[squid-users] Replacing Microsoft TMG by Squid.

Yuri Voinov yvoinov at gmail.com
Fri Oct 16 20:15:06 UTC 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
 
In my setup exists these helpers:

http://i.imgur.com/mbfhojY.png

with this configuration:

./configure '--prefix=/usr/local/squid' '--enable-translation'
'--enable-external-acl-helpers=none' '--enable-icap-client'
'--enable-ecap' '--enable-ipf-transparent' '--enable-storeio=ufs,aufs'
'--enable-removal-policies=lru,heap' '--enable-devpoll' '--disable-wccp'
'--enable-wccpv2' '--enable-http-violations'
'--enable-follow-x-forwarded-for' '--enable-arp-acl' '--enable-htcp'
'--enable-cache-digests' '--with-dl' '--enable-auth-negotiate=none'
'--disable-auth-digest' '--disable-auth-ntlm'
'--disable-url-rewrite-helpers' '--enable-storeid-rewrite-helpers=file'
'--enable-log-daemon-helpers=file' '--enable-ssl' '--enable-ssl-crtd'
'--enable-zph-qos' '--disable-snmp' '--enable-inline'
'--with-build-environment=POSIX_V6_LP64_OFF64' 'CFLAGS=-O3 -m64
-mtune=core2 -pipe -lmtmalloc' 'CXXFLAGS=-O3 -m64 -mtune=core2 -pipe
-lmtmalloc' 'CPPFLAGS=-I/opt/csw/include' 'LDFLAGS=-fPIE -pie
-Wl,-z,now' 'PKG_CONFIG_PATH=/usr/local/lib/pkgconfig'
--enable-build-info="Intercept/WCCPv2/SSL/CRTD/AUFS/eCAP/64/GCC/mtmalloc
Production"

Note: This is transparent interception proxy, not reverse, not
forwarding. Basic auth enabled by default, it required for cachemgr.

