMAIN<br>
<br>
<br>
<br>
# A NOT SSL HOST format –h setup. <br>
<br>
#auth_param basic program /usr/lib/squid/basic_ldap_auth -R -v 3 \<br>
<br>
# -b "ou=Office,dc=internal,dc=domain,dc=tld"
\<br>
<br>
# -D bind-user@REALM \<br>
<br>
# -W /etc/squid/private/bind-user \<br>
<br>
# -f (sAMAccountName=%s) \<br>
<br>
# -h dc2.internal.dnsdomain.tld \<br>
<br>
# -h dc1.internal.dnsdomain.tld<br>
<br>
<br>
<br>
## A SSL enabled URI format -H setup<br>
<br>
auth_param basic program /usr/lib/squid/basic_ldap_auth -R -v 3 \<br>
<br>
-b "ou=Office,dc=internal,dc=domain,dc=tld"
\<br>
<br>
-D bind-user@REALM \<br>
<br>
-W /etc/squid/private/bind-user \<br>
<br>
-f sAMAccountName=%s \<br>
<br>
-H ldaps:// dc2.internal.dnsdomain.tld \<br>
<br>
-H ldaps://dc1.internal.dnsdomain.tld \<br>
<br>
<br>
<br>
For /etc/krb5.conf i only have <br>
<br>
[libdefaults]<br>
<br>
default_realm = REALM<br>
<br>
dns_lookup_kdc = true<br>
<br>
dns_lookup_realm = false<br>
<br>
<br>
<br>
If above does not help, well then ask for more help here. <br>
<br>
<br>
<br>
<br>
<br>
Greetz, <br>
<br>
<br>
<br>
Louis<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
Van: Nilesh Gavali [</font></tt><a href=mailto:nilesh.gavali@tcs.com><tt><font size=2>mailto:nilesh.gavali@tcs.com</font></tt></a><tt><font size=2>]
<br>
Verzonden: woensdag 1 juni 2016 14:45<br>
Aan: L.P.H. van Belle<br>
CC: squid-users@squid-cache.org<br>
Onderwerp: RE: missing negotiate_kerberos_auth on my squid<br>
<br>
<br>
<br>
<br>
Hi Louise; <br>
refer the comment on below questions. <br>
<br>
<br>
1) is the time in sync with the proxy and AD server?
- YES <br>
2) Did you set the krb5.conf with or without
the enctypes types? it is set with enctypes <br>
3) Which browser are you using? we tried using IE
and chorme. <br>
4) Did you configure the browser to use the kerberos
auth? YES. <br>
5) Did the PC join the domain, and are u using a domain
user login? YES. <br>
6) Does kinit user@REALM work? ( kdestroy to
remove the user ticket ) YES. it shows the desire O/P <br>
7) Last, does the proxy server have an A and PTR record?
YES. <br>
<br>
below error got in cache.log <br>
<br>
negotiate_kerberos_auth:ERROR: gss_accept_sec_context() failed: Unsepecified
GSS failure. Minor code may provide more information. <br>
Kid1 | ERROR: negotiate Authentication validating user. Error returned
'BH gss_accept_sec_context_() failed: Unspecified GSS failure. Minor code
may provide more information. <br>
<br>
<br>
Thanks & Regards<br>
Nilesh Suresh Gavali<br>
<br>
<br>
<br>
<br>
<br>
<br>
From: L.P.H. van Belle <belle@bazuin.nl>
<br>
To: Nilesh Gavali <nilesh.gavali@tcs.com>
<br>
Cc: squid-users@squid-cache.org <squid-users@squid-cache.org>
<br>
Date: 01/06/2016 09:53 <br>
Subject: RE: missing negotiate_kerberos_auth
on my squid <br>
<br>
<br>
<br>
<br>
<br>
Wel first, great, you made it to install it, <br>
<br>
Yes, but your auth pop-up can be normal, but we need more info, this can
be multple things. <br>
<br>
So, few small questions. <br>
<br>
1) is the time in sync with the proxy and AD server?
<br>
2) Did you set the krb5.conf with or without
the enctypes types? <br>
3) Which browser are you using? <br>
4) Did you configure the browser to use the kerberos
auth? <br>
5) Did the PC join the domain, and are u using a domain
user login? <br>
6) Does kinit user@REALM work? ( kdestroy to
remove the user ticket ) <br>
7) Last, does the proxy server have an A and PTR record?
