{"id":275,"date":"2011-09-12T09:56:03","date_gmt":"2011-09-12T02:56:03","guid":{"rendered":"http:\/\/blog.trichev.com\/?p=275"},"modified":"2017-08-10T09:40:06","modified_gmt":"2017-08-10T02:40:06","slug":"squiddelay-poolsad-authcalamarissqstat","status":"publish","type":"post","link":"https:\/\/trichev.com\/blog\/2011\/09\/12\/squiddelay-poolsad-authcalamarissqstat\/","title":{"rendered":"Squid(delay pools)+AD auth+calamaris+sqstat"},"content":{"rendered":"<p>\u0421\u0440\u0430\u0437\u0443 \u0443\u043a\u0430\u0436\u0443 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438, \u043f\u043e\u0442\u043e\u043c\u0443 \u043a\u0430\u043a \u0441\u043b\u044f\u043c\u0437\u0435\u043d\u043e \u043f\u043e\u0447\u0442\u0438 \u0432\u0441\u0435.<br \/>\nhttp:\/\/www.lissyara.su\/articles\/freebsd\/programms\/squid+ad+group_access\/<br \/>\nhttp:\/\/sys-adm.org.ua\/www\/squid-ad.php<\/p>\n<p>OS: FreeBSD 8.2<br \/>\nSamba 3.5.11<br \/>\nSquid 3.1.15<br \/>\nRejik 3.2.6<br \/>\nCalamaris 2.59<br \/>\nSqStat \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d \u043d\u0430 \u0434\u0440\u0443\u0433\u043e\u0439 \u043c\u0430\u0448\u0438\u043d\u0435, \u0437\u0434\u0435\u0441\u044c \u043f\u0440\u043e\u043f\u0438\u0441\u0430\u043d \u0442\u043e\u043b\u044c\u043a\u043e \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u044d\u0448-\u043c\u0435\u043d\u0435\u0434\u0436\u0435\u0440\u0443. \u041f\u0440\u043e SqStat \u044f \u0443\u0436\u0435 \u043f\u0438\u0441\u0430\u043b \u0440\u0430\u043d\u0435\u0435.<\/p>\n<p><strong>Samba:<\/strong><\/p>\n<p>cd \/usr\/ports\/net\/samba35\/<br \/>\n\/usr\/ports\/net\/samba35\/&gt;make config<br \/>\n\u0412\u044b\u0431\u0438\u0440\u0430\u0435\u043c:<\/p>\n<p>[X] LDAP         With LDAP support<br \/>\n[X] ADS          With Active Directory support<br \/>\n[X] WINBIND      With WinBIND support<br \/>\n[X] SYSLOG       With Syslog support<br \/>\n[X] UTMP         With UTMP accounting support<br \/>\n[X] POPT         With system-wide POPT library<\/p>\n<p>\/usr\/ports\/net\/samba35\/&gt;make install clean<br \/>\ncd \/usr\/local\/etc<br \/>\n\/usr\/local\/etc\/&gt;mcedit smb.conf<\/p>\n<p>#======================= Global Settings ============================<br \/>\n[global]<br \/>\n# netbios \u0438\u043c\u044f \u043d\u0430\u0448\u0435\u0433\u043e \u0434\u043e\u043c\u0435\u043d\u0430<br \/>\nworkgroup = MYDOMAIN<br \/>\n# \u041a\u043e\u043c\u043c\u0435\u043d\u0442\u0430\u0440\u0438\u0439 \u0441\u0435\u0440\u0432\u0435\u0440\u0430<br \/>\nserver string = Corporate Proxy Server<br \/>\n# \u0420\u0435\u0436\u0438\u043c \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438<br \/>\nsecurity = ADS<br \/>\n# \u0423\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u043c \u0441\u0435\u0442\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u043c \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d \u0434\u043e\u0441\u0442\u0443 \u043a \u043f\u0440\u043e\u043a\u0441\u0438<br \/>\nhosts allow = 10.201.1.<br \/>\n# \u0423\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u043c \u0440\u0430\u0441\u043f\u043e\u043b\u043e\u0436\u0435\u043d\u0438\u0435 \u043b\u043e\u0433\u043e\u0432<br \/>\nlog file = \/var\/log\/samba\/log.