Problem with Kerberos ticket keytab

classic Classic list List threaded Threaded
11 messages Options
Reply | Threaded
Open this post in threaded view
|

Problem with Kerberos ticket keytab

erdosain9
Hi to all.

The squid was working fine, but i made a mistake and... delete the
proxy.keytab. I try to do it again, but make a mistake in the syntax

wrong syntax (the real name is not squidproxy.domain.lan is
squid.domain.lan):

msktutil -c -b "CN=COMPUTERS" -s HTTP/squidproxy.domain.lan -k
/etc/squid/PROXY.keytab --computer-name SQUIDPROXY-K --upn
HTTP/squidproxy.domain.lan --server adw-1.domain.lan --verbose --enctypes 28

now i put well the syntax, but the keytab is wrong... why??

well syntax:

msktutil -c -b "CN=COMPUTERS" -s HTTP/squid.domain.lan -h squid.domain.lan
-k /etc/squid/PROXY.keytab --computer-name SQUIDPROXY-K --upn
HTTP/squid.domain.lan --server adw-1.domain.lan --verbose --enctypes 28


[root@squid squid]# ktutil
ktutil:  read_kt PROXY.keytab
ktutil:  l
slot KVNO Principal
---- ----
---------------------------------------------------------------------
   1   18                 squidproxy-k$@DOMAIN.LAN
   2   18                 squidproxy-k$@DOMAIN.LAN
   3   18                 squidproxy-k$@DOMAIN.LAN
   4   18    HTTP/[hidden email]
   5   18    HTTP/[hidden email]
   6   18    HTTP/[hidden email]
   7   18         host/[hidden email]
   8   18         host/[hidden email]
   9   18         host/[hidden email]
  10   18         HTTP/[hidden email]
  11   18         HTTP/[hidden email]
  12   18         HTTP/[hidden email]


Why squidproxy.DOMAIN.LAN????????? what can i do to solve this???

Thanks to all!!



--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Problem with Kerberos ticket keytab

Enrico Heine
Delete the Computer Object in Active Directory to clear these spn's up.

Am 5. Februar 2018 15:54:26 MEZ schrieb erdosain9 <[hidden email]>:
Hi to all.

The squid was working fine, but i made a mistake and... delete the
proxy.keytab. I try to do it again, but make a mistake in the syntax

wrong syntax (the real name is not squidproxy.domain.lan is
squid.domain.lan):

msktutil -c -b "CN=COMPUTERS" -s HTTP/squidproxy.domain.lan -k
/etc/squid/PROXY.keytab --computer-name SQUIDPROXY-K --upn
HTTP/squidproxy.domain.lan --server adw-1.domain.lan --verbose --enctypes 28

now i put well the syntax, but the keytab is wrong... why??

well syntax:

msktutil -c -b "CN=COMPUTERS" -s HTTP/squid.domain.lan -h squid.domain.lan
-k /etc/squid/PROXY.keytab --computer-name SQUIDPROXY-K --upn
HTTP/squid.domain.lan --server adw-1.domain.lan --verbose --enctypes 28


[root@squid squid]# ktutil
ktutil: read_kt PROXY.keytab
ktutil: l
slot KVNO Principal
---- ----


1 18 squidproxy-k$@DOMAIN.LAN
2 18 squidproxy-k$@DOMAIN.LAN
3 18 squidproxy-k$@DOMAIN.LAN
4 18 HTTP/[hidden email]
5 18 HTTP/[hidden email]
6 18 HTTP/[hidden email]
7 18 host/[hidden email]
8 18 host/[hidden email]
9 18 host/[hidden email]
10 18 HTTP/[hidden email]
11 18 HTTP/[hidden email]
12 18 HTTP/[hidden email]


Why squidproxy.DOMAIN.LAN????????? what can i do to solve this???

Thanks to all!!



--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html


squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Problem with Kerberos ticket keytab

Enrico Heine
Just to call it correctly, what is wrong is the host principle after you have deleted the computer object and waited for the object to disappear on other DC's as well (if you have replication between dc's) and rejoined it, it should be as you want it to be. Hope this helps with your setup.

Am 5. Februar 2018 16:12:29 MEZ schrieb Flashdown <[hidden email]>:
Delete the Computer Object in Active Directory to clear these spn's up.

Am 5. Februar 2018 15:54:26 MEZ schrieb erdosain9 <[hidden email]>:
Hi to all.

