[squid-users] You MUST specify at least one Domain Controller.You can use either \ or / as separator between the domain name
Ahmed Allzaeem
ahmed.zaeem at netstream.ps
Sat Dec 20 00:08:52 UTC 2014
If you look @ the logs , it seems it recognize a username when it allow , but when it deny it don’t recognize a username
Plz look @ logs below :
N username here , but I put the username "b"
> 1418996889.943 2 192.168.1.5 TCP_DENIED/407 4189 GET http://google.com/ - NONE/- text/html
Down here itc MISS , u will see the username "b" after the google.com
> 1418996897.774 7830 192.168.1.5 TCP_MISS/302 1258 GET http://google.com/ b DIRECT/74.125.232.228 text/html
Compare both of them
U will see that user "b" ibcluded when its allowed
Im not sure why all of that slow in Kerberos ???!!!
cheers
-----Original Message-----
From: squid-users [mailto:squid-users-bounces at lists.squid-cache.org] On Behalf Of Alex Crow
Sent: Friday, December 19, 2014 6:02 AM
To: squid-users at lists.squid-cache.org
Subject: Re: [squid-users] You MUST specify at least one Domain Controller.You can use either \ or / as separator between the domain name
Hi,
That is how NTLM works. It doesn't (normally) indicate anything is wrong. You do seem to have a /lot/ of DENIED though.
NTLM Auth will slow down browsing somewhat because authentication is performed for every object retrieved. Google Maps can be a real nasty because it loads lots of small images for the map tiles. However I don't know /how/ slow your access is so I can't really say if it's likely to be a problem.
Cheers
Alex
On 19/12/14 23:50, Ahmed Allzaeem wrote:
> Thank you Amos , don’t know wt to say , u helped me a lot !
>
> Now it get user/pwd
>
> But still a new issue appeared !!
>
> Now the browsing is so slow !!
>
> I check the logs of squid I found a lot of TCP_denied and some of
> TCP_MISS
>
>
> The question is being asked ... why a lot of requests is being deinied ans some is being accepted ???
>
> Here is a sample :
> 1418996889.904 1 192.168.1.5 TCP_DENIED/407 3972 GET http://google.com/ - NONE/- text/html
> 1418996889.925 1 192.168.1.5 TCP_DENIED/407 4189 GET http://google.com/ - NONE/- text/html
> 1418996889.936 2 192.168.1.5 TCP_DENIED/407 4506 GET http://google.com/ - NONE/- text/html
> 1418996889.943 2 192.168.1.5 TCP_DENIED/407 4189 GET http://google.com/ - NONE/- text/html
> 1418996897.774 7830 192.168.1.5 TCP_MISS/302 1258 GET http://google.com/ b DIRECT/74.125.232.228 text/html
> 1418996905.927 8142 192.168.1.5 TCP_MISS/302 1266 GET http://www.google.ps/? b DIRECT/74.125.232.247 text/html
> 1418996905.943 3 192.168.1.5 TCP_DENIED/407 4128 CONNECT dtex4kvbppovt.cloudfront.net:443 - NONE/- text/html
> 1418996905.946 2 192.168.1.5 TCP_DENIED/407 4128 CONNECT dtex4kvbppovt.cloudfront.net:443 - NONE/- text/html
> 1418996905.949 4 192.168.1.5 TCP_DENIED/407 4128 CONNECT dtex4kvbppovt.cloudfront.net:443 - NONE/- text/html
> 1418996905.949 4 192.168.1.5 TCP_DENIED/407 4128 CONNECT dtex4kvbppovt.cloudfront.net:443 - NONE/- text/html
> 1418996905.953 2 192.168.1.5 TCP_DENIED/407 3851 CONNECT www.google.ps:443 - NONE/- text/html
> 1418996905.955 4 192.168.1.5 TCP_DENIED/407 4128 CONNECT dtex4kvbppovt.cloudfront.net:443 - NONE/- text/html
> 1418996905.969 2 192.168.1.5 TCP_DENIED/407 4068 CONNECT www.google.ps:443 - NONE/- text/html
