[squid-users] Replacing Microsoft TMG by Squid.
Yuri Voinov
yvoinov at gmail.com
Fri Oct 16 20:15:06 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
In my setup exists these helpers:
http://i.imgur.com/mbfhojY.png
with this configuration:
./configure '--prefix=/usr/local/squid' '--enable-translation'
'--enable-external-acl-helpers=none' '--enable-icap-client'
'--enable-ecap' '--enable-ipf-transparent' '--enable-storeio=ufs,aufs'
'--enable-removal-policies=lru,heap' '--enable-devpoll' '--disable-wccp'
'--enable-wccpv2' '--enable-http-violations'
'--enable-follow-x-forwarded-for' '--enable-arp-acl' '--enable-htcp'
'--enable-cache-digests' '--with-dl' '--enable-auth-negotiate=none'
'--disable-auth-digest' '--disable-auth-ntlm'
'--disable-url-rewrite-helpers' '--enable-storeid-rewrite-helpers=file'
'--enable-log-daemon-helpers=file' '--enable-ssl' '--enable-ssl-crtd'
'--enable-zph-qos' '--disable-snmp' '--enable-inline'
'--with-build-environment=POSIX_V6_LP64_OFF64' 'CFLAGS=-O3 -m64
-mtune=core2 -pipe -lmtmalloc' 'CXXFLAGS=-O3 -m64 -mtune=core2 -pipe
-lmtmalloc' 'CPPFLAGS=-I/opt/csw/include' 'LDFLAGS=-fPIE -pie
-Wl,-z,now' 'PKG_CONFIG_PATH=/usr/local/lib/pkgconfig'
--enable-build-info="Intercept/WCCPv2/SSL/CRTD/AUFS/eCAP/64/GCC/mtmalloc
Production"
Note: This is transparent interception proxy, not reverse, not
forwarding. Basic auth enabled by default, it required for cachemgr.
17.10.15 2:02, Sebastien.Boulianne at cpu.ca пишет:
>
> How should I select it ? :(
>
> Thanks Yuri!
> De : squid-users [mailto:squid-users-bounces at lists.squid-cache.org] De
la part de Yuri Voinov
> Envoyé : 16 octobre 2015 15:28
> À : squid-users at lists.squid-cache.org
> Objet : Re: [squid-users] Replacing Microsoft TMG by Squid.
>
>
> I have no sources right now, but looks like pure LDAP auth helper does
not selected....
>
> 17.10.15 1:10,
Sebastien.Boulianne at cpu.ca<mailto:Sebastien.Boulianne at cpu.ca> пишет:
> > I builded my own version too…
>
>
>
> > I used these options.
>
>
>
> > squid -v
>
> > Squid Cache: Version 3.5.10-20151001-r13933
>
> > Service Name: squid
>
> > configure options: '--build=x86_64-redhat-linux-gnu'
> '--host=x86_64-redhat-linux-gnu' '--program-prefix='
> '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin'
> '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share'
> '--includedir=/usr/include' '--libdir=/usr/lib64'
> '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib'
> '--mandir=/usr/share/man' '--infodir=/usr/share/info'
> '--disable-strict-error-checking' '--exec_prefix=/usr'
> '--libexecdir=/usr/lib64/squid' '--datadir=/usr/share/squid'
> '--sysconfdir=/etc/squid' '--with-logdir=/var/log/squid'
> '--with-pidfile=/var/run/squid.pid'