The squid was working fine, but i made a mistake and... delete the
proxy.keytab. I try to do it again, but make a mistake in the syntax

wrong syntax (the real name is not squidproxy.domain.lan is
squid.domain.lan):

msktutil -c -b "CN=COMPUTERS" -s HTTP/squidproxy.domain.lan -k
/etc/squid/PROXY.keytab --computer-name SQUIDPROXY-K --upn
HTTP/squidproxy.domain.lan --server adw-1.domain.lan --verbose --enctypes 28

now i put well the syntax, but the keytab is wrong... why??

well syntax:

msktutil -c -b "CN=COMPUTERS" -s HTTP/squid.domain.lan -h squid.domain.lan
-k /etc/squid/PROXY.keytab --computer-name SQUIDPROXY-K --upn
HTTP/squid.domain.lan --server adw-1.domain.lan --verbose --enctypes 28


[root@squid squid]# ktutil
ktutil: read_kt PROXY.keytab
ktutil: l
slot KVNO Principal
---- ----


1 18 squidproxy-k$@DOMAIN.LAN
2 18 squidproxy-k$@DOMAIN.LAN
3 18 squidproxy-k$@DOMAIN.LAN
4 18 HTTP/[hidden email]
5 18 HTTP/[hidden email]
6 18 HTTP/[hidden email]
7 18 host/[hidden email]
8 18 host/[hidden email]
9 18 host/[hidden email]
10 18 HTTP/[hidden email]
11 18 HTTP/[hidden email]
12 18 HTTP/[hidden email]


Why squidproxy.DOMAIN.LAN????????? what can i do to solve this???

Thanks to all!!



--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html


squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Problem with Kerberos ticket keytab

Enrico Heine
I am answering to fast, but I am writing in my little break, so sorry
for that :D forget my last mail regarding "to call it correctly" that
was misleading and wrong. sure you are talking about the HTTP SPN which
have the same KVNO. So if you want to get rid of it delete the computer
object, as your are updating all the SPN's that the Computer Object
holds. If you use the Attribut-Editor you may can modify the Attribut
servicePrincipalName and delete the wrong one and recreate the keytab
afterwards, without deleting the Computer Object at all.



Am 2018-02-05 16:39, schrieb Flashdown:

> Just to call it correctly, what is wrong is the host principle after
> you have deleted the computer object and waited for the object to
> disappear on other DC's as well (if you have replication between dc's)
> and rejoined it, it should be as you want it to be. Hope this helps
> with your setup.
>
> Am 5. Februar 2018 16:12:29 MEZ schrieb Flashdown
> <[hidden email]>:
>
>> Delete the Computer Object in Active Directory to clear these spn's
>> up.
>>
>> Am 5. Februar 2018 15:54:26 MEZ schrieb erdosain9
>> <[hidden email]>:
>>
>>> Hi to all.
>>>
>>> The squid was working fine, but i made a mistake and... delete the
>>> proxy.keytab. I try to do it again, but make a mistake in the
>>> syntax
>>>
>>> wrong syntax (the real name is not squidproxy.domain.lan is
>>> squid.domain.lan):
>>>
>>> msktutil -c -b "CN=COMPUTERS" -s HTTP/squidproxy.domain.lan -k
>>> /etc/squid/PROXY.keytab --computer-name SQUIDPROXY-K --upn
>>> HTTP/squidproxy.domain.lan --server adw-1.domain.lan --verbose
>>> --enctypes 28
>>>
>>> now i put well the syntax, but the keytab is wrong... why??
>>>
>>> well syntax:
>>>
>>> msktutil -c -b "CN=COMPUTERS" -s HTTP/squid.domain.lan -h
>>> squid.domain.lan
>>> -k /etc/squid/PROXY.keytab --computer-name SQUIDPROXY-K --upn
>>> HTTP/squid.domain.lan --server adw-1.domain.lan --verbose
>>> --enctypes 28
>>>
>>> [root@squid squid]# ktutil
>>> ktutil:  read_kt PROXY.keytab
>>> ktutil:  l
>>> slot KVNO Principal
>>> ---- ----
>>>
>>> -------------------------
>>>
>>> 1   18                 squidproxy-k$@DOMAIN.LAN
>>> 2   18                 squidproxy-k$@DOMAIN.LAN
>>> 3   18                 squidproxy-k$@DOMAIN.LAN
>>> 4   18    HTTP/[hidden email]
>>> 5   18    HTTP/[hidden email]
>>> 6   18    HTTP/[hidden email]
>>> 7   18         host/[hidden email]
>>> 8   18         host/[hidden email]
>>> 9   18         host/[hidden email]
>>> 10   18         HTTP/[hidden email]
>>> 11   18         HTTP/[hidden email]
>>> 12   18         HTTP/[hidden email]
>>>
>>> Why squidproxy.DOMAIN.LAN????????? what can i do to solve this???
>>>
>>> Thanks to all!!
>>>
>>> --
>>> Sent from:
>>>
>>
> http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
>>>
>>> -------------------------
>>>
>>> squid-users mailing list
>>> [hidden email]
>>> http://lists.squid-cache.org/listinfo/squid-users
> _______________________________________________
> squid-users mailing list
> [hidden email]
> http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Problem with Kerberos ticket keytab

Enrico Heine
You could also give this parameter of msktutil a try:

  flush                  Flushes all principals for the current host or
service account
                          from the keytab, and deletes
servicePrincipalName from AD.