%m<br \/>\n# \u0423\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u043c \u0440\u0430\u0437\u043c\u0435\u0440 \u043b\u043e\u0433\u043e\u0432 (\u0432 \u043a\u0438\u043b\u043e\u0431\u0430\u0439\u0442\u0430\u0445)<br \/>\nmax log size = 1024<br \/>\n# \u0423\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u043c \u0438\u043c\u044f \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u0430 \u0434\u043e\u043c\u0435\u043d\u0430 (\u0412\u043d\u0438\u043c\u0430\u043d\u0438\u0435! \u041d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u0443\u043a\u0430\u0437\u0430\u0442\u044c \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440<br \/>\n# \u0434\u043e\u043c\u0435\u043d\u0430,\u0432\u044b\u043f\u043e\u043b\u043d\u044f\u044e\u0449\u0438\u0439 \u0440\u043e\u043b\u044c PDC, \u0435\u0441\u043b\u0438 \u043e\u043d \u0443 \u0432\u0430\u0441 \u043e\u0434\u0438\u043d \u0442\u043e \u043d\u0435 \u0437\u0430\u043c\u043e\u0440\u0430\u0447\u0438\u0432\u0430\u0439\u0442\u0435\u0441\u044c. \u0423<br \/>\n# \u043c\u0435\u043d\u044f \u0432 \u0441\u0435\u0442\u0438 \u043c\u043d\u043e\u0433\u043e \u0441\u0430\u0439\u0442\u043e\u0432.)<br \/>\npassword server = dc4.mydomain.local<br \/>\n# \u0423\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u043c \u043f\u043e\u043b\u043d\u043e\u0435 \u0438\u043c\u044f \u043d\u0430\u0448\u0435\u0433\u043e \u0434\u043e\u043c\u0435\u043d\u0430<br \/>\nrealm = mydomain.local<br \/>\n# \u0423\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u043c \u0442\u0438\u043f \u0445\u0440\u0430\u043d\u0438\u043b\u0438\u0449\u0430<br \/>\npassdb backend = tdbsam<br \/>\n# \u0421\u0435\u0442\u0435\u0432\u044b\u0435 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0438<br \/>\nsocket options = TCP_NODELAY<br \/>\n# \u0423\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u043c \u0441\u0430\u043c\u0431\u0435, \u0447\u0442\u043e \u043e\u043d\u0430 \u043d\u0435 \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f PDC<br \/>\nlocal master = no<br \/>\nos level = 0<br \/>\ndomain master = no<br \/>\npreferred master = no<br \/>\ndomain logons = no<br \/>\n# \u041d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0438 \u043a\u043e\u0434\u0438\u0440\u043e\u0432\u043a\u0438<br \/>\ndisplay charset = koi8-r<br \/>\nunix charset = koi8-r<br \/>\ndos charset = cp866<br \/>\n# \u041d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0438 winbind<br \/>\nwinbind use default domain = no<br \/>\nwinbind uid = 10000-20000<br \/>\nwinbind gid = 10000-20000<br \/>\nwinbind enum users = yes<br \/>\nwinbind enum groups = yes<\/p>\n<p>\u0420\u0435\u0434\u0430\u043a\u0442\u0438\u0440\u0443\u0435\u043c nsswitch.conf:<br \/>\ncd \/etc<br \/>\nmcedit nsswitch.conf<\/p>\n<p>group: files winbind<br \/>\npasswd: files winbind<\/p>\n<p>\u041f\u0440\u043e\u0432\u0435\u0440\u044f\u0435\u043c DNS:<br \/>\nnslookup dc4.mydomain.local<\/p>\n<p>\u0421\u0442\u0430\u0432\u0438\u043c \u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u0435 \u0432\u0440\u0435\u043c\u044f:<br \/>\nntpdate NTP-server<\/p>\n<p>\u0414\u043e\u0431\u0430\u0432\u043b\u044f\u0435\u043c \u043c\u0430\u0448\u0438\u043d\u0443 \u0432 \u0434\u043e\u043c\u0435\u043d:<br \/>\nnet ads join -U user%pass<br \/>\nUsing short domain name &#8212; MYDOMAIN<br \/>\nJoined &#8216;FREEBSD&#8217; to realm \u2018mydomain.local\u2019<\/p>\n<p>mcedit rc.conf<\/p>\n<p>winbindd_enable=&#8221;YES&#8221;<br \/>\nwinbindd_flags=&#8221;-d 1&#8243; # \u0417\u0434\u0435\u0441\u044c \u0443\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u043c \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u0438 \u0434\u0435\u0431\u0430\u0433\u0430<\/p>\n<p>\u0422\u0435\u0441\u0442\u0438\u043c:<br \/>\nwbinfo -p<br \/>\nwbinfo -t<br \/>\nwbinfo -u<br \/>\nwbinfo -g<br \/>\nwbinfo -D MYDOMAIN<br \/>\nnet ads info<\/p>\n<p>\u041f\u0440\u043e\u0432\u0435\u0440\u044f\u0435\u043c \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044e<br \/>\nwbinfo &#8211;authenticate=MYDOMAIN\\\\ADAdmin%password<\/p>\n<p>\u041f\u043e\u043b\u0443\u0447\u0438\u043c \u0438\u043d\u0444\u0443 \u043f\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044e:<br \/>\nid MYDOMAIN\\\\ADAdmin<\/p>\n<p>\u0423\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u043c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u043e\u0442 \u0438\u043c\u0435\u043d\u0438 \u043a\u043e\u0442\u043e\u0440\u043e\u0433\u043e \u0431\u0443\u0434\u0435\u0442 \u043f\u0440\u043e\u0445\u043e\u0434\u0438\u0442\u044c \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044f:<br \/>\nnet setauthuser=MYDOMAIN\\\\proxy%password<br \/>\n\u041f\u0440\u043e\u0432\u0435\u0440\u044f\u0435\u043c:<br \/>\nnet getauthuser<br \/>\nMYDOMAIN\\proxy%password<\/p>\n<p><strong>Squid:<\/strong><\/p>\n<p>cd \/usr\/ports\/www\/squid31<br \/>\n\/usr\/ports\/www\/squid31\/&gt;make config<\/p>\n<p>\u0412\u044b\u0431\u0438\u0440\u0430\u0435\u043c \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0435\u0435:<\/p>\n<p>[X] SQUID_LDAP_AUTH      Install LDAP authentication helpers<br \/>\n[X] SQUID_DELAY_POOLS    Enable delay pools<br \/>\n[X] SQUID_SNMP           Enable SNMP support<br \/>\n[X] SQUID_HTCP           Enable HTCP support<br \/>\n[X] SQUID_CACHE_DIGESTS  Enable cache digests<br \/>\n[X] SQUID_WCCP           Enable Web Cache Coordination Prot. v1<br \/>\n[X] SQUID_IDENT          Enable ident (RFC 931) lookups<br \/>\n[X] SQUID_ARP_ACL        Enable ACLs based on ethernet address<\/p>\n<p>\u0423\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0435\u043c:<\/p>\n<p>\/usr\/ports\/www\/squid31\/&gt;make install clean<\/p>\n<p>mcedit \/usr\/local\/etc\/squid\/squid.conf<br \/>\n# \u0423\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u043c Squid \u043a\u0430\u043a \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u0442\u044c \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044e:<br \/>\nauth_param ntlm program \/usr\/local\/bin\/ntlm_auth &#8211;helper-protocol<br \/>\n=squid-2.5-ntlmssp<br \/>\nauth_param ntlm children 5<br \/>\nauth_param ntlm keep_alive on<br \/>\nauthenticate_cache_garbage_interval 15 minute<br \/>\nauthenticate_ttl 