> '--disable-dependency-tracking' '--enable-eui'
> '--enable-follow-x-forwarded-for' '--enable-auth'
> '--enable-auth-basic=DB,LDAP,NCSA,NIS,POP3,RADIUS,SASL,SMB,getpwnam'
> '--enable-auth-ntlm=smb_lm,fake'
> '--enable-auth-digest=file,LDAP,eDirectory'
> '--enable-auth-negotiate=kerberos'
>
'--enable-external-acl-helpers=file_userip,LDAP_group,time_quota,session,unix_group,wbinfo_group'
> '--enable-cache-digests' '--enable-cachemgr-hostname=localhost'
> '--enable-delay-pools' '--enable-epoll' '--enable-icap-client'
> '--enable-ident-lookups' '--enable-linux-netfilter'
> '--enable-removal-policies=heap,lru' '--enable-snmp'
> '--enable-ssl' '--enable-ssl-crtd'
> '--enable-storeio=aufs,diskd,ufs' '--enable-wccpv2' '--enable-esi'
> '--with-aio' '--with-default-user=squid'
> '--with-filedescriptors=16384' '--with-dl' '--with-openssl'
> '--with-pthreads' 'build_alias=x86_64-redhat-linux-gnu'
> 'host_alias=x86_64-redhat-linux-gnu' 'CFLAGS=-O2'
> --enable-ltdl-convenience
>
>
>
> > De : squid-users
> [mailto:squid-users-bounces at lists.squid-cache.org] De la part de
> Yuri Voinov
>
> > Envoyé : 16 octobre 2015 15:09
>
> > À :
squid-users at lists.squid-cache.org<mailto:squid-users at lists.squid-cache.org>
>
> > Objet : Re: [squid-users] Replacing Microsoft TMG by Squid.
>
>
>
>
>
> > To do custom build, you must build Squid from source
> yourself, and not get from any repos, which is it's owner
> preferences impress.
>
>
>
> > 17.10.15 1:06,
>
Sebastien.Boulianne at cpu.ca<mailto:Sebastien.Boulianne at cpu.ca><mailto:Sebastien.Boulianne at cpu.ca><mailto:Sebastien.Boulianne at cpu.ca>
> пишет:
>
> > > I dont have any
>
> > /usr/lib/squid/squid_ldap_auth.
>
>
>
>
>
>
>
> > > There is no /usr/lib/squid directory.
>
>
>
>
>
>
>
> > > De : squid-users
>
> > [mailto:squid-users-bounces at lists.squid-cache.org] De
> la part de
>
> > Yuri Voinov
>
>
>
> > > Envoyé : 16 octobre 2015 15:03
>
>
>
> > > À :
>
squid-users at lists.squid-cache.org<mailto:squid-users at lists.squid-cache.org><mailto:squid-users at lists.squid-cache.org><mailto:squid-users at lists.squid-cache.org>
>
>
>
> > > Objet : Re: [squid-users] Replacing Microsoft TMG
> by Squid.
>
>
>
>
>
>
>
>
>
>
>
> > >
> http://wiki.squid-cache.org/Features/Authentication
>
>
>
>
>
>
>
> > > 17.10.15 1:01,
>
>
>
Sebastien.Boulianne at cpu.ca<mailto:Sebastien.Boulianne at cpu.ca><mailto:Sebastien.Boulianne at cpu.ca><mailto:Sebastien.Boulianne at cpu.ca><mailto:Sebastien.Boulianne at cpu.ca><mailto:Sebastien.Boulianne at cpu.ca><mailto:Sebastien.Boulianne at cpu.ca><mailto:Sebastien.Boulianne at cpu.ca>
>
> > пишет:
>
>
>
> > > > Is squid_ldap_auth was replaced
>
>
>
> > > by digest_ldap_auth ?
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> > > > Thanks!
