[squid-users] You MUST specify at least one Domain Controller.You can use either \ or / as separator between the domain name

Ahmed Allzaeem ahmed.zaeem at netstream.ps
Sat Dec 20 00:08:52 UTC 2014


If you look @ the logs , it seems it  recognize a username when it allow , but when it deny it don’t recognize a username

Plz look @ logs below :
N username here , but I put the username "b"
> 1418996889.943      2 192.168.1.5 TCP_DENIED/407 4189 GET http://google.com/ - NONE/- text/html


Down  here itc MISS , u will see the username "b" after the google.com
> 1418996897.774   7830 192.168.1.5 TCP_MISS/302 1258 GET http://google.com/ b DIRECT/74.125.232.228 text/html

Compare both of them
U will see that user "b" ibcluded when its allowed

Im not sure why all of that slow in Kerberos ???!!!

cheers

-----Original Message-----
From: squid-users [mailto:squid-users-bounces at lists.squid-cache.org] On Behalf Of Alex Crow
Sent: Friday, December 19, 2014 6:02 AM
To: squid-users at lists.squid-cache.org
Subject: Re: [squid-users] You MUST specify at least one Domain Controller.You can use either \ or / as separator between the domain name

Hi,

That is how NTLM works. It doesn't (normally) indicate anything is wrong. You do seem to have a /lot/ of DENIED though.

NTLM Auth will slow down browsing somewhat because authentication is performed for every object retrieved. Google Maps can be a real nasty because it loads lots of small images for the map tiles. However I don't know /how/ slow your access is so I can't really say if it's likely to be a problem.