<br>
<br>
Also check this site, review your settings. <br>
</font></tt><a href="https://ping.force.com/Support/PingFederate/Integrations/How-to-configure-supported-browsers-for-Kerberos-NTLM"><tt><font size=2>https://ping.force.com/Support/PingFederate/Integrations/How-to-configure-supported-browsers-for-Kerberos-NTLM</font></tt></a><tt><font size=2>
<br>
<br>
And last tip your auth line. <br>
auth_param negotiate program /usr/lib/squid/negotiate_kerberos_auth -s
HTTP/hostname.domain.org@DOMAIN.ORG <br>
<br>
Can also be a problem so test, if the upn is setup incorrectly, then above
does not work, below the should work. <br>
auth_param negotiate program /usr/lib/squid/negotiate_kerberos_auth -s
GSS_C_NO_NAME <br>
<br>
add -d to get more debug info. <br>
<br>
greetz, <br>
<br>
Louis <br>
<br>
<br>
<br>
<br>
Van: Nilesh Gavali [</font></tt><a href=mailto:nilesh.gavali@tcs.com><tt><font size=2>mailto:nilesh.gavali@tcs.com</font></tt></a><tt><font size=2>]
<br>
Verzonden: dinsdag 31 mei 2016 21:20<br>
Aan: squid-users@lists.squid-cache.org<br>
CC: L.P.H. van Belle<br>
Onderwerp: missing negotiate_kerberos_auth on my squid <br>
<br>
Hello All; <br>
<br>
Configured the steps require for kerberos authentication as given at </font></tt><a href="http://wiki.squid-cache.org/ConfigExamples/Authenticate/Kerberos"><tt><font size=2>http://wiki.squid-cache.org/ConfigExamples/Authenticate/Kerberos</font></tt></a><tt><font size=2>
<br>
but instead of SSO to work when we try to open url; it is prompt for username
and password, when passing credential it is not authenticating. <br>
attached is our squid config for your reference. <br>
<br>
Kindly let us know what went wrong. <br>
<br>
we are using windows 2012 AD. <br>
<br>
<br>
<br>
Thanks & Regards<br>
Nilesh Suresh Gavali<br>
<br>
<br>
<br>
<br>
From: Nilesh Gavali/MUM/TCS <br>
To: squid-users@lists.squid-cache.org, belle@bazuin.nl
<br>
Date: 27/05/2016 15:07 <br>
Subject: missing negotiate_kerberos_auth on
my squid <br>
<br>
<br>
<br>
<br>
<br>
Thanks louise for reply. <br>
<br>
but <br>
<br>
Should be include imo. -- not sure what is imo<br>
<br>
<br>
<br>
Shoud be in any Squid-3.2 and later.<br>
<br>
<br>
<br>
And on my debian server its locate here. <br>
<br>
/usr/lib/squid/negotiate_kerberos_auth - check the path but it is not there
on my linux box.<br>
<br>
<br>
<br>
Did you enable : --enable-auth-negotiate=kerberos,wrapper on compile ?