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> > > > [cid:image002.jpg at 01D10823.82D2DDB0]
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> > > > De : squid-users
>
>
>
> > >
> [mailto:squid-users-bounces at lists.squid-cache.org] De
>
> > la part de
>
>
>
> > > Yuri Voinov
>
>
>
>
>
>
>
> > > > Envoyé : 16 octobre 2015 14:53
>
>
>
>
>
>
>
> > > > À :
>
>
>
squid-users at lists.squid-cache.org<mailto:squid-users at lists.squid-cache.org><mailto:squid-users at lists.squid-cache.org><mailto:squid-users at lists.squid-cache.org><mailto:squid-users at lists.squid-cache.org><mailto:squid-users at lists.squid-cache.org><mailto:squid-users at lists.squid-cache.org><mailto:squid-users at lists.squid-cache.org>
>
>
>
>
>
>
>
> > > > Objet : Re: [squid-users] Replacing
> Microsoft TMG
>
> > by Squid.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> > > > Start from here:
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> > > >
>
>
> http://wiki.squid-cache.org/ConfigExamples/Authenticate/Ldap
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> > > > 16.10.15 23:51,
>
>
>
>
>
>
>
Sebastien.Boulianne at cpu.ca<mailto:Sebastien.Boulianne at cpu.ca><mailto:Sebastien.Boulianne at cpu.ca><mailto:Sebastien.Boulianne at cpu.ca><mailto:Sebastien.Boulianne at cpu.ca><mailto:Sebastien.Boulianne at cpu.ca><mailto:Sebastien.Boulianne at cpu.ca><mailto:Sebastien.Boulianne at cpu.ca><mailto:Sebastien.Boulianne at cpu.ca><mailto:Sebastien.Boulianne at cpu.ca><mailto:Sebastien.Boulianne at cpu.ca><mailto:Sebastien.Boulianne at cpu.ca><mailto:Sebastien.Boulianne at cpu.ca><mailto:Sebastien.Boulianne at cpu.ca><mailto:Sebastien.Boulianne at cpu.ca><mailto:Sebastien.Boulianne at cpu.ca>
>
>
>
> > > пишет:
>
>
>
>
>
>
>
> > > > > Hi all,
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> > > > > Like you know, Microsoft
> discountinued
>
> > the TMG.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> > > > > The TMG was used as a
> reverse proxy.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> > > > > Since many days, I work to
> replace our
>
> > TMG by a
>
>
>
> > > Squid server
>
>
>
>
>
>
>
> > > > v3.5.10 with Oracle Linux 7 x64.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> > > > > I moved some sites this week
> but I have
>
> > a little
>
>
>
> > > problem now.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> > > > > How can I ask LDAP
> credentials for a
>
> > user who want
>
>
>
> > > to access
>
>
>
>
>
>
>
> > > > a directory on another server ?
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> > > > > I currently do that with our
> TMG.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> > > > > I used Google but I can only
> find doc
>
> > about LDAP
>
>
>
> > > auth for
>
>
>
>
>
>
>
> > > > users they want to access the
> internet.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> > > > > [root at squid squid]# cd
>
> > /usr/lib64/squid/
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> > > > > [root at squid squid]# ls
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> > > > > basic_db_auth
>
> > basic_pam_auth
>
>
>
>
>
>
>
> > > > cert_valid.pl
> ext_session_acl
>
>
>
>
>
>
>
> > > > negotiate_kerberos_auth
>
> > url_fake_rewrite
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> > > > > basic_getpwnam_auth
>
> > basic_pop3_auth
>
>
>
>
>
>
>
> > > > digest_edirectory_auth
> ext_time_quota_acl
>
>
>
>
>
>
>
> > > > negotiate_kerberos_auth_test
>
> > url_fake_rewrite.sh
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> > > > > basic_ldap_auth
>
> > basic_radius_auth
>
>
>
>
>
>
>
> > > > digest_file_auth
> ext_unix_group_acl
>
>
>
> > > ntlm_fake_auth
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> > > > > basic_msnt_auth