5 minute<br \/>\nauth_param basic program \/usr\/local\/bin\/ntlm_auth &#8211;helper-protocol<br \/>\n=squid-2.5-basic<br \/>\nauth_param basic children 5<br \/>\nauth_param basic realm Squid Proxy-Server<br \/>\nauth_param basic credentialsttl 20 minute<br \/>\nauth_param basic casesensitive off<br \/>\n# \u0422\u0435\u043f\u0435\u0440\u044c \u0443\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u043c Squid \u0433\u0434\u0435 \u0431\u0440\u0430\u0442\u044c \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u043e \u0433\u0440\u0443\u043f\u043f\u0430\u0445 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439<br \/>\nexternal_acl_type nt_group %LOGIN \/usr\/local\/libexec\/squid\/wbinfo_group.pl<br \/>\n# \u0420\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u043e\u0432\u0430\u043d\u043d\u0430\u044f \u043c\u0438\u043d\u0438\u043c\u0430\u043b\u044c\u043d\u0430\u044f \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044f:<br \/>\nacl manager proto cache_object<br \/>\nacl localhost src 127.0.0.1\/32<br \/>\nacl to_localhost dst 127.0.0.0\/8 0.0.0.0\/32<br \/>\nacl localnet src 10.0.0.0\/8 # RFC1918 possible internal network<br \/>\nacl localnet src 172.16.0.0\/12 # RFC1918 possible internal network<br \/>\nacl localnet src 192.168.0.0\/16 # RFC1918 possible internal network<br \/>\n# \u041e\u043f\u0438\u0441\u044b\u0432\u0430\u0435\u043c \u043e\u0441\u043d\u043e\u0432\u043d\u044b\u0435 \u043f\u043e\u0440\u0442\u044b<\/p>\n<p>acl SSL_ports port 443 563<br \/>\nacl Safe_ports port 80 # http<br \/>\nacl Safe_ports port 20 21 # ftp<br \/>\nacl Safe_ports port 443 563 # https<br \/>\nacl Safe_ports port 70 # gopher<br \/>\nacl Safe_ports port 210 # wais<br \/>\nacl Safe_ports port 1025-65535 # unregistered ports<br \/>\nacl Safe_ports port 280 # http-mgmt<br \/>\nacl Safe_ports port 488 # gss-http<br \/>\nacl Safe_ports port 591 # filemaker<br \/>\nacl Safe_ports port 777 # multiling http<br \/>\n#acl Safe_ports port 631 # cups<br \/>\n#acl Safe_ports port 110 # POP3<br \/>\n#acl Safe_ports port 25 # SMTP<br \/>\nacl purge method PURGE<br \/>\nacl CONNECT method CONNECT<\/p>\n<p># \u0423\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u043c \u043f\u0443\u043b\u044b \u0430\u0434\u0440\u0435\u0441\u043e\u0432 \u043d\u0430\u0448\u0435\u0439 \u0441\u0435\u0442\u0438\/\u0441\u0435\u0442\u0435\u0439<br \/>\nacl lan src 10.201.1.0\/24<br \/>\nacl acl1 src 10.201.1.1\/32<br \/>\nacl acl2 src 10.201.1.2\/32<br \/>\nacl acl3 src 10.201.1.3\/32<br \/>\n#########################################################<br \/>\n# \u0423\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u043c \u0433\u0440\u0443\u043f\u043f\u044b \u0434\u043e\u0441\u0442\u0443\u043f\u0430<br \/>\nacl inet-admins external nt_group inet-admins # \u0414\u043e\u0441\u0442\u0443\u043f \u0434\u043b\u044f \u0430\u0434\u043c\u0438\u043d\u043e\u0432<\/p>\n<p>#  TAG: http_access<\/p>\n<p>http_access allow manager localhost<br \/>\nhttp_access allow manager webserver<br \/>\nhttp_access deny manager<\/p>\n<p># Deny requests to certain unsafe ports<br \/>\nhttp_access deny !Safe_ports<\/p>\n<p># Deny CONNECT to other than secure SSL ports<br \/>\nhttp_access deny CONNECT !SSL_ports<\/p>\n<p># \u041d\u0430\u043f\u043e\u0441\u043b\u0435\u0434\u043e\u043a \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u043d\u044b\u0435 \u043f\u0440\u0430\u0432\u0438\u043b\u0430<br \/>\nhttp_access deny all<br \/>\nhttp_reply_access allow all<br \/>\nicp_access allow all<\/p>\n<p># \u0423\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u043c \u043f\u043e\u0440\u0442, \u043d\u0430 \u043a\u043e\u0442\u043e\u0440\u043e\u043c \u0431\u0443\u0434\u0435\u0442 \u0441\u043b\u0443\u0448\u0430\u0442\u044c Squid<br \/>\nhttp_port 3128<\/p>\n<p># MEMORY CACHE OPTIONS<br \/>\n# &#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8211;<br \/>\n#  TAG: cache_mem       (bytes)<br \/>\ncache_mem 256 MB<br \/>\n#  TAG: maximum_object_size_in_memory   (bytes)<br \/>\nmaximum_object_size_in_memory 80 KB<\/p>\n<p># DISK CACHE OPTIONS<br \/>\n# &#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8211;<br \/>\n#  TAG: cache_dir<br \/>\ncache_dir ufs \/usr\/local\/squid\/cache 1024 16 256<br \/>\n#  TAG: minimum_object_size     (bytes)<br \/>\n#Default:<br \/>\nminimum_object_size 10 KB<br \/>\n#  TAG: maximum_object_size     (bytes)<br \/>\n#Default:<br \/>\nmaximum_object_size 32 MB<br \/>\n#  TAG: cache_swap_low  (percent, 0-100)<br \/>\n#  TAG: cache_swap_high (percent, 0-100)<br \/>\n#<br \/>\ncache_swap_low 90<br \/>\ncache_swap_high 95<\/p>\n<p># LOGFILE OPTIONS<br \/>\n# &#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;-<\/p>\n<p>#  TAG: access_log<br \/>\naccess_log \/usr\/local\/squid\/logs\/access.log squid<\/p>\n<p>#  TAG: pid_filename<br \/>\npid_filename \/usr\/local\/squid\/logs\/squid.pid<\/p>\n<p>#  TAG: ftp_user<br \/>\nftp_user unix@mydomain.ru<\/p>\n<p>#  TAG: ftp_passive<br \/>\nftp_passive on<\/p>\n<p># OPTIONS FOR TUNING THE CACHE<br \/>\n# &#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8211;<\/p>\n<p>#  TAG: cache<br \/>\nacl QUERY urlpath_regex cgi-bin \\?<\/p>\n<p>#  TAG: refresh_pattern<br \/>\n#Suggested default:<br \/>\nrefresh_pattern ^ftp:           1440    20%     10080<br \/>\nrefresh_pattern ^gopher:        1440    0%      1440<br \/>\nrefresh_pattern (cgi-bin|\\?)    0       0%      0<br \/>\nrefresh_pattern .               0       20%     4320<\/p>\n<p>#  TAG: quick_abort_min (KB)<br \/>\n#  TAG: quick_abort_max (KB)<br \/>\n#  TAG: quick_abort_pct (percent)<br \/>\nquick_abort_pct 80<\/p>\n<p># ADMINISTRATIVE PARAMETERS<br \/>\n# &#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;-<\/p>\n<p>#\u041a\u043e\u043b-\u0432\u043e \u043f\u0443\u043b\u043e\u0432<br \/>\ndelay_pools 3<\/p>\n<p>#  TAG: cache_mgr<br \/>\ncache_mgr admins@mydomain.ru<\/p>\n<p>#  TAG: cache_effective_user<br \/>\ncache_effective_user squid<\/p>\n<p>#  TAG: delay_access<br \/>\ndelay_access 1 allow acl1<br \/>\ndelay_access 2 allow acl2<br \/>\ndelay_access 2 allow acl3<\/p>\n<p>#  TAG: delay_parameters<br \/>\ndelay_class 1 2<br \/>\ndelay_class 2 2<br \/>\ndelay_class 3 2<\/p>\n<p>delay_parameters 1 -1\/-1 64000\/64000<br \/>\ndelay_parameters 2 -1\/-1 -1\/-1<br \/>\ndelay_parameters 3 -1\/-1 100000\/100000<\/p>\n<p>#  TAG: delay_initial_bucket_level      (percent, 0-100)<br \/>\ndelay_initial_bucket_level 50<\/p>\n<p>#  TAG: error_directory<br \/>\nerror_directory \/usr\/local\/etc\/squid\/errors\/ru<\/p>\n<p>#  TAG: hosts_file<br \/>\nhosts_file \/etc\/hosts<\/p>\n<p>#  TAG: fqdncache_size  (number of entries)<br \/>\nfqdncache_size 16386<\/p>\n<p>#  TAG: memory_pools_limit      (bytes)<br \/>\nmemory_pools_limit 64 MB<\/p>\n<p>#  TAG: forwarded_for   on|off<br \/>\nforwarded_for off<\/p>\n<p>#  TAG: cachemgr_passwd<br \/>\ncachemgr_passwd \u201cyour password\u201d all<\/p>\n<p>#  TAG: coredump_dir<br \/>\ncoredump_dir \/usr\/local\/squid\/cache<\/p>\n<p>no_cache deny QUERY manager localhost<br \/>\nvisible_hostname proxy.mydomain.local<br \/>\ndns_nameservers 10.201.0.1 10.201.1.1<\/p>\n<p>#\u041f\u0443\u0442\u044c \u043a \u0440\u0435\u0434\u0438\u0440\u0435\u043a\u0442\u043e\u0440\u0443:<br \/>\nredirect_program \/usr\/local\/rejik\/redirector \/usr\/local\/rejik\/redirector.conf<br \/>\nredirect_children 10<\/p>\n<p>\u0412 \u043f\u0440\u0438\u0432\u0435\u0434\u0435\u043d\u043d\u043e\u043c \u0432\u044b\u0448\u0435 \u043b\u0438\u0441\u0442\u0438\u043d\u0433\u0435 \u0432\u044b\u0440\u0435\u0437\u0430\u043d\u044b ACL\u044b \u0438 \u043e\u0440\u0433\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0441\u0430\u0439\u0442\u043e\u0432 \u0438 \u0434\u043e\u0431\u0430\u0432\u043b\u0435\u043d\u0430 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430 \u0440\u0435\u0434\u0438\u0440\u0435\u043a\u0442\u043e\u0440\u0430 Rejik.<\/p>\n<p><strong>Rejik:<\/strong><\/p>\n<p>cd \/usr\/ports\/www\/rejik<br \/>\n\/usr\/ports\/www\/rejik\/&gt;make install clean<br \/>\n\u0414\u0430\u043b\u0435\u0435 \u043d\u0430\u0441\u0442\u0440\u0430\u0438\u0432\u0430\u0435\u043c Rejik \u043f\u043e\u0434 \u0441\u0435\u0431\u044f. \u0412 \u0431\u043b\u044d\u043a-\u043b\u0438\u0441\u0442\u044b \u0434\u043e\u0431\u0430\u0432\u043b\u044f\u0435\u043c \u0441\u0430\u0439\u0442\u044b, \u043f\u0440\u0438\u0447\u0435\u043c \u043c\u043e\u0436\u043d\u043e \u0432\u0441\u0442\u0430\u0432\u0438\u0442\u044c \u043a\u0430\u043a \u0442\u0435\u043a\u0441\u0442\u043e\u0432\u0443\u044e \u0441\u0442\u0440\u043e\u043a\u0443, \u0442\u0430\u043a \u0438 \u0440\u0435\u0433\u0443\u043b\u044f\u0440\u043d\u043e\u0435 \u0432\u044b\u0440\u0430\u0436\u0435\u043d\u0438\u0435.<\/p>\n<p><strong>Calamaris:<\/strong><\/p>\n<div style=\"width: 1px;height: 1px;overflow: hidden\">cd \/usr\/ports\/www\/rejik<br \/>\n\/usr\/ports\/www\/rejik\/&gt;make install clean<\/div>\n<p>cd \/usr\/ports\/www\/calamaris<br \/>\n\/usr\/ports\/www\/calamaris\/&gt;make install clean<\/p>\n<p>\u0423 \u043c\u0435\u043d\u044f \u043a\u0430\u043b\u0430\u043c\u0430\u0440\u0438\u0441 \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0435\u0442\u0441\u044f \u043f\u043e \u043a\u0440\u043e\u043d\u0443:<br \/>\nSHELL=\/bin\/sh<br \/>\nMAILTO=&#8221;&#8221;<br \/>\nPATH=\/sbin:\/bin:\/usr\/sbin:\/usr\/bin:\/usr\/local\/bin:\/usr\/local\/sbin<br \/>\n#<br \/>\n30      