---- NO didn't gave this option while compilation<br>
<br>
<br>
<br>
Run squid –v to check it. -- we have"--enable-auth-negotiate"
only and some other configured option. <br>
<br>
can you help me how to get hit recomipled with reuqire options. <br>
<br>
<br>
Thanks & Regards<br>
Nilesh Suresh Gavali<br>
<br>
----- Forwarded by Nilesh Gavali/MUM/TCS on 27/05/2016 15:01 ----- <br>
<br>
From: squid-users-request@lists.squid-cache.org
<br>
To: squid-users@lists.squid-cache.org <br>
Date: 27/05/2016 12:42 <br>
Subject: squid-users Digest, Vol 21, Issue 101
<br>
Sent by: "squid-users" <squid-users-bounces@lists.squid-cache.org>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
Send squid-users mailing list submissions to<br>
squid-users@lists.squid-cache.org<br>
<br>
To subscribe or unsubscribe via the World Wide Web, visit<br>
</font></tt><a href="http://lists.squid-cache.org/listinfo/squid-users"><tt><font size=2>http://lists.squid-cache.org/listinfo/squid-users</font></tt></a><tt><font size=2><br>
or, via email, send a message with subject or body 'help' to<br>
squid-users-request@lists.squid-cache.org<br>
<br>
You can reach the person managing the list at<br>
squid-users-owner@lists.squid-cache.org<br>
<br>
When replying, please edit your Subject line so it is more specific<br>
than "Re: Contents of squid-users digest..."<br>
<br>
<br>
Today's Topics:<br>
<br>
1. NULL characters (joe)<br>
2. Re: Looking for a way to route into cache_peer traffic<br>
dynamically. (Alex Rousskov)<br>
3. The system returned: (111) Connection refused; (deepa ganu)<br>
4. Re: NULL characters (Eliezer Croitoru)<br>
5. missing negotiate_kerberos_auth on my squid (Nilesh Gavali)<br>
6. Re: missing negotiate_kerberos_auth on my squid (L.P.H. van Belle)<br>
<br>
<br>
----------------------------------------------------------------------<br>
<br>
Message: 1<br>
Date: Thu, 26 May 2016 07:30:16 -0700 (PDT)<br>
From: joe <chip_pop@hotmail.com><br>
To: squid-users@lists.squid-cache.org<br>
Subject: [squid-users] NULL characters<br>
Message-ID: <1464273016183-4677691.post@n4.nabble.com><br>
Content-Type: text/plain; charset=us-ascii<br>
<br>
2016/05/26 06:41:28 kid1| ctx: enter level 0:<br>
'http://js.advert.mirtesen.ru/data/js/82090.js'<br>
2016/05/26 06:41:28 kid1| WARNING: HTTP header contains NULL characters<br>
{Server: nginx<br>
Date: Thu, 26 May 2016 03:46:52 GMT<br>
Content-Type: application/javascript;charset=utf-8<br>
Transfer-Encoding: chunked<br>
Connection: close<br>
Vary: Accept-Encoding<br>
X-MaxSize: 5<br>
X-MaxShm: 5<br>
X-ShmTol: 2<br>
X-Loc: 2347<br>
X-MID: 16<br>
X-Node: ssel6<br>
X-ChosenReserve: 2<br>
X-TotalPrimary: 290<br>
X-ExclByGeo: 266<br>
X-TotalPrimaryPayable: 219<br>
X-ChosenPrimary: 3<br>
X-ExclByTime: 18<br>
X-ShmNews: 1989237,2010118,2009700,<br>
X-TotalPrimaryExchange: 0<br>
X-TotalReserve: 332<br>
X-ChosenPayable: 3<br>
X-ShmCnt: 3<br>
Set-Cookie: nid}<br>
NULL<br>
{Server: nginx<br>
Date: Thu, 26 May 2016 03:46:52 GMT<br>
Content-Type: application/javascript;charset=utf-8<br>
Transfer-Encoding: chunked<br>
Connection: close<br>
Vary: Accept-Encoding<br>
X-MaxSize: 5<br>
X-MaxShm: 5<br>
X-ShmTol: 2<br>
X-Loc: 2347<br>
X-MID: 16<br>
X-Node: ssel6<br>
X-ChosenReserve: 2<br>
X-TotalPrimary: 290<br>
X-ExclByGeo: 266<br>
X-TotalPrimaryPayable: 219<br>
X-ChosenPrimary: 3<br>
X-ExclByTime: 18<br>
X-ShmNews: 1989237,2010118,2009700,<br>
X-TotalPrimaryExchange: 0<br>
X-TotalReserve: 332<br>
X-ChosenPayable: 3<br>
X-ShmCnt: 3<br>
Set-Cookie: nid<br>
2016/05/26 06:41:28 kid1| ctx: exit level 0<br>
<br>
is it bad ?????<br>
<br>
<br>
<br>
--<br>