>
> > basic_sasl_auth
>
>
>
>
>
>
>
> > > > digest_ldap_auth
> ext_wbinfo_group_acl
>
>
>
> > > ntlm_smb_lm_auth
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> > > > > basic_msnt_multi_domain_auth
>
> > basic_smb_auth
>
>
>
>
>
>
>
> > > > diskd
>
> > helper-mux.pl ssl_crtd
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> > > > > basic_ncsa_auth
>
> > basic_smb_auth.sh
>
>
>
>
>
>
>
> > > > ext_file_userip_acl
> log_db_daemon
>
>
>
> > > storeid_file_rewrite
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> > > > > basic_nis_auth
>
> > cachemgr.cgi
>
>
>
>
>
>
>
> > > > ext_ldap_group_acl
>
> > log_file_daemon unlinkd
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> > > > > Thanks.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> > > > > Sebastien
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> > > > >
>
> > _______________________________________________
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> > > > > squid-users mailing list
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> > > > >
>
>
>
>
>
>
>
squid-users at lists.squid-cache.org<mailto:squid-users at lists.squid-cache.org><mailto:squid-users at lists.squid-cache.org><mailto:squid-users at lists.squid-cache.org><mailto:squid-users at lists.squid-cache.org><mailto:squid-users at lists.squid-cache.org><mailto:squid-users at lists.squid-cache.org><mailto:squid-users at lists.squid-cache.org><mailto:squid-users at lists.squid-cache.org><mailto:squid-users at lists.squid-cache.org><mailto:squid-users at lists.squid-cache.org><mailto:squid-users at lists.squid-cache.org><mailto:squid-users at lists.squid-cache.org><mailto:squid-users at lists.squid-cache.org><mailto:squid-users at lists.squid-cache.org><mailto:squid-users at lists.squid-cache.org>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> > > > >
>
> > http://lists.squid-cache.org/listinfo/squid-users
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> > > >
> _______________________________________________
>
>
>
>
>
>
>
> > > > squid-users mailing list
>
>
>
>
>
>
>
> > > >
>
>
>
squid-users at lists.squid-cache.org<mailto:squid-users at lists.squid-cache.org><mailto:squid-users at lists.squid-cache.org><mailto:squid-users at lists.squid-cache.org><mailto:squid-users at lists.squid-cache.org><mailto:squid-users at lists.squid-cache.org><mailto:squid-users at lists.squid-cache.org><mailto:squid-users at lists.squid-cache.org>
>
>
>
>
>
>
>
> > > >
> http://lists.squid-cache.org/listinfo/squid-users
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> > > _______________________________________________
>
>
>
> > > squid-users mailing list
>
>
>
> > >
>
squid-users at lists.squid-cache.org<mailto:squid-users at lists.squid-cache.org><mailto:squid-users at lists.squid-cache.org><mailto:squid-users at lists.squid-cache.org>
>
>
>
> > > http://lists.squid-cache.org/listinfo/squid-users
>
>
>
>
>
>
>
> > _______________________________________________
>
> > squid-users mailing list
>
> >
squid-users at lists.squid-cache.org<mailto:squid-users at lists.squid-cache.org>
>
> > http://lists.squid-cache.org/listinfo/squid-users
>
>
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJWIVrKAAoJENNXIZxhPexGbjkIAJG/nNOM56AYt3JDzhmFOCgw
JO8eKZ4rYNiiLLYF0hsRIuUZR8bsIVlVMjtQzOc0h9vFR193T8pBY1dRH1hu3tvB
mNm/lP0p8kHb/nYNTFtA0aMnwF37DrD1LCDW/XTmltT1KNrFTTEE8IFhKGzJDHXi
/knxLroB47gczhYaHV7kj6sC49+6R7WZof6wRgckOWJHQVf99Wp91SIpr1tMYNI6
Hwq4ElnAGapIiWk1Z5mx8CcA3PETvs0yvZAwUmEsh3mcgy+l/KT+WG4ZWbqdzLkA
gropU09SXCWVgMcPx3DsyQwC8m/g/N6nAJeOyTSadYkiRwo8mvjpMxFOjlIAnJ0=
=KLmH
-----END PGP SIGNATURE-----
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20151017/1f0d848a/attachment-0001.html>
More information about the squid-users
mailing list