Hi!
I have been trying to find out some info on kerberos auth and squid, but most
of my searching points to setting up kerberos for single signon with windows
AD. Are other directory services supported? If so, which? Also does anyone know
of some good beginner style resources for setting up ker
Hi
Anyone know of anything out there that allows Squid to interface with
Kerberos?
Regards
Jeff
--
Jeff Richards
Technical Consultant
Unix Enterprise Services
[EMAIL PROTECTED]
Tel: +61 2 6219 8125
Important: This e-mail is intended for the use of the addressee and may contain
informatio
Has anyone put Kerberos authentication into the MacPort of Squid? If so,
would you care to share how you did it?
If not, has anyone recompiled Squid with authentication, and how did you
do that?
Thanks,
Ron
On Mon, 17 May 2010 11:15:06 +1000, Matthew Smith wrote:
> Hi!
>
> I have been trying to find out some info on kerberos auth and squid, but
> most of my searching points to setting up kerberos for single signon
with
> windows AD. Are other directory services supported? If so, which? Also
does
> a
Hi Amos,
Thanks for the reply, you have left me very confused, though. We are talking
about MIT's kerberos, right?
http://en.wikipedia.org/wiki/Kerberos_(protocol)
My understanding is that kerberos is a protocol for authentication, and other
directory services (like Mac OS X's OpenDirectory) s
mån 2010-05-17 klockan 11:15 +1000 skrev Matthew Smith:
> Hi!
>
> I have been trying to find out some info on kerberos auth and squid,
> but most of my searching points to setting up kerberos for single
> signon with windows AD. Are other directory services supported? If so,
> which? Also does any
Hi,
I have squid 3.2.8 with Kerberos auth.
Everything seems to work but why do some logs show the computer name
(user-pc$) instead of the username?
Thanks
Hello,
What is the best strategy to use a keytab file within multiple servers?
By now i'm using a NFS share to export the keytab.
Every day msktutil runs to update the file if necessary. The job is
schedule in one server only.
Also, after the update of the keytab file, is it necessary to reload s
I am trying to set up kerberos authentication in the following environment:
Kerberos server: Windows 2008 R2 domain controller
Proxy OS: FreeBSD 9.2-RELEASE amd64
Squid version: squid-3.3.9
The problem is the fact that kerberos authentication sporadically starts
to work (no auth popups, cache log
On Monday 18 August 2003 04.07, [EMAIL PROTECTED] wrote:
> Anyone know of anything out there that allows Squid to interface
> with Kerberos?
PAM should work for Basic authentication.
Regards
Henrik
--
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclic
Hi All,
Have been banging my head against this for a few weeks now.
I have a fresh install of centos 6.2 and have installed squid 3.1.10.
I have copied the kerberos keytab file from our ad server. It was
created with the command:
ktpass -princ HTTP/proxy-dev-k.domain.example@DOMAIN.EXAMPLE -ma
Right now I'm running NTLM authentication with 2.6STABLE5 (Debian Etch).
Has anyone here switched over to Kerberos authentication in a Server
2003 domain? It seems fairly straightforward -- any pitfalls to avoid?
James ZuelowCBJ MIS (907)586-0236
Network Specialist...Register
I followed the guide below as a starting point for my squid proxy,
however authentication fails after a day or so (i think due to account
reset)
I am using squid 3.2.6 with msktutil
ERROR: Negotiate Authentication validating user. Error returned 'BH
NT_STATUS_ACCESS_DENIED'
I am running a cronjo
Hallo, Carlos,
Du meintest am 19.08.13:
> What is the best strategy to use a keytab file within multiple
> servers? By now i'm using a NFS share to export the keytab.
> Every day msktutil runs to update the file if necessary. The job is
> schedule in one server only.
> Also, after the update of
thanks, Helmut.
i made one script to check the file change and run "squid -k reconfigure".
i'll wait till next change to see if it works correctly.
thank you
On Mon, Aug 19, 2013 at 2:11 PM, Helmut Hullen wrote:
> Hallo, Carlos,
>
> Du meintest am 19.08.13:
>
>> What is the best strategy to u
ked well for me.
-Original Message-
From: Carlos Defoe [mailto:carlosde...@gmail.com]
Sent: Tuesday, 20 August 2013 7:12 AM
To: hel...@hullen.de
Cc: squid-users@squid-cache.org
Subject: Re: [squid-users] kerberos keytab
thanks, Helmut.
i made one script to check the file change and run "
arlosde...@gmail.com]
> Sent: Tuesday, 20 August 2013 7:12 AM
> To: hel...@hullen.de
> Cc: squid-users@squid-cache.org
> Subject: Re: [squid-users] kerberos keytab
>
> thanks, Helmut.
>
> i made one script to check the file change and run "squid -k reconfigure".