View this message in context: </font></tt><a href="http://squid-web-proxy-cache.1019090.n4.nabble.com/NULL-characters-tp4677691.html"><tt><font size=2>http://squid-web-proxy-cache.1019090.n4.nabble.com/NULL-characters-tp4677691.html</font></tt></a><tt><font size=2><br>
Sent from the Squid - Users mailing list archive at Nabble.com.<br>
<br>
<br>
------------------------------<br>
<br>
Message: 2<br>
Date: Thu, 26 May 2016 09:16:52 -0600<br>
From: Alex Rousskov <rousskov@measurement-factory.com><br>
To: squid-users@lists.squid-cache.org<br>
Subject: Re: [squid-users] Looking for a way to route into cache_peer<br>
traffic dynamically.<br>
Message-ID: <57471364.4030007@measurement-factory.com><br>
Content-Type: text/plain; charset=utf-8<br>
<br>
On 05/26/2016 03:52 AM, Eliezer Croitoru wrote:<br>
<br>
> I think that the best way is to use an ICAP meta header instead of
altering<br>
> the request itself <br>
<br>
Agreed.<br>
<br>
<br>
> but I am not sure if it is possible<br>
<br>
It is not possible today: Converting ICAP headers into annotations<br>
understood by Squid ACLs is only supported for eCAP services.<br>
<br>
IIRC, somebody posted a patch (on squid-dev) with a similar feature for<br>
ICAP, but that implementation needed to be redone to be officially<br>
accepted (IMO). I do not know whether the author will adjust their code<br>
to follow my recommendations. Perhaps you can do it for them.<br>
<br>
Alex.<br>
<br>
<br>
<br>
------------------------------<br>
<br>
Message: 3<br>
Date: Fri, 27 May 2016 14:25:19 +0530<br>
From: deepa ganu <deepaganu@gmail.com><br>
To: squid-users@lists.squid-cache.org<br>
Subject: [squid-users] The system returned: (111) Connection refused;<br>
Message-ID:<br>
<CA+qV5k+cSUThvZYCS1JLcNuXsFCA8Vnk1Rmc5opK1w15W6asyg@mail.gmail.com><br>
Content-Type: text/plain; charset="utf-8"<br>
<br>
Hi<br>
I am using squid as a reverse.<br>
<br>
#http_port 80 accel defaultsite=202.53.13.19<br>
https_port 443 accel cert=/var/www/html/webrtc/imp/teleuniv.net.crt<br>
key=/var/www/html/webrtc/imp/teleuniv.net.key<br>
cafile=/var/www/html/webrtc/imp/intermediate.crt defaultsite=202.53.13.19<br>
no-vhost<br>
<br>
<br>
#this ACL is url path specific which accepts only portal urls and deny<br>
others.<br>
acl portal urlpath_regex ^/portal6may<br>
cache_peer 172.20.36.144 parent 80 0 no-query originserver name=portalserver<br>
cache_peer_access portalserver allow portal<br>
cache_peer_access portalserver deny all<br>
http_access allow portal<br>
<br>
<br>
cache_peer 172.20.36.150 parent 443 0 no-query originserver ssl<br>
sslflags=DONT_VERIFY_PEER login=PASS connection-auth=off name=teleuniv<br>
acl our_sites dstdomain 202.53.13.19<br>
http_access allow our_sites<br>
cache_peer_access teleuniv allow our_sites<br>
cache_peer_access teleuniv deny all<br>
<br>
SO when i try to access the url MailScanner heeft een e-mail met mogelijk
een poging tot fraude gevonden van "202.53.13.19" MailScanner
warning: numerical links are often malicious: </font></tt><a href=https://202.53.13.19/><tt><font size=2>https://202.53.13.19/</font></tt></a><tt><font size=2>
I get the following<br>
error<br>
"The following error was encountered while trying to retrieve the
URL: The<br>
system returned: (111) Connection refused; The remote host or network may<br>
be down. Please try the request again."<br>
<br>
It only gives for 172.20.36.144 not for the urlpath acl. But this happens<br>
only sometimes. When I physically go to that server (172.20.36.150) and<br>
click on the wired connection (one of the LAN options using linux). It<br>
works again. I am very confused<br>