Am 2018-02-05 16:55, schrieb Flashdown:

> I am answering to fast, but I am writing in my little break, so sorry
> for that :D forget my last mail regarding "to call it correctly" that
> was misleading and wrong. sure you are talking about the HTTP SPN
> which have the same KVNO. So if you want to get rid of it delete the
> computer object, as your are updating all the SPN's that the Computer
> Object holds. If you use the Attribut-Editor you may can modify the
> Attribut servicePrincipalName and delete the wrong one and recreate
> the keytab afterwards, without deleting the Computer Object at all.
>
>
>
> Am 2018-02-05 16:39, schrieb Flashdown:
>> Just to call it correctly, what is wrong is the host principle after
>> you have deleted the computer object and waited for the object to
>> disappear on other DC's as well (if you have replication between dc's)
>> and rejoined it, it should be as you want it to be. Hope this helps
>> with your setup.
>>
>> Am 5. Februar 2018 16:12:29 MEZ schrieb Flashdown
>> <[hidden email]>:
>>
>>> Delete the Computer Object in Active Directory to clear these spn's
>>> up.
>>>
>>> Am 5. Februar 2018 15:54:26 MEZ schrieb erdosain9
>>> <[hidden email]>:
>>>
>>>> Hi to all.
>>>>
>>>> The squid was working fine, but i made a mistake and... delete the
>>>> proxy.keytab. I try to do it again, but make a mistake in the
>>>> syntax
>>>>
>>>> wrong syntax (the real name is not squidproxy.domain.lan is
>>>> squid.domain.lan):
>>>>
>>>> msktutil -c -b "CN=COMPUTERS" -s HTTP/squidproxy.domain.lan -k
>>>> /etc/squid/PROXY.keytab --computer-name SQUIDPROXY-K --upn
>>>> HTTP/squidproxy.domain.lan --server adw-1.domain.lan --verbose
>>>> --enctypes 28
>>>>
>>>> now i put well the syntax, but the keytab is wrong... why??
>>>>
>>>> well syntax:
>>>>
>>>> msktutil -c -b "CN=COMPUTERS" -s HTTP/squid.domain.lan -h
>>>> squid.domain.lan
>>>> -k /etc/squid/PROXY.keytab --computer-name SQUIDPROXY-K --upn
>>>> HTTP/squid.domain.lan --server adw-1.domain.lan --verbose
>>>> --enctypes 28
>>>>
>>>> [root@squid squid]# ktutil
>>>> ktutil:  read_kt PROXY.keytab
>>>> ktutil:  l
>>>> slot KVNO Principal
>>>> ---- ----
>>>>
>>>> -------------------------
>>>>
>>>> 1   18                 squidproxy-k$@DOMAIN.LAN
>>>> 2   18                 squidproxy-k$@DOMAIN.LAN
>>>> 3   18                 squidproxy-k$@DOMAIN.LAN
>>>> 4   18    HTTP/[hidden email]
>>>> 5   18    HTTP/[hidden email]
>>>> 6   18    HTTP/[hidden email]
>>>> 7   18         host/[hidden email]
>>>> 8   18         host/[hidden email]
>>>> 9   18         host/[hidden email]
>>>> 10   18         HTTP/[hidden email]
>>>> 11   18         HTTP/[hidden email]
>>>> 12   18         HTTP/[hidden email]
>>>>
>>>> Why squidproxy.DOMAIN.LAN????????? what can i do to solve this???
>>>>
>>>> Thanks to all!!
>>>>
>>>> --
>>>> Sent from:
>>>>
>>>
>> http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
>>>>
>>>> -------------------------
>>>>
>>>> squid-users mailing list
>>>> [hidden email]
>>>> http://lists.squid-cache.org/listinfo/squid-users
>> _______________________________________________
>> squid-users mailing list
>> [hidden email]
>> http://lists.squid-cache.org/listinfo/squid-users
> _______________________________________________
> squid-users mailing list
> [hidden email]
> http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Problem with Kerberos ticket keytab

erdosain9
In reply to this post by Enrico Heine
Ok.
Thanks

Know the ticket is fine, and is working (people are going throug internet
and i see in access.log there user names).... but... im having this error in
the log.