&g
I have squid box named squid01.example.com, but all the clients' browsers
are configured to access it by its CNAME which is proxy.example.com. This
way I am able to install new server named squidXX, test it, and once
everything is fine I can change CNAME to point to the new server.
This worked fin
Hi Marko,
Squid's kerberos helper has debug mode. Just add '-d' switch to
'auth_param negotiate program /usr/sbin/squid_kerb_auth' string in
squid.conf file.
Also here are some useful information and tips:
http://wiki.squid-cache.org/ConfigExamples/Authenticate/Kerberos#Troubleshooting_Tools
On Mon, 14 Oct 2013 18:17:30 +0300
Pavel Kazlenka wrote:
> Squid's kerberos helper has debug mode. Just add '-d' switch to
> 'auth_param negotiate program /usr/sbin/squid_kerb_auth' string in
> squid.conf file.
> Also here are some useful information and tips:
> http://wiki.squid-cache.org/Con
On 10/14/2013 06:29 PM, Marko Cupać wrote:
2013/10/14 17:23:12 kid1|
'/usr/local/etc/squid/errors/sr-latn-rs/ERR_CACHE_ACCESS_DENIED': (2) No such
file or directory
2013/10/14 17:23:12 kid1| WARNING: Error Pages Missing Language: sr-latn-rs
This is another issue that the ERROR pages do not exis
On 15/10/2013 11:28 a.m., Eliezer Croitoru wrote:
On 10/14/2013 06:29 PM, Marko Cupać wrote:
2013/10/14 17:23:12 kid1|
'/usr/local/etc/squid/errors/sr-latn-rs/ERR_CACHE_ACCESS_DENIED': (2)
No such file or directory
2013/10/14 17:23:12 kid1| WARNING: Error Pages Missing Language:
sr-latn-rs
Thi
Hello to all,
we are using squid as a authentication proxy with kerberos/ldap-helpers.
This works fine, but (few) users can't be authenticated by the squid
(kerberos-helper).
Further investigation are showing a possible relationship to the tokensize
(computed with the MS-Tool tokensz.exe) o
Good afternoon,
In my attempt to get Squid on our SLES 11 box authenticating with
Kerberos (negotiate), I used the following to re-configure:
./configure --prefix=/usr/local/squid --enable-cachemgr-hostname=sclthdq01w
--enable-auth="negotiate" --enable-negotiate-auth-helpers="squid_kerb_a
Hi,
I a m trying to authenticate users through kerberos on a windows 2003
server AD. Basically, I followed the klaubert tutorial [1], part on
Negotiate/kerberos authentication.
The kerberos stuff seems ok, I can get some tickets using kinit and
see them using klist.
The error message I get is "a
Hi,
We are currently using Squid 3.1.10 on RHEL5.5 and Kerberos
authentication for most of our clients (authorization with an icap
server). At the moment, we are serving approx 8000 users with two
servers. Unfortunately, we have performance troubles with our Kerberos
authentication. Load values ar
We are trying use squid with kerberos and basic authentication, but
we've been getting some trouble authenticating Windows Media Player.
Our enviroment:
Proxy server SO: Red Hat Enterprise Linux Server release 6.0
KDC SO: Windows Server 2008 R2
SQUID: 3.1.4
CLIENTS SO: Windows XP SP3 and Windows
Hi
I followed
http://wiki.squid-cache.org/ConfigExamples/Authenticate/WindowsActiveDirectory
I can see the cache.log the the client is authenticating with a Kerberos ticket
however for every connection get a TCP/DENIED 407 and then the connection is
made. Is this not what NTLM does? I thought
Further upon this i have updated to 3.1.19 and i get the same errors. I
have fresh installed the machine back to how it was when the first email
when out.
On Mon, 2012-04-16 at 08:25 +1000, Simon Dwyer wrote:
> Hi All,
>
> Have been banging my head against this for a few weeks now.
>
> I have a
On Mon, Apr 16, 2012 at 09:41:19AM +1000, Simon Dwyer wrote:
> Further upon this i have updated to 3.1.19 and i get the same errors. I
> have fresh installed the machine back to how it was when the first email
> when out.
>
Is the keytab readable by the user running squid? The kerberos messages
On Mon, 2012-04-16 at 09:49 +0930, Brett Lymn wrote:
> On Mon, Apr 16, 2012 at 09:41:19AM +1000, Simon Dwyer wrote:
> > Further upon this i have updated to 3.1.19 and i get the same errors. I
> > have fresh installed the machine back to how it was when the first email
> > when out.
> >
>
> Is th
Have found that proper credentials will work if entered when prompted.
so it seems the credentials that get tried first do not work.
Whats the best way to work out what is going on?