<br>
-- <br>
Regards<br>
Deepa Ganu<br>
R&D Head(CSE) KMIT<br>
Ph no : 9908036660<br>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL: <</font></tt><a href="http://lists.squid-cache.org/pipermail/squid-users/attachments/20160527/998e60f3/attachment-0001.html"><tt><font size=2>http://lists.squid-cache.org/pipermail/squid-users/attachments/20160527/998e60f3/attachment-0001.html</font></tt></a><tt><font size=2>><br>
<br>
------------------------------<br>
<br>
Message: 4<br>
Date: Fri, 27 May 2016 14:17:17 +0300<br>
From: "Eliezer Croitoru" <eliezer@ngtech.co.il><br>
To: "'joe'" <chip_pop@hotmail.com>,<br>
<squid-users@lists.squid-cache.org><br>
Subject: Re: [squid-users] NULL characters<br>
Message-ID: <33b501d1b809$541a9620$fc4fc260$@ngtech.co.il><br>
Content-Type: text/plain;
charset="utf-8"<br>
<br>
If it ended with some kind of server issues else then the logs, then it
would be considered not nice.<br>
<br>
Eliezer<br>
<br>
----<br>
Eliezer Croitoru<br>
Linux System Administrator<br>
Mobile: +972-5-28704261<br>
Email: eliezer@ngtech.co.il<br>
<br>
<br>
-----Original Message-----<br>
From: squid-users [</font></tt><a href="mailto:squid-users-bounces@lists.squid-cache.org"><tt><font size=2>mailto:squid-users-bounces@lists.squid-cache.org</font></tt></a><tt><font size=2>]
On Behalf Of joe<br>
Sent: Thursday, May 26, 2016 5:30 PM<br>
To: squid-users@lists.squid-cache.org<br>
Subject: [squid-users] NULL characters<br>
<br>
2016/05/26 06:41:28 kid1| ctx: enter level 0:<br>
'http://js.advert.mirtesen.ru/data/js/82090.js'<br>
2016/05/26 06:41:28 kid1| WARNING: HTTP header contains NULL characters<br>
{Server: nginx<br>
Date: Thu, 26 May 2016 03:46:52 GMT<br>
Content-Type: application/javascript;charset=utf-8<br>
Transfer-Encoding: chunked<br>
Connection: close<br>
Vary: Accept-Encoding<br>
X-MaxSize: 5<br>
X-MaxShm: 5<br>
X-ShmTol: 2<br>
X-Loc: 2347<br>
X-MID: 16<br>
X-Node: ssel6<br>
X-ChosenReserve: 2<br>
X-TotalPrimary: 290<br>
X-ExclByGeo: 266<br>
X-TotalPrimaryPayable: 219<br>
X-ChosenPrimary: 3<br>
X-ExclByTime: 18<br>
X-ShmNews: 1989237,2010118,2009700,<br>
X-TotalPrimaryExchange: 0<br>
X-TotalReserve: 332<br>
X-ChosenPayable: 3<br>
X-ShmCnt: 3<br>
Set-Cookie: nid}</font></tt>
<br><tt><font size=2>NULL<br>
{Server: nginx<br>
Date: Thu, 26 May 2016 03:46:52 GMT<br>
Content-Type: application/javascript;charset=utf-8<br>
Transfer-Encoding: chunked<br>
Connection: close<br>
Vary: Accept-Encoding<br>
X-MaxSize: 5<br>
X-MaxShm: 5<br>
X-ShmTol: 2<br>
X-Loc: 2347<br>
X-MID: 16<br>
X-Node: ssel6<br>
X-ChosenReserve: 2<br>
X-TotalPrimary: 290<br>
X-ExclByGeo: 266<br>
X-TotalPrimaryPayable: 219<br>
X-ChosenPrimary: 3<br>
X-ExclByTime: 18<br>
X-ShmNews: 1989237,2010118,2009700,<br>
X-TotalPrimaryExchange: 0<br>
X-TotalReserve: 332<br>
X-ChosenPayable: 3<br>
X-ShmCnt: 3<br>
Set-Cookie: nid<br>
2016/05/26 06:41:28 kid1| ctx: exit level 0<br>
<br>
is it bad ?????<br>
<br>
<br>
<br>
--<br>
View this message in context: </font></tt><a href="http://squid-web-proxy-cache.1019090.n4.nabble.com/NULL-characters-tp4677691.html"><tt><font size=2>http://squid-web-proxy-cache.1019090.n4.nabble.com/NULL-characters-tp4677691.html</font></tt></a><tt><font size=2><br>
Sent from the Squid - Users mailing list archive at Nabble.com.<br>
_______________________________________________<br>
squid-users mailing list<br>
squid-users@lists.squid-cache.org<br>
</font></tt><a href="http://lists.squid-cache.org/listinfo/squid-users"><tt><font size=2>http://lists.squid-cache.org/listinfo/squid-users</font></tt></a><tt><font size=2><br>
<br>
<br>
<br>
