Re: [squid-users] Squid with NTLM auth behind netscaler

Could you kindly write me what i need to post in order to review? 2016-01-11 11:53 GMT+01:00 Amos Jeffries : > On 11/01/2016 11:26 p.m., Fabio Bucci wrote: >> Yes of course. But i'm wondering if all the configuration are right. >> > > The Squid part of it looks okay to me. The issue is somewhere i

Re: [squid-users] Squid with NTLM auth behind netscaler

On 11/01/2016 11:26 p.m., Fabio Bucci wrote: > Yes of course. But i'm wondering if all the configuration are right. > The Squid part of it looks okay to me. The issue is somewhere in the AD, keytab or client setup I think. Amos ___ squid-users mailing

Re: [squid-users] Squid with NTLM auth behind netscaler

Yes of course. But i'm wondering if all the configuration are right. 2016-01-11 9:43 GMT+01:00 Amos Jeffries : > On 11/01/2016 9:34 p.m., Fabio Bucci wrote: >> Hi, >> could you help me in looking for what it's wrong? >> > > The client / browser thinks the credentials are wrong for some reason. >

Re: [squid-users] Squid with NTLM auth behind netscaler

Yes of course. But i'm wondering if all the configuration are right. Thanks, Fabio 2016-01-11 9:43 GMT+01:00 Amos Jeffries : > On 11/01/2016 9:34 p.m., Fabio Bucci wrote: >> Hi, >> could you help me in looking for what it's wrong? >> > > The client / browser thinks the credentials are wrong for s

Re: [squid-users] Squid with NTLM auth behind netscaler

On 11/01/2016 9:34 p.m., Fabio Bucci wrote: > Hi, > could you help me in looking for what it's wrong? > The client / browser thinks the credentials are wrong for some reason. You need to run through all the troubleshooting checks to see if any reason shows up. The recent posts "kerberos authenti

Re: [squid-users] Squid with NTLM auth behind netscaler

Hi, could you help me in looking for what it's wrong? Regar,ds Fabio 2016-01-07 14:26 GMT+01:00 Fabio Bucci : > Hi Amos, > just configured squid.conf as: > > auth_param negotiate program /usr/lib64/squid/negotiate_kerberos_auth > -d -s HTTP/myproxy.domain > auth_param negotiate children 100 > aut

Re: [squid-users] Squid with NTLM auth behind netscaler

Hi Amos, just configured squid.conf as: auth_param negotiate program /usr/lib64/squid/negotiate_kerberos_auth -d -s HTTP/myproxy.domain auth_param negotiate children 100 auth_param negotiate keep_alive on acl auth proxy_auth REQUIRED http_access allow auth but it doesn't work and browser requir

Re: [squid-users] Squid with NTLM auth behind netscaler

On 2015-12-31 03:42, Fabio Bucci wrote: Could you help me in kerberos configuration only? I don't want a fallback That should be blindingly obvious ... just use the Kerberos helper directly as the auth_param helper. Omit the negotiate_wrapper helper and ntlm_auth helper parts. Amos ___

Re: [squid-users] Squid with NTLM auth behind netscaler

reetz, > > Louis > > >> -----Oorspronkelijk bericht----- >> Van: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] Namens >> Fabio Bucci >> Verzonden: dinsdag 29 december 2015 16:21 >> Aan: Eliezer Croitoru >> CC: squid-users@lists.squ

Re: [squid-users] Squid with NTLM auth behind netscaler

-cache.org] Namens > Fabio Bucci > Verzonden: dinsdag 29 december 2015 16:21 > Aan: Eliezer Croitoru > CC: squid-users@lists.squid-cache.org > Onderwerp: Re: [squid-users] Squid with NTLM auth behind netscaler > > ok thanks. I think the system guys use samba and winbind to join linux

