Just to close the case and concluding, Louis tip worked flawlessly, it
combined well with the settings i already was using and the authentication
is working rock solid and stable, and the documentation Rafael provided
clarificate a lot of the ins and outs of kerberos authentication with squid
so i
ooh thanks too Rafael! while i was researching i used your guide as reference
to understand better the mechanics, in part thanks to it i got this far
ahahah very well documented! but some points i feared it would be
distribution specic and felt insecure to try, with your tip i will read more
deeply
ooh, thanks L.P.H.!! this is exactly what i was wanting, a more stable way to
feel secure using this authentication, i will experiment with this today!
thanks a lot for the attention!
--
Sent from:
http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
Hey guys! im still testing it, but i think i found my mistake, so i will let
it here for future reference
i compared the way i arranged things in my test enviroment between the
production enviroment, e noticed some differences in the keytab, i still
dont know if its obligatory, im still testing it
Helo! i think i did almost everything right, firstly i made it in a test
enviroment with debian stretch running squid 3.5 and a windows server 2008
based domain controller, and it worked!
but when i tried to deploy it in the production enviroment running debian
stretch, squid 3.5 and windows serve
Man, thanks! spot on! when i applied your suggestion the problem was solved
immediatly, i feel very emberrased, i got that http_access structure
suggested in a forum, and worked fine, but one day a important site that
needed to be accessed through 9021 port was being denied, so i changed the
"deny
"There is no natural reason why those CONNECT should be exempt from
authenticating.
I usually find situations like what you describe happen where someone
has misunderstood the default security rules and "customized" them a
bit. They are finely tuned rules, so vast changes to proxy behaviour
(
Helo! im in need of serious help, in my company we need the access logs by
user name, is the only reason the proxy is setted to authenticate. but it
just dont show it, the relevant parts of the .conf is looking like this:
(...)
auth_param ntlm program /usr/bin/ntlm_auth --diagnostics
--helper-prot