23       *       *       *       \/usr\/local\/etc\/squid\/aaa<br \/>\n1       1       1       *       *       \/usr\/local\/etc\/squid\/reload<\/p>\n<p>\u0421\u043e\u0434\u0435\u0440\u0436\u0438\u043c\u043e\u0435 aaa:<br \/>\n\/bin\/cat  \/usr\/local\/squid\/logs\/access.log  |  \/usr\/local\/bin\/calamaris  -D 10 -d 20 -P 60 -r 50 -s -t 20 -f squid -F html -U M &gt; \/usr\/local\/squid\/logs\/stathttp\/stat<\/p>\n<p>\u0421\u043e\u0434\u0435\u0440\u0436\u0438\u043c\u043e\u0435 reload:<br \/>\n#!\/bin\/sh<br \/>\n\/usr\/bin\/killall -9 squid<br \/>\nsleep 10<br \/>\n\/usr\/local\/etc\/rc.d\/squid.sh start<br \/>\n\/bin\/cat \/dev\/null &gt; \/usr\/local\/squid\/logs\/redirector.log<br \/>\n\/bin\/cat \/dev\/null &gt; \/usr\/local\/squid\/logs\/redirector.err<br \/>\n\/bin\/cat \/dev\/null &gt; \/usr\/local\/squid\/logs\/store.log<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u0421\u0440\u0430\u0437\u0443 \u0443\u043a\u0430\u0436\u0443 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438, \u043f\u043e\u0442\u043e\u043c\u0443 \u043a\u0430\u043a \u0441\u043b\u044f\u043c\u0437\u0435\u043d\u043e \u043f\u043e\u0447\u0442\u0438 \u0432\u0441\u0435. http:\/\/www.lissyara.su\/articles\/freebsd\/programms\/squid+ad+group_access\/ http:\/\/sys-adm.org.ua\/www\/squid-ad.php OS: FreeBSD 8.2 Samba 3.5.11 Squid 3.1.15 Rejik 3.2.6 Calamaris 2.59 SqStat \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d \u043d\u0430 \u0434\u0440\u0443\u0433\u043e\u0439 \u043c\u0430\u0448\u0438\u043d\u0435, \u0437\u0434\u0435\u0441\u044c \u043f\u0440\u043e\u043f\u0438\u0441\u0430\u043d \u0442\u043e\u043b\u044c\u043a\u043e \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u044d\u0448-\u043c\u0435\u043d\u0435\u0434\u0436\u0435\u0440\u0443. \u041f\u0440\u043e SqStat \u044f \u0443\u0436\u0435 \u043f\u0438\u0441\u0430\u043b \u0440\u0430\u043d\u0435\u0435. Samba: cd \/usr\/ports\/net\/samba35\/ \/usr\/ports\/net\/samba35\/&gt;make config \u0412\u044b\u0431\u0438\u0440\u0430\u0435\u043c: [X] LDAP With LDAP support [X] ADS With Active Directory support [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[231],"tags":[152,90,135,28],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/trichev.com\/blog\/wp-json\/wp\/v2\/posts\/275"}],"collection":[{"href":"https:\/\/trichev.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/trichev.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/trichev.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/trichev.com\/blog\/wp-json\/wp\/v2\/comments?post=275"}],"version-history":[{"count":9,"href":"https:\/\/trichev.com\/blog\/wp-json\/wp\/v2\/posts\/275\/revisions"}],"predecessor-version":[{"id":535,"href":"https:\/\/trichev.com\/blog\/wp-json\/wp\/v2\/posts\/275\/revisions\/535"}],"wp:attachment":[{"href":"https:\/\/trichev.com\/blog\/wp-json\/wp\/v2\/media?parent=275"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/trichev.com\/blog\/wp-json\/wp\/v2\/categories?post=275"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/trichev.com\/blog\/wp-json\/wp\/v2\/tags?post=275"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}