------------------------------<br>
<br>
Message: 5<br>
Date: Fri, 27 May 2016 12:32:15 +0100<br>
From: Nilesh Gavali <nilesh.gavali@tcs.com><br>
To: squid-users@lists.squid-cache.org<br>
Subject: [squid-users] missing negotiate_kerberos_auth on my squid<br>
Message-ID:<br>
<OF9C6F8F89.5CF2ECB1-ON80257FC0.003EE232-80257FC0.003F5EF7@tcs.com><br>
Content-Type: text/plain; charset="utf-8"<br>
<br>
Hello ;<br>
I have installed latest squid 3.5.19 on red hat Linux yesterday. That <br>
means I am new to squid and linux. <br>
able to start the squid and its working fine. <br>
now we are trying to authenticate user via Kerberos with windows AD. but
<br>
facing issues.<br>
followed the steps provided on <br>
</font></tt><a href="http://wiki.squid-cache.org/ConfigExamples/Authenticate/Kerberos"><tt><font size=2>http://wiki.squid-cache.org/ConfigExamples/Authenticate/Kerberos</font></tt></a><tt><font size=2><br>
But unable to find negotiate_kerberos_auth on my Linux box at any
<br>
location. <br>
now I need to know where i can find/download negotiate_kerberos_auth
and <br>
compile it to make authentication successful.<br>
<br>
Thanks & Regards<br>
Nilesh Suresh Gavali<br>
Tata Consultancy Services<br>
3rd Floor, Tithebarn House<br>
Tithebarn Street<br>
Liverpool - L2 2NZ<br>
United Kingdom<br>
Mailto: nilesh.gavali@tcs.com<br>
Website: </font></tt><a href=http://www.tcs.com/><tt><font size=2>http://www.tcs.com</font></tt></a><tt><font size=2><br>
____________________________________________<br>
Experience certainty. IT Services<br>
Business Solutions<br>
Consulting<br>
____________________________________________<br>
<br>
Tata Consultancy Services Limited , incorporated with limited liability
<br>
and registered with Registrar of Companies, Mumbai, India - No: 11-84781<br>
HQ : Nirmal Building , 9th Floor, Nariman Point, Mumbai - 400 021, India
- <br>
Registered in UK : 18 Grosvenor Place, London SW1X 7HS - BR :007627<br>
=====-----=====-----=====<br>
Notice: The information contained in this e-mail<br>
message and/or attachments to it may contain <br>
confidential or privileged information. If you are <br>
not the intended recipient, any dissemination, use, <br>
review, distribution, printing or copying of the <br>
information contained in this e-mail message <br>
and/or attachments to it are strictly prohibited. If <br>
you have received this communication in error, <br>
please notify us by reply e-mail or telephone and <br>
immediately and permanently delete the message <br>
and any attachments. Thank you<br>
<br>
<br>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL: <</font></tt><a href="http://lists.squid-cache.org/pipermail/squid-users/attachments/20160527/b812d6ac/attachment-0001.html"><tt><font size=2>http://lists.squid-cache.org/pipermail/squid-users/attachments/20160527/b812d6ac/attachment-0001.html</font></tt></a><tt><font size=2>><br>
<br>
------------------------------<br>
<br>
Message: 6<br>
Date: Fri, 27 May 2016 13:41:34 +0200<br>
From: L.P.H. van Belle <belle@bazuin.nl><br>
To: squid-users@squid-cache.org <squid-users@squid-cache.org><br>
Subject: Re: [squid-users] missing negotiate_kerberos_auth on my squid<br>
Message-ID:<br>
<vmime.5748326e.63bf.32264d027089be4e@ms249-lin-003.rotterdam.bazuin.nl><br>
<br>
Content-Type: text/plain; charset="windows-1252"<br>
<br>
Should be include imo. <br>
<br>
<br>
<br>
Shoud be in any Squid-3.2 and later.<br>
<br>
<br>
<br>
And on my debian server its locate here. <br>
<br>
/usr/lib/squid/negotiate_kerberos_auth <br>
<br>
<br>
<br>
Did you enable : --enable-auth-negotiate=kerberos,wrapper on compile ?