2018/02/05 12:56:46 kid1| ERROR: Negotiate Authentication validating user.
Result: {result=BH, notes={message: gss_accept_sec_context() failed:
Unspecified GSS failure.  Minor code may provide more information. Cannot
decrypt ticket for HTTP/squid.domain.lan-DOMAIN.LAN using keytab key for
HTTP/squid.domain.lan-DOMAIN.LAN; }}
2018/02/05 12:57:55 kid1| ERROR: Negotiate Authentication validating user.
Result: {result=BH, notes={message: gss_accept_sec_context() failed:
Unspecified GSS failure.  Minor code may provide more information. Cannot
decrypt ticket for HTTP/squid.domain.lan-DOMAIN.LAN using keytab key for
HTTP/squid.domain.lan-DOMAIN.LAN; }}
(END)

I change @ for -

Thanks.



--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Problem with Kerberos ticket keytab

Enrico Heine
This is maybe because the users have a old kerberos ticket and need to renew it. So simple solution for them is to log off and logon again to their windows PC or they can close the browsers and tools that need to authenticate against the proxy afterwards they should lock and directly unlock their station --> this will force windows to refresh their kerberos ticket. After all did it these messages will disappear, sometimes it's easier to tell the users to just restart their PC.

Am 5. Februar 2018 17:09:04 MEZ schrieb erdosain9 <[hidden email]>:
Ok. 
Thanks

Know the ticket is fine, and is working (people are going throug internet
and i see in access.log there user names).... but... im having this error in
the log.

2018/02/05 12:56:46 kid1| ERROR: Negotiate Authentication validating user.
Result: {result=BH, notes={message: gss_accept_sec_context() failed:
Unspecified GSS failure. Minor code may provide more information. Cannot
decrypt ticket for HTTP/squid.domain.lan-DOMAIN.LAN using keytab key for
HTTP/squid.domain.lan-DOMAIN.LAN; }}
2018/02/05 12:57:55 kid1| ERROR: Negotiate Authentication validating user.
Result: {result=BH, notes={message: gss_accept_sec_context() failed:
Unspecified GSS failure. Minor code may provide more information. Cannot
decrypt ticket for HTTP/squid.domain.lan-DOMAIN.LAN using keytab key for
HTTP/squid.domain.lan-DOMAIN.LAN; }}
(END)

I change @ for -

Thanks.



--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html


squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users

--
Diese Nachricht wurde von meinem Android-Gerät mit K-9 Mail gesendet.
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Problem with Kerberos ticket keytab

Enrico Heine
Only users that can't use the proxy need to do it.

Am 5. Februar 2018 17:43:58 MEZ schrieb Enrico Heine <[hidden email]>:
This is maybe because the users have a old kerberos ticket and need to renew it. So simple solution for them is to log off and logon again to their windows PC or they can close the browsers and tools that need to authenticate against the proxy afterwards they should lock and directly unlock their station --> this will force windows to refresh their kerberos ticket. After all did it these messages will disappear, sometimes it's easier to tell the users to just restart their PC.

Am 5. Februar 2018 17:09:04 MEZ schrieb erdosain9 <[hidden email]>:
Ok. 
Thanks

Know the ticket is fine, and is working (people are going throug internet
and i see in access.log there user names).... but... im having this error in
the log.

2018/02/05 12:56:46 kid1| ERROR: Negotiate Authentication validating user.
Result: {result=BH, notes={message: gss_accept_sec_context() failed:
Unspecified GSS failure. Minor code may provide more information. Cannot
decrypt ticket for HTTP/squid.domain.lan-DOMAIN.LAN using keytab key for
HTTP/squid.domain.lan-DOMAIN.LAN; }}
2018/02/05 12:57:55 kid1| ERROR: Negotiate Authentication validating user.
Result: {result=BH, notes={message: gss_accept_sec_context() failed:
Unspecified GSS failure. Minor code may provide more information. Cannot
decrypt ticket for HTTP/squid.domain.lan-DOMAIN.LAN using keytab key for
HTTP/squid.domain.lan-DOMAIN.LAN; }}
(END)

I change @ for -

Thanks.



--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html


squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users

--
Diese Nachricht wurde von meinem Android-Gerät mit K-9 Mail gesendet.
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Problem with Kerberos ticket keytab

Enrico Heine
Also on a specific interval windows will automatically refresh kerberos tickets in the background but when depends on your domain settings and I am unsure about the default interval.