Cheers

Alex

On 19/12/14 23:50, Ahmed Allzaeem wrote:
> Thank  you Amos , don’t know wt to say , u helped me a lot !
>
> Now it get user/pwd
>
> But still a new issue appeared !!
>
> Now the browsing is so slow !!
>
> I check the logs of squid I found a lot of TCP_denied and some of 
> TCP_MISS
>
>
> The question is being asked ... why a lot of requests is being deinied ans some is  being accepted ???
>
> Here is a sample :
> 1418996889.904      1 192.168.1.5 TCP_DENIED/407 3972 GET http://google.com/ - NONE/- text/html
> 1418996889.925      1 192.168.1.5 TCP_DENIED/407 4189 GET http://google.com/ - NONE/- text/html
> 1418996889.936      2 192.168.1.5 TCP_DENIED/407 4506 GET http://google.com/ - NONE/- text/html
> 1418996889.943      2 192.168.1.5 TCP_DENIED/407 4189 GET http://google.com/ - NONE/- text/html
> 1418996897.774   7830 192.168.1.5 TCP_MISS/302 1258 GET http://google.com/ b DIRECT/74.125.232.228 text/html
> 1418996905.927   8142 192.168.1.5 TCP_MISS/302 1266 GET http://www.google.ps/? b DIRECT/74.125.232.247 text/html
> 1418996905.943      3 192.168.1.5 TCP_DENIED/407 4128 CONNECT dtex4kvbppovt.cloudfront.net:443 - NONE/- text/html
> 1418996905.946      2 192.168.1.5 TCP_DENIED/407 4128 CONNECT dtex4kvbppovt.cloudfront.net:443 - NONE/- text/html
> 1418996905.949      4 192.168.1.5 TCP_DENIED/407 4128 CONNECT dtex4kvbppovt.cloudfront.net:443 - NONE/- text/html
> 1418996905.949      4 192.168.1.5 TCP_DENIED/407 4128 CONNECT dtex4kvbppovt.cloudfront.net:443 - NONE/- text/html
> 1418996905.953      2 192.168.1.5 TCP_DENIED/407 3851 CONNECT www.google.ps:443 - NONE/- text/html
> 1418996905.955      4 192.168.1.5 TCP_DENIED/407 4128 CONNECT dtex4kvbppovt.cloudfront.net:443 - NONE/- text/html
> 1418996905.969      2 192.168.1.5 TCP_DENIED/407 4068 CONNECT www.google.ps:443 - NONE/- text/html
> 1418996905.973      1 192.168.1.5 TCP_DENIED/407 4393 CONNECT www.google.ps:443 - NONE/- text/html
> 1418996905.980      1 192.168.1.5 TCP_DENIED/407 4068 CONNECT www.google.ps:443 - NONE/- text/html
> 1418996908.011      1 192.168.1.5 TCP_DENIED/407 4103 POST http://clients1.google.com/ocsp - NONE/- text/html
> 1418996908.015      1 192.168.1.5 TCP_DENIED/407 4320 POST http://clients1.google.com/ocsp - NONE/- text/html
> 1418996908.019      2 192.168.1.5 TCP_DENIED/407 4661 POST http://clients1.google.com/ocsp - NONE/- text/html
> 1418996909.041      1 192.168.1.5 TCP_DENIED/407 3859 CONNECT ssl.gstatic.com:443 - NONE/- text/html
> 1418996909.089      2 192.168.1.5 TCP_DENIED/407 4076 CONNECT ssl.gstatic.com:443 - NONE/- text/html
> 1418996909.097      2 192.168.1.5 TCP_DENIED/407 4405 CONNECT ssl.gstatic.com:443 - NONE/- text/html
> 1418996909.104      2 192.168.1.5 TCP_DENIED/407 4076 CONNECT ssl.gstatic.com:443 - NONE/- text/html
> 1418996910.755      1 192.168.1.5 TCP_DENIED/407 3859 CONNECT www.gstatic.com:443 - NONE/- text/html
> 1418996910.784      1 192.168.1.5 TCP_DENIED/407 4076 CONNECT www.gstatic.com:443 - NONE/- text/html
> 1418996910.791      2 192.168.1.5 TCP_DENIED/407 4405 CONNECT www.gstatic.com:443 - NONE/- text/html
> 1418996910.796      1 192.168.1.5 TCP_DENIED/407 4076 CONNECT www.gstatic.com:443 - NONE/- text/html
> 1418996917.152      2 192.168.1.5 TCP_DENIED/407 4103 POST http://clients1.google.com/ocsp - NONE/- text/html
> 1418996917.156      2 192.168.1.5 TCP_DENIED/407 4320 POST http://clients1.google.com/ocsp - NONE/- text/html
> 1418996917.161      2 192.168.1.5 TCP_DENIED/407 4663 POST http://clients1.google.com/ocsp - NONE/- text/html
> 1418996920.312      1 192.168.1.5 TCP_DENIED/407 3903 CONNECT tiles.services.mozilla.com:443 - NONE/- text/html
> 1418996920.334      4 192.168.1.5 TCP_DENIED/407 4120 CONNECT tiles.services.mozilla.com:443 - NONE/- text/html
> 1418996920.471      2 192.168.1.5 TCP_DENIED/407 4483 CONNECT tiles.services.mozilla.com:443 - NONE/- text/html
> 1418996926.896      1 192.168.1.5 TCP_DENIED/407 4120 CONNECT tiles.services.mozilla.com:443 - NONE/- text/html
> 1418996935.623      1 192.168.1.5 TCP_DENIED/407 4079 POST http://ocsp.digicert.com/ - NONE/- text/html
> 1418996935.630      3 192.168.1.5 TCP_DENIED/407 4296 POST http://ocsp.digicert.com/ - NONE/- text/html
> 1418996935.633      2 192.168.1.5 TCP_DENIED/407 4635 POST http://ocsp.digicert.com/ - NONE/- text/html
> 1418996935.640      2 192.168.1.5 TCP_DENIED/407 4296 POST http://ocsp.digicert.com/ - NONE/- text/html