> 1418996905.973 1 192.168.1.5 TCP_DENIED/407 4393 CONNECT www.google.ps:443 - NONE/- text/html
> 1418996905.980 1 192.168.1.5 TCP_DENIED/407 4068 CONNECT www.google.ps:443 - NONE/- text/html
> 1418996908.011 1 192.168.1.5 TCP_DENIED/407 4103 POST http://clients1.google.com/ocsp - NONE/- text/html
> 1418996908.015 1 192.168.1.5 TCP_DENIED/407 4320 POST http://clients1.google.com/ocsp - NONE/- text/html
> 1418996908.019 2 192.168.1.5 TCP_DENIED/407 4661 POST http://clients1.google.com/ocsp - NONE/- text/html
> 1418996909.041 1 192.168.1.5 TCP_DENIED/407 3859 CONNECT ssl.gstatic.com:443 - NONE/- text/html
> 1418996909.089 2 192.168.1.5 TCP_DENIED/407 4076 CONNECT ssl.gstatic.com:443 - NONE/- text/html
> 1418996909.097 2 192.168.1.5 TCP_DENIED/407 4405 CONNECT ssl.gstatic.com:443 - NONE/- text/html
> 1418996909.104 2 192.168.1.5 TCP_DENIED/407 4076 CONNECT ssl.gstatic.com:443 - NONE/- text/html
> 1418996910.755 1 192.168.1.5 TCP_DENIED/407 3859 CONNECT www.gstatic.com:443 - NONE/- text/html
> 1418996910.784 1 192.168.1.5 TCP_DENIED/407 4076 CONNECT www.gstatic.com:443 - NONE/- text/html
> 1418996910.791 2 192.168.1.5 TCP_DENIED/407 4405 CONNECT www.gstatic.com:443 - NONE/- text/html
> 1418996910.796 1 192.168.1.5 TCP_DENIED/407 4076 CONNECT www.gstatic.com:443 - NONE/- text/html
> 1418996917.152 2 192.168.1.5 TCP_DENIED/407 4103 POST http://clients1.google.com/ocsp - NONE/- text/html
> 1418996917.156 2 192.168.1.5 TCP_DENIED/407 4320 POST http://clients1.google.com/ocsp - NONE/- text/html
> 1418996917.161 2 192.168.1.5 TCP_DENIED/407 4663 POST http://clients1.google.com/ocsp - NONE/- text/html
> 1418996920.312 1 192.168.1.5 TCP_DENIED/407 3903 CONNECT tiles.services.mozilla.com:443 - NONE/- text/html
> 1418996920.334 4 192.168.1.5 TCP_DENIED/407 4120 CONNECT tiles.services.mozilla.com:443 - NONE/- text/html
> 1418996920.471 2 192.168.1.5 TCP_DENIED/407 4483 CONNECT tiles.services.mozilla.com:443 - NONE/- text/html
> 1418996926.896 1 192.168.1.5 TCP_DENIED/407 4120 CONNECT tiles.services.mozilla.com:443 - NONE/- text/html
> 1418996935.623 1 192.168.1.5 TCP_DENIED/407 4079 POST http://ocsp.digicert.com/ - NONE/- text/html
> 1418996935.630 3 192.168.1.5 TCP_DENIED/407 4296 POST http://ocsp.digicert.com/ - NONE/- text/html
> 1418996935.633 2 192.168.1.5 TCP_DENIED/407 4635 POST http://ocsp.digicert.com/ - NONE/- text/html
> 1418996935.640 2 192.168.1.5 TCP_DENIED/407 4296 POST http://ocsp.digicert.com/ - NONE/- text/html
> 1418996935.810 7242 192.168.1.5 TCP_MISS/200 6448 GET http://whatismyipaddress.com/ b DIRECT/66.171.248.172 text/html
> 1418996935.852 1 192.168.1.5 TCP_DENIED/407 4349 GET http://maps.google.com/maps/api/js? - NONE/- text/html
> 1418996935.862 2 192.168.1.5 TCP_DENIED/407 4566 GET http://maps.google.com/maps/api/js? - NONE/- text/html
> 1418996935.868 4 192.168.1.5 TCP_DENIED/407 4901 GET http://maps.google.com/maps/api/js? - NONE/- text/html
> 1418996935.876 3 192.168.1.5 TCP_DENIED/407 4566 GET http://maps.google.com/maps/api/js? - NONE/- text/html
> 1418996935.904 0 192.168.1.5 TCP_DENIED/407 4076 GET http://cdn.whatismyipaddress.com/favicon.ico - NONE/- text/html
> 1418996935.918 1 192.168.1.5 TCP_DENIED/407 4293 GET http://cdn.whatismyipaddress.com/favicon.ico - NONE/- text/html
> 1418996935.925 1 192.168.1.5 TCP_DENIED/407 4650 GET http://cdn.whatismyipaddress.com/favicon.ico - NONE/- text/html