Am 5. Februar 2018 17:46:29 MEZ schrieb Enrico Heine <[hidden email]>:
Only users that can't use the proxy need to do it.

Am 5. Februar 2018 17:43:58 MEZ schrieb Enrico Heine <[hidden email]>:
This is maybe because the users have a old kerberos ticket and need to renew it. So simple solution for them is to log off and logon again to their windows PC or they can close the browsers and tools that need to authenticate against the proxy afterwards they should lock and directly unlock their station --> this will force windows to refresh their kerberos ticket. After all did it these messages will disappear, sometimes it's easier to tell the users to just restart their PC.

Am 5. Februar 2018 17:09:04 MEZ schrieb erdosain9 <[hidden email]>:
Ok. 
Thanks

Know the ticket is fine, and is working (people are going throug internet
and i see in access.log there user names).... but... im having this error in
the log.

2018/02/05 12:56:46 kid1| ERROR: Negotiate Authentication validating user.
Result: {result=BH, notes={message: gss_accept_sec_context() failed:
Unspecified GSS failure. Minor code may provide more information. Cannot
decrypt ticket for HTTP/squid.domain.lan-DOMAIN.LAN using keytab key for
HTTP/squid.domain.lan-DOMAIN.LAN; }}
2018/02/05 12:57:55 kid1| ERROR: Negotiate Authentication validating user.
Result: {result=BH, notes={message: gss_accept_sec_context() failed:
Unspecified GSS failure. Minor code may provide more information. Cannot
decrypt ticket for HTTP/squid.domain.lan-DOMAIN.LAN using keytab key for
HTTP/squid.domain.lan-DOMAIN.LAN; }}
(END)

I change @ for -

Thanks.



--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html


squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Problem with Kerberos ticket keytab

erdosain9
Thanks for your time! Know is working fine.

a little and stupid question.... where i can found the start script of
squid??? This is a Centos 7.

I want put this

KRB5RCACHETYPE=none
export KRB5RCACHETYPE

[root@squid etc]# cat /usr/lib/systemd/system/squid.service
## Copyright (C) 1996-2015 The Squid Software Foundation and contributors
##
## Squid software is distributed under GPLv2+ license and includes
## contributions from numerous individuals and organizations.
## Please see the COPYING and CONTRIBUTORS files for details.
##

[Unit]
Description=Squid Web Proxy Server
Documentation=man:squid(8)
After=network.target

[Service]
Type=forking
LimitNOFILE=16384
PIDFile=/var/run/squid.pid
ExecStartPre=/usr/bin/mkdir -p /var/run/squid
ExecStartPre=/usr/bin/chown squid.squid /var/run/squid
ExecStart=/usr/sbin/squid -sYC
ExecReload=/usr/sbin/squid -kreconf
ExecStop=/usr/sbin/squidshut.sh
TimeoutStopSec=36
KillMode=none

[Install]
WantedBy=multi-user.target


Thanks!!!



--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Problem with Kerberos ticket keytab

Enrico Heine
You shouldn't modify these files. Put it into /etc/default/squid and I assume it should work out. For Debian this is the right way of doing it, for CentOS I am unsure but I strongly believe it is the same over there.

Am 5. Februar 2018 19:13:25 MEZ schrieb erdosain9 <[hidden email]>:
Thanks for your time! Know is working fine.

a little and stupid question.... where i can found the start script of
squid??? This is a Centos 7.

I want put this

KRB5RCACHETYPE=none
export KRB5RCACHETYPE

[root@squid etc]# cat /usr/lib/systemd/system/squid.service
## Copyright (C) 1996-2015 The Squid Software Foundation and contributors
##
## Squid software is distributed under GPLv2+ license and includes
## contributions from numerous individuals and organizations.
## Please see the COPYING and CONTRIBUTORS files for details.
##

[Unit]
Description=Squid Web Proxy Server
Documentation=man:squid(8)
After=network.target

[Service]
Type=forking
LimitNOFILE=16384
PIDFile=/var/run/squid.pid
ExecStartPre=/usr/bin/mkdir -p /var/run/squid
ExecStartPre=/usr/bin/chown squid.squid /var/run/squid
ExecStart=/usr/sbin/squid -sYC
ExecReload=/usr/sbin/squid -kreconf
ExecStop=/usr/sbin/squidshut.sh
TimeoutStopSec=36
KillMode=none

[Install]
WantedBy=multi-user.target


Thanks!!!



--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html


squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users

--
Diese Nachricht wurde von meinem Android-Gerät mit K-9 Mail gesendet.
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users