> 1418996935.810   7242 192.168.1.5 TCP_MISS/200 6448 GET http://whatismyipaddress.com/ b DIRECT/66.171.248.172 text/html
> 1418996935.852      1 192.168.1.5 TCP_DENIED/407 4349 GET http://maps.google.com/maps/api/js? - NONE/- text/html
> 1418996935.862      2 192.168.1.5 TCP_DENIED/407 4566 GET http://maps.google.com/maps/api/js? - NONE/- text/html
> 1418996935.868      4 192.168.1.5 TCP_DENIED/407 4901 GET http://maps.google.com/maps/api/js? - NONE/- text/html
> 1418996935.876      3 192.168.1.5 TCP_DENIED/407 4566 GET http://maps.google.com/maps/api/js? - NONE/- text/html
> 1418996935.904      0 192.168.1.5 TCP_DENIED/407 4076 GET http://cdn.whatismyipaddress.com/favicon.ico - NONE/- text/html
> 1418996935.918      1 192.168.1.5 TCP_DENIED/407 4293 GET http://cdn.whatismyipaddress.com/favicon.ico - NONE/- text/html
> 1418996935.925      1 192.168.1.5 TCP_DENIED/407 4650 GET http://cdn.whatismyipaddress.com/favicon.ico - NONE/- text/html
> 1418996935.934      1 192.168.1.5 TCP_DENIED/407 4293 GET http://cdn.whatismyipaddress.com/favicon.ico - NONE/- text/html
> 1418996937.486      1 192.168.1.5 TCP_DENIED/407 3863 CONNECT aus4.mozilla.org:443 - NONE/- text/html
> 1418996937.493      1 192.168.1.5 TCP_DENIED/407 4080 CONNECT aus4.mozilla.org:443 - NONE/- text/html
> 1418996937.498      3 192.168.1.5 TCP_DENIED/407 4413 CONNECT aus4.mozilla.org:443 - NONE/- text/html
> 1418996937.505      1 192.168.1.5 TCP_DENIED/407 4080 CONNECT aus4.mozilla.org:443 - NONE/- text/html
> 1418996937.615   1974 192.168.1.5 TCP_MISS/000 0 POST http://ocsp.digicert.com/ b DIRECT/ocsp.digicert.com -
> 1418996937.621      1 192.168.1.5 TCP_DENIED/407 3903 CONNECT tiles.services.mozilla.com:443 - NONE/- text/html
> 1418996937.628      2 192.168.1.5 TCP_DENIED/407 4120 CONNECT tiles.services.mozilla.com:443 - NONE/- text/html
> 1418996937.633      3 192.168.1.5 TCP_DENIED/407 4485 CONNECT tiles.services.mozilla.com:443 - NONE/- text/html
> 1418996937.641      1 192.168.1.5 TCP_DENIED/407 4120 CONNECT tiles.services.mozilla.com:443 - NONE/- text/html
> 1418996943.423   7545 192.168.1.5 TCP_MISS/200 1613 GET http://maps.google.com/maps/api/js? b DIRECT/216.58.209.128 text/javascript
>
>
>
> regards
>
> -----Original Message-----
> From: Amos Jeffries [mailto:squid3 at treenet.co.nz]
> Sent: Friday, December 19, 2014 5:42 AM
> To: Ahmed Allzaeem; squid-users at lists.squid-cache.org
> Subject: Re: [squid-users] You MUST specify at least one Domain 
> Controller.You can use either \ or / as separator between the domain 
> name
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 20/12/2014 12:13 p.m., Ahmed Allzaeem wrote:
>> HI amos , thanks for clarification , Actually I modified it with the 
>> correct samba path with ==> /usr/bin/ntlm_auth whereas I checked and 
>> found that helper !
>>
>>
>> So , my squid config  file to  : ======= ##Kerberos config for squid 
>> auth_param ntlm program /usr/bin/ntlm_auth 
>> --helper-protocol=squid-2.5-basic
> That should be:
>    --helper-protocol=squid-2.5-ntlmssp
>
> Amos
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.22 (MingW32)
>
> iQEcBAEBAgAGBQJUlCsPAAoJELJo5wb/XPRjbX8IANahhzgeqoXQy9nVPbhfTAAB
> 53MDu/3ZzMXeK3mw60c/xzA0FV/F5iBQuXh+zydMlRUeqYDTU7WhRJ+Si0AbM0MX
> 6fsiHSJ++/1mY/4UyG/TlhmFc9ByxuXfYEoDFntUOb7hT3DDSrKZVYvZ6T4QdaCX
> fqfDAHsxfaRt8j7gOcZhQOOeWA5khSbWxsTAsO7DKzBf2pZItNi3CLGzAg8OkVqo
> 6C1XtZ5sFGj3Ij/3tGngKYlNTnv6A3rt3N2+b63TWTbdWVvQLlkZqAfC5GF3tw0j
> 9wiBSOOuzxCSRTXo2/6r3dvnVK3tqMyBwngeIafOjIl0prmAbcegZVgLzX5hKBY=
> =AFDb
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>

--
This message is intended only for the addressee and may contain confidential information. Unless you are that person, you may not disclose its contents or use it in any way and are requested to delete the message along with any attachments and notify us immediately.
"Transact" is operated by Integrated Financial Arrangements plc. 29 Clement's Lane, London EC4N 7AE. Tel: (020) 7608 4900 Fax: (020) 7608 5300. (Registered office: as above; Registered in England and Wales under number: 3727592). Authorised and regulated by the Financial Conduct Authority (entered on the Financial Services Register; no. 190856).

_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users



More information about the squid-users mailing list