> 1418996935.934 1 192.168.1.5 TCP_DENIED/407 4293 GET http://cdn.whatismyipaddress.com/favicon.ico - NONE/- text/html
> 1418996937.486 1 192.168.1.5 TCP_DENIED/407 3863 CONNECT aus4.mozilla.org:443 - NONE/- text/html
> 1418996937.493 1 192.168.1.5 TCP_DENIED/407 4080 CONNECT aus4.mozilla.org:443 - NONE/- text/html
> 1418996937.498 3 192.168.1.5 TCP_DENIED/407 4413 CONNECT aus4.mozilla.org:443 - NONE/- text/html
> 1418996937.505 1 192.168.1.5 TCP_DENIED/407 4080 CONNECT aus4.mozilla.org:443 - NONE/- text/html
> 1418996937.615 1974 192.168.1.5 TCP_MISS/000 0 POST http://ocsp.digicert.com/ b DIRECT/ocsp.digicert.com -
> 1418996937.621 1 192.168.1.5 TCP_DENIED/407 3903 CONNECT tiles.services.mozilla.com:443 - NONE/- text/html
> 1418996937.628 2 192.168.1.5 TCP_DENIED/407 4120 CONNECT tiles.services.mozilla.com:443 - NONE/- text/html
> 1418996937.633 3 192.168.1.5 TCP_DENIED/407 4485 CONNECT tiles.services.mozilla.com:443 - NONE/- text/html
> 1418996937.641 1 192.168.1.5 TCP_DENIED/407 4120 CONNECT tiles.services.mozilla.com:443 - NONE/- text/html
> 1418996943.423 7545 192.168.1.5 TCP_MISS/200 1613 GET http://maps.google.com/maps/api/js? b DIRECT/216.58.209.128 text/javascript
>
>
>
> regards
>
> -----Original Message-----
> From: Amos Jeffries [mailto:squid3 at treenet.co.nz]
> Sent: Friday, December 19, 2014 5:42 AM
> To: Ahmed Allzaeem; squid-users at lists.squid-cache.org
> Subject: Re: [squid-users] You MUST specify at least one Domain
> Controller.You can use either \ or / as separator between the domain
> name
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 20/12/2014 12:13 p.m., Ahmed Allzaeem wrote:
>> HI amos , thanks for clarification , Actually I modified it with the
>> correct samba path with ==> /usr/bin/ntlm_auth whereas I checked and
>> found that helper !
>>
>>
>> So , my squid config file to : ======= ##Kerberos config for squid
>> auth_param ntlm program /usr/bin/ntlm_auth
>> --helper-protocol=squid-2.5-basic
> That should be:
> --helper-protocol=squid-2.5-ntlmssp
>
> Amos
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.22 (MingW32)
>
> iQEcBAEBAgAGBQJUlCsPAAoJELJo5wb/XPRjbX8IANahhzgeqoXQy9nVPbhfTAAB
> 53MDu/3ZzMXeK3mw60c/xzA0FV/F5iBQuXh+zydMlRUeqYDTU7WhRJ+Si0AbM0MX
> 6fsiHSJ++/1mY/4UyG/TlhmFc9ByxuXfYEoDFntUOb7hT3DDSrKZVYvZ6T4QdaCX
> fqfDAHsxfaRt8j7gOcZhQOOeWA5khSbWxsTAsO7DKzBf2pZItNi3CLGzAg8OkVqo
> 6C1XtZ5sFGj3Ij/3tGngKYlNTnv6A3rt3N2+b63TWTbdWVvQLlkZqAfC5GF3tw0j
> 9wiBSOOuzxCSRTXo2/6r3dvnVK3tqMyBwngeIafOjIl0prmAbcegZVgLzX5hKBY=
> =AFDb
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
--
This message is intended only for the addressee and may contain confidential information. Unless you are that person, you may not disclose its contents or use it in any way and are requested to delete the message along with any attachments and notify us immediately.
"Transact" is operated by Integrated Financial Arrangements plc. 29 Clement's Lane, London EC4N 7AE. Tel: (020) 7608 4900 Fax: (020) 7608 5300. (Registered office: as above; Registered in England and Wales under number: 3727592). Authorised and regulated by the Financial Conduct Authority (entered on the Financial Services Register; no. 190856).
_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
More information about the squid-users
mailing list