17.10.15 2:02, Sebastien.Boulianne at cpu.ca пишет:
>
> How should I select it ? :(
>
> Thanks Yuri!
> De : squid-users [mailto:squid-users-bounces at lists.squid-cache.org] De
la part de Yuri Voinov
> Envoyé : 16 octobre 2015 15:28
> À : squid-users at lists.squid-cache.org
> Objet : Re: [squid-users] Replacing Microsoft TMG by Squid.
>
>
> I have no sources right now, but looks like pure LDAP auth helper does
not selected....
>
> 17.10.15 1:10,
Sebastien.Boulianne at cpu.ca<mailto:Sebastien.Boulianne at cpu.ca> пишет:
> > I builded my own version too…
>
>
>
>       > I used these options.
>
>
>
>       > squid -v
>
>       > Squid Cache: Version 3.5.10-20151001-r13933
>
>       > Service Name: squid
>
>       > configure options:  '--build=x86_64-redhat-linux-gnu'
>       '--host=x86_64-redhat-linux-gnu' '--program-prefix='
>       '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin'
>       '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share'
>       '--includedir=/usr/include' '--libdir=/usr/lib64'
>       '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib'
>       '--mandir=/usr/share/man' '--infodir=/usr/share/info'
>       '--disable-strict-error-checking' '--exec_prefix=/usr'
>       '--libexecdir=/usr/lib64/squid' '--datadir=/usr/share/squid'
>       '--sysconfdir=/etc/squid' '--with-logdir=/var/log/squid'
>       '--with-pidfile=/var/run/squid.pid'
>       '--disable-dependency-tracking' '--enable-eui'
>       '--enable-follow-x-forwarded-for' '--enable-auth'
>       '--enable-auth-basic=DB,LDAP,NCSA,NIS,POP3,RADIUS,SASL,SMB,getpwnam'
>       '--enable-auth-ntlm=smb_lm,fake'
>       '--enable-auth-digest=file,LDAP,eDirectory'
>       '--enable-auth-negotiate=kerberos'
>      
'--enable-external-acl-helpers=file_userip,LDAP_group,time_quota,session,unix_group,wbinfo_group'
>       '--enable-cache-digests' '--enable-cachemgr-hostname=localhost'
>       '--enable-delay-pools' '--enable-epoll' '--enable-icap-client'
>       '--enable-ident-lookups' '--enable-linux-netfilter'
>       '--enable-removal-policies=heap,lru' '--enable-snmp'
>       '--enable-ssl' '--enable-ssl-crtd'
>       '--enable-storeio=aufs,diskd,ufs' '--enable-wccpv2' '--enable-esi'
>       '--with-aio' '--with-default-user=squid'
>       '--with-filedescriptors=16384' '--with-dl' '--with-openssl'
>       '--with-pthreads' 'build_alias=x86_64-redhat-linux-gnu'
>       'host_alias=x86_64-redhat-linux-gnu' 'CFLAGS=-O2'
>       --enable-ltdl-convenience
>
>
>
>       > De : squid-users
>       [mailto:squid-users-bounces at lists.squid-cache.org] De la part de
>       Yuri Voinov
>
>       > Envoyé : 16 octobre 2015 15:09
>
>       > À :
squid-users at lists.squid-cache.org<mailto:squid-users at lists.squid-cache.org>
>
>       > Objet : Re: [squid-users] Replacing Microsoft TMG by Squid.
>
>
>
>
>
>       > To do custom build, you must build Squid from source
>       yourself, and not get from any repos, which is it's owner
>       preferences impress.
>
>
>
>       > 17.10.15 1:06,
>      
Sebastien.Boulianne at cpu.ca<mailto:Sebastien.Boulianne at cpu.ca><mailto:Sebastien.Boulianne at cpu.ca><mailto:Sebastien.Boulianne at cpu.ca>
>       пишет:
>
>       > > I dont have any
>
>       >       /usr/lib/squid/squid_ldap_auth.
>
>
>
>
>
>
>
>       >       > There is no /usr/lib/squid directory.
>
>
>
>
>
>
>
>       >       > De : squid-users
>
>       >       [mailto:squid-users-bounces at lists.squid-cache.org] De
>       la part de
>
>       >       Yuri Voinov
>
>
>
>       >       > Envoyé : 16 octobre 2015 15:03
>
>
>
>       >       > À :
>
squid-users at lists.squid-cache.org<mailto:squid-users at lists.squid-cache.org><mailto:squid-users at lists.squid-cache.org><mailto:squid-users at lists.squid-cache.org>
>
>
>
>       >       > Objet : Re: [squid-users] Replacing Microsoft TMG
>       by Squid.
>
>
>
>
>
>
>
>
>
>
>
>       >       >
>       http://wiki.squid-cache.org/Features/Authentication
>
>
>
>
>
>
>
>      >       > 17.10.15 1:01,
>
>
>
Sebastien.Boulianne at cpu.ca<mailto:Sebastien.Boulianne at cpu.ca><mailto:Sebastien.Boulianne at cpu.ca><mailto:Sebastien.Boulianne at cpu.ca><mailto:Sebastien.Boulianne at cpu.ca><mailto:Sebastien.Boulianne at cpu.ca><mailto:Sebastien.Boulianne at cpu.ca><mailto:Sebastien.Boulianne at cpu.ca>
>
>       >       пишет:
>
>
>
>       >       > > Is squid_ldap_auth was replaced
>
>
>
>       >       >       by digest_ldap_auth ?
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>       >       >       > Thanks!