<br>
<br>
<br>
<br>
Run squid –v to check it. <br>
<br>
<br>
<br>
Greetz, <br>
<br>
<br>
<br>
Louis<br>
<br>
<br>
<br>
<br>
<br>
<br>
Van: squid-users [</font></tt><a href="mailto:squid-users-bounces@lists.squid-cache.org"><tt><font size=2>mailto:squid-users-bounces@lists.squid-cache.org</font></tt></a><tt><font size=2>]
Namens Nilesh Gavali<br>
Verzonden: vrijdag 27 mei 2016 13:32<br>
Aan: squid-users@lists.squid-cache.org<br>
Onderwerp: [squid-users] missing negotiate_kerberos_auth on my squid<br>
<br>
<br>
<br>
<br>
Hello ; <br>
I have installed latest squid 3.5.19 on red hat Linux yesterday. That means
I am new to squid and linux. <br>
able to start the squid and its working fine. <br>
now we are trying to authenticate user via Kerberos with windows AD. but
facing issues. <br>
followed the steps provided on </font></tt><a href="http://wiki.squid-cache.org/ConfigExamples/Authenticate/Kerberos"><tt><font size=2>http://wiki.squid-cache.org/ConfigExamples/Authenticate/Kerberos</font></tt></a><tt><font size=2>
<br>
But unable to find negotiate_kerberos_auth on my Linux box at any
location. <br>
now I need to know where i can find/download negotiate_kerberos_auth
and compile it to make authentication successful. <br>
<br>
Thanks & Regards<br>
Nilesh Suresh Gavali<br>
Tata Consultancy Services<br>
3rd Floor, Tithebarn House<br>
Tithebarn Street<br>
Liverpool - L2 2NZ<br>
United Kingdom<br>
Mailto: nilesh.gavali@tcs.com<br>
Website: </font></tt><a href=http://www.tcs.com/><tt><font size=2>http://www.tcs.com</font></tt></a><tt><font size=2><br>
____________________________________________<br>
Experience certainty. IT Services<br>
Business Solutions<br>
Consulting<br>
____________________________________________<br>
<br>
Tata Consultancy Services Limited , incorporated with limited liability
and registered with Registrar of Companies, Mumbai, India - No: 11-84781<br>
HQ : Nirmal Building , 9th Floor, Nariman Point, Mumbai - 400 021, India
- Registered in UK : 18 Grosvenor Place, London SW1X 7HS -
BR :007627<br>
<br>
=====-----=====-----=====<br>
Notice: The information contained in this e-mail<br>
message and/or attachments to it may contain <br>
confidential or privileged information. If you are <br>
not the intended recipient, any dissemination, use, <br>
review, distribution, printing or copying of the <br>
information contained in this e-mail message <br>
and/or attachments to it are strictly prohibited. If <br>
you have received this communication in error, <br>
please notify us by reply e-mail or telephone and <br>
immediately and permanently delete the message <br>
and any attachments. Thank you<br>
<br>
<br>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL: <</font></tt><a href="http://lists.squid-cache.org/pipermail/squid-users/attachments/20160527/bbeb60e2/attachment.html"><tt><font size=2>http://lists.squid-cache.org/pipermail/squid-users/attachments/20160527/bbeb60e2/attachment.html</font></tt></a><tt><font size=2>><br>
<br>
------------------------------<br>
<br>
Subject: Digest Footer<br>
<br>
_______________________________________________<br>
squid-users mailing list<br>
squid-users@lists.squid-cache.org<br>
</font></tt><a href="http://lists.squid-cache.org/listinfo/squid-users"><tt><font size=2>http://lists.squid-cache.org/listinfo/squid-users</font></tt></a><tt><font size=2><br>
<br>
<br>
------------------------------<br>
<br>
End of squid-users Digest, Vol 21, Issue 101<br>
******************************************** <br>
<br>
<br>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL: <</font></tt><a href="http://lists.squid-cache.org/pipermail/squid-users/attachments/20160601/4b55aed1/attachment.html"><tt><font size=2>http://lists.squid-cache.org/pipermail/squid-users/attachments/20160601/4b55aed1/attachment.html</font></tt></a><tt><font size=2>><br>
<br>
------------------------------<br>
<br>
Subject: Digest Footer<br>
<br>
_______________________________________________<br>
squid-users mailing list<br>
squid-users@lists.squid-cache.org<br>
</font></tt><a href="http://lists.squid-cache.org/listinfo/squid-users"><tt><font size=2>http://lists.squid-cache.org/listinfo/squid-users</font></tt></a><tt><font size=2><br>
<br>
<br>
------------------------------<br>
<br>
End of squid-users Digest, Vol 22, Issue 5<br>
******************************************<br>
</font></tt>