Re: [squid-users] Squid with NTLM auth behind netscaler

ok thanks. I think the system guys use samba and winbind to join linux machines to domain independetly services installed 2015-12-29 16:10 GMT+01:00 Eliezer Croitoru : > Hey Fabio, > > If you do want to use kerberos you do not need to use winbindd there are > other options. > (I have not tried the

Re: [squid-users] Squid with NTLM auth behind netscaler

Hey Fabio, If you do want to use kerberos you do not need to use winbindd there are other options. (I have not tried them both yet) Eliezer On 29/12/2015 16:30, Fabio Bucci wrote: Hi Amos, i'm trying to implement kerberos as you suggested me. But following the guide i read "Do not use this m

Re: [squid-users] Squid with NTLM auth behind netscaler

Hi Amos, i'm trying to implement kerberos as you suggested me. But following the guide i read "Do not use this method if you run winbindd or other samba services as samba will reset the machine password every x days and thereby makes the keytab invalid !!" and my system guy told me we use winbindd

Re: [squid-users] Squid with NTLM auth behind netscaler

On 17/12/2015 5:34 a.m., Fabio Bucci wrote: > i'm planning to migrate to kerberos instead NTLM.i got a question for > you Amos: sometimes a client reports issue in navigation and searching into > log file i cannot see "username" and all the request are 407 > > In these cases is there a way to

Re: [squid-users] Squid with NTLM auth behind netscaler

i'm planning to migrate to kerberos instead NTLM.i got a question for you Amos: sometimes a client reports issue in navigation and searching into log file i cannot see "username" and all the request are 407 In these cases is there a way to reset a user session or it's a completely client issue

Re: [squid-users] Squid with NTLM auth behind netscaler

On 12/12/2015 3:42 a.m., Fabio Bucci wrote: > Thank Amos i know you suggested kerberos. How can i implement it instead of > LDAP? Amos ___ squid-users mailing list squid-users@lists.sq

Re: [squid-users] Squid with NTLM auth behind netscaler

Thank Amos i know you suggested kerberos. How can i implement it instead of LDAP? 2015-12-11 15:39 GMT+01:00 Amos Jeffries : > On 12/12/2015 3:08 a.m., Fabio Bucci wrote: > > No suggestions? > > > > I've already suggested several times to use Kerberos. But the choice is > yours. > > Amos > >

Re: [squid-users] Squid with NTLM auth behind netscaler

On 12/12/2015 3:08 a.m., Fabio Bucci wrote: > No suggestions? > I've already suggested several times to use Kerberos. But the choice is yours. Amos ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/sq

Re: [squid-users] Squid with NTLM auth behind netscaler

No suggestions? 2015-12-07 14:57 GMT+01:00 Fabio Bucci : > Thanks Amos. > So, what do you suggest? Implement kerberos authetication instead NTLM one? > > I have to check if netscaler is able to perform that kind hack you wrote > before. > > Thanks again, > Fabio > > 2015-12-05 7:22 GMT+01:00 Amos

Re: [squid-users] Squid with NTLM auth behind netscaler

Thanks Amos. So, what do you suggest? Implement kerberos authetication instead NTLM one? I have to check if netscaler is able to perform that kind hack you wrote before. Thanks again, Fabio 2015-12-05 7:22 GMT+01:00 Amos Jeffries : > On 5/12/2015 5:39 a.m., Fabio Bucci wrote: > > Thanks Amos. >

Re: [squid-users] Squid with NTLM auth behind netscaler

On 5/12/2015 5:39 a.m., Fabio Bucci wrote: > Thanks Amos. > Actually my load balancing is configured to perform round robin balancing > between the two nodes. I added a session persistance by source ip in order > to avoid to login again with some sites. > > my squid.conf is very simple: > auth_par

Re: [squid-users] Squid with NTLM auth behind netscaler

On 4/12/2015 11:14 p.m., Fabio Bucci wrote: > Hi All, > my task is implementing a squid proxy that allow all my authenticated > (windows AD) internal users to surf internet without any credential request > (pop-up). > > Plus, i created two squid nodes and put them behind a citrix netscaler in > or