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>       >       >       > [cid:image002.jpg at 01D10823.82D2DDB0]
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>       >       >       > De : squid-users
>
>
>
>       >       >
>       [mailto:squid-users-bounces at lists.squid-cache.org] De
>
>       >       la part de
>
>
>
>       >       >       Yuri Voinov
>
>
>
>
>
>
>
>       >       >       > Envoyé : 16 octobre 2015 14:53
>
>
>
>
>
>
>
>       >       >       > À :
>
>
>
squid-users at lists.squid-cache.org<mailto:squid-users at lists.squid-cache.org><mailto:squid-users at lists.squid-cache.org><mailto:squid-users at lists.squid-cache.org><mailto:squid-users at lists.squid-cache.org><mailto:squid-users at lists.squid-cache.org><mailto:squid-users at lists.squid-cache.org><mailto:squid-users at lists.squid-cache.org>
>
>
>
>
>
>
>
>       >       >       > Objet : Re: [squid-users] Replacing
>       Microsoft TMG
>
>       >       by Squid.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>       >       >       > Start from here:
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>       >       >       >
>
>
>       http://wiki.squid-cache.org/ConfigExamples/Authenticate/Ldap
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>       >       >       > 16.10.15 23:51,
>
>
>
>
>
>
>
Sebastien.Boulianne at cpu.ca<mailto:Sebastien.Boulianne at cpu.ca><mailto:Sebastien.Boulianne at cpu.ca><mailto:Sebastien.Boulianne at cpu.ca><mailto:Sebastien.Boulianne at cpu.ca><mailto:Sebastien.Boulianne at cpu.ca><mailto:Sebastien.Boulianne at cpu.ca><mailto:Sebastien.Boulianne at cpu.ca><mailto:Sebastien.Boulianne at cpu.ca><mailto:Sebastien.Boulianne at cpu.ca><mailto:Sebastien.Boulianne at cpu.ca><mailto:Sebastien.Boulianne at cpu.ca><mailto:Sebastien.Boulianne at cpu.ca><mailto:Sebastien.Boulianne at cpu.ca><mailto:Sebastien.Boulianne at cpu.ca><mailto:Sebastien.Boulianne at cpu.ca>
>
>
>
>       >       >       пишет:
>
>
>
>
>
>
>
>       >       >       > > Hi all,
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>       >       >       >       > Like you know, Microsoft
>       discountinued
>
>       >       the TMG.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>       >       >       >       > The TMG was used as a
>       reverse proxy.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>       >       >       >       > Since many days, I work to
>       replace our
>
>       >       TMG by a
>
>
>
>       >       >       Squid server
>
>
>
>
>
>
>
>       >       >       >       v3.5.10 with Oracle Linux 7 x64.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>       >       >       >       > I moved some sites this week
>       but I have
>
>       >       a little
>
>
>
>       >       >       problem now.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>       >       >       >       > How can I ask LDAP
>       credentials for a
>
>       >       user who want
>
>
>
>       >       >       to access
>
>
>
>
>
>
>
>       >       >       >       a directory on another server ?
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>       >       >       >       > I currently do that with our
>       TMG.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>       >       >       >       > I used Google but I can only
>       find doc
>
>       >       about LDAP
>
>
>
>       >       >       auth for
>
>
>
>
>
>
>
>       >       >       >       users they want to access the
>       internet.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>       >       >       >       > [root at squid squid]# cd
>
>       >       /usr/lib64/squid/
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>       >       >       >       > [root at squid squid]# ls
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>       >       >       >       > basic_db_auth
>
>       >       basic_pam_auth
>
>
>
>
>
>
>
>       >       >       >       cert_valid.pl
>       ext_session_acl
>
>
>
>
>
>
>
>       >       >       >       negotiate_kerberos_auth
>
>       >       url_fake_rewrite
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>       >       >       >       > basic_getpwnam_auth
>
>       >       basic_pop3_auth
>
>
>
>
>
>
>
>       >       >       >       digest_edirectory_auth
>       ext_time_quota_acl
>
>
>
>
>
>
>
>       >       >       >       negotiate_kerberos_auth_test
>
>       >       url_fake_rewrite.sh
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>       >       >       >       > basic_ldap_auth
>
>       >       basic_radius_auth
>
>
>
>
>
>
>
>       >       >       >       digest_file_auth
>       ext_unix_group_acl
>
>
>
>       >       >       ntlm_fake_auth
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>       >       >       >       > basic_msnt_auth
>
>       >       basic_sasl_auth
>
>
>
>
>
>
>
>       >       >       >       digest_ldap_auth
>       ext_wbinfo_group_acl
>
>
>
>       >       >       ntlm_smb_lm_auth
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>       >       >       >       > basic_msnt_multi_domain_auth
>
>       >       basic_smb_auth
>
>
>
>
>
>
>
>       >       >       >       diskd
>
>       >       helper-mux.pl         ssl_crtd
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>       >       >       >       > basic_ncsa_auth
>
>       >       basic_smb_auth.sh
>
>
>
>
>
>
>
>       >       >       >       ext_file_userip_acl
>       log_db_daemon
>
>
>
>       >       >       storeid_file_rewrite
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>       >       >       >       > basic_nis_auth
>
>       >       cachemgr.cgi
>
>
>
>
>
>
>
>       >       >       >       ext_ldap_group_acl
>
>       >       log_file_daemon       unlinkd
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>       >       >       >       > Thanks.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>       >       >       >       > Sebastien
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>       >       >       >       >
>
>       >       _______________________________________________
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>       >       >       >       > squid-users mailing list
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>       >       >       >       >
>
>
>
>
>
>
>
squid-users at lists.squid-cache.org<mailto:squid-users at lists.squid-cache.org><mailto:squid-users at lists.squid-cache.org><mailto:squid-users at lists.squid-cache.org><mailto:squid-users at lists.squid-cache.org><mailto:squid-users at lists.squid-cache.org><mailto:squid-users at lists.squid-cache.org><mailto:squid-users at lists.squid-cache.org><mailto:squid-users at lists.squid-cache.org><mailto:squid-users at lists.squid-cache.org><mailto:squid-users at lists.squid-cache.org><mailto:squid-users at lists.squid-cache.org><mailto:squid-users at lists.squid-cache.org><mailto:squid-users at lists.squid-cache.org><mailto:squid-users at lists.squid-cache.org><mailto:squid-users at lists.squid-cache.org>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>       >       >       >       >
>
>       >       http://lists.squid-cache.org/listinfo/squid-users
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>       >       >       >
>       _______________________________________________
>
>
>
>
>
>
>
>       >      >       > squid-users mailing list
>
>
>
>
>
>
>
>       >       >       >
>
>
>
squid-users at lists.squid-cache.org<mailto:squid-users at lists.squid-cache.org><mailto:squid-users at lists.squid-cache.org><mailto:squid-users at lists.squid-cache.org><mailto:squid-users at lists.squid-cache.org><mailto:squid-users at lists.squid-cache.org><mailto:squid-users at lists.squid-cache.org><mailto:squid-users at lists.squid-cache.org>
>
>
>
>
>
>
>
>       >       >       >
>       http://lists.squid-cache.org/listinfo/squid-users
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>       >       > _______________________________________________
>
>
>
>       >       > squid-users mailing list
>
>
>
>       >       >
>
squid-users at lists.squid-cache.org<mailto:squid-users at lists.squid-cache.org><mailto:squid-users at lists.squid-cache.org><mailto:squid-users at lists.squid-cache.org>
>
>
>
>       >       > http://lists.squid-cache.org/listinfo/squid-users
>
>
>
>
>
>
>
>       > _______________________________________________
>
>       > squid-users mailing list
>
>       >
squid-users at lists.squid-cache.org<mailto:squid-users at lists.squid-cache.org>
>
>       > http://lists.squid-cache.org/listinfo/squid-users
>
>
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
 
iQEcBAEBCAAGBQJWIVrKAAoJENNXIZxhPexGbjkIAJG/nNOM56AYt3JDzhmFOCgw
JO8eKZ4rYNiiLLYF0hsRIuUZR8bsIVlVMjtQzOc0h9vFR193T8pBY1dRH1hu3tvB
mNm/lP0p8kHb/nYNTFtA0aMnwF37DrD1LCDW/XTmltT1KNrFTTEE8IFhKGzJDHXi
/knxLroB47gczhYaHV7kj6sC49+6R7WZof6wRgckOWJHQVf99Wp91SIpr1tMYNI6
Hwq4ElnAGapIiWk1Z5mx8CcA3PETvs0yvZAwUmEsh3mcgy+l/KT+WG4ZWbqdzLkA
gropU09SXCWVgMcPx3DsyQwC8m/g/N6nAJeOyTSadYkiRwo8mvjpMxFOjlIAnJ0=
=KLmH
-----END PGP SIGNATURE-----

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20151017/1f0d848a/attachment-0001.html>


More information about the squid-users mailing list