On Mon, 2012-04-16 at 10:22 +1000, Simon Dwyer wrote:
> On Mon, 2012-04-16 at 09:49 +0930, Brett Lymn wrote:
> > O
Hi to all,
I'm using squid with kerberos authentication. It was working just
fine. For some unknown reason now it isn't. Look what it is in
cache.log:
squid_kerb_auth: ERROR: gss_acquire_cred() failed: Unspecified GSS
failure. Minor code may provide more information. Permission denied
2012/05/
We are getting some Win7 machines so I am migrating our ntlm setup
to Kerberos. Looking at Markus Moeller's kerb guide, I see that it
doesn't state how to control access after successful auth. Looking
online,
http://klaubert.wordpress.com/2008/01/09/squid-kerberos-authentication-and-ldap-authoriza
Hi,
I'm trying to build a completely Kerberos-based Squid proxy setup for
my company. Everything that's even remotely possible with Kerberos, we're
supposed to do with it.
Kerberos authentication on Squid 3.1 works easily, so the next step
would be to make squid_ldap_group work with Kerberos, too
Dear Sirs,
I configured Squid 3.3.3 with Kerberos and NTLM authentication successfully.
When I enable only Kerberos authentication, domain computers browse
normally and there is no password required.
When I enable only NTLM authentication, domain computers also browse
normally and there is no p
You have to add principals for each hostname on your keytab
(HTTP/squid01.example.com, HTTP/squid03.example.com,
HTTP/proxy.example.com), creating user or computer accounts to hold
each kerberos principal. If you're load balancing, copy your keytab
file to all servers.
Then you have to set the fla
ginal Message-
From: Berthold Zettler
To: squid-users@squid-cache.org
Subject: [squid-users] Kerberos / Authentication / squid
Date: Wed, 27 Nov 2013 13:41:09 +0100 (CET)
Hello to all,
we are using squid as a authentication proxy with kerberos/ldap-helpers.
This works fine, but (few) users can
Can you share squid.conf relevant lines?
Thanks,
Eliezer
On 27/11/13 14:41, Berthold Zettler wrote:
Hello to all,
we are using squid as a authentication proxy with kerberos/ldap-helpers.
This works fine, but (few) users can't be authenticated by the squid
(kerberos-helper).
Further investig
On 2013-11-28 07:58, Eliezer Croitoru wrote:
Can you share squid.conf relevant lines?
There are none for this problem. It is bounded by the system I/O limits
and some limits imposed by remote HTTP software (ie header length >4KB
are unreliable over Internet connections).
As mentioned earli
Hello,
First: I'm an intern and know little of pretty much everything. Try to
explain the best you can, please!
I'm trying to set up Kerberos on a Squid proxy server (the server is
to allow access to ip-based content away from the intranet, so it will
be something like so: client --> internet -->
hello
I am trying to setup kerberos auth against Active Directory - Windows 2000 - in
squid, 2.7. This is primarily so that the username is captured in the access
log. But also user based access control will occasionally be used.
I've installed the squid_kerb_auth software from
http://squidke
I've looked through some of the mailing list archives and can't find anything
specific on kerberos authentication to a MIT KDC for windows clients.
Everything I've found mentions AD. What I'd like, if possible, is to have
single sign on capabilities to between OS X server's Open Directory, squ
On 09/02/2011 09:34, "guest01" wrote:
>Hi,
>
>We are currently using Squid 3.1.10 on RHEL5.5 and Kerberos
>authentication for most of our clients (authorization with an icap
>server). At the moment, we are serving approx 8000 users with two
>servers. Unfortunately, we have performance troubles wi
On 10/02/11 00:05, Nick Cairncross wrote:
On 09/02/2011 09:34, "guest01" wrote:
Hi,
We are currently using Squid 3.1.10 on RHEL5.5 and Kerberos
authentication for most of our clients (authorization with an icap
server). At the moment, we are serving approx 8000 users with two
servers. Unfortu
Hi,
We had the same problem, WMP just sucks ... We were using WMP 10.x on
WinXP and Kerberos-Authentication did not work. Btw, we also have the
problem with Java-Applications.
I cannot offer a solution, just a very insecure workaround ... WMP will
be authenticated by it's User-Agent, which can
On Mon, 15 Aug 2011 21:18:04 +0200, John Down wrote:
Hi,
We had the same problem, WMP just sucks ... We were using WMP 10.x on
WinXP and Kerberos-Authentication did not work. Btw, we also have the
problem with Java-Applications.
I cannot offer a solution, just a very insecure workaround ... WMP
Hi,
I have two squids using NTLM auth against AD. Those squids are used by
client through a single A DNS entry (proxy.domain.tld) (so round robin).
I want to switch to kerberos, but I don't know what to create with
msktutil:
- two machines with same proxy.domain.tld UPN ?
- one machine used by
On 8/03/2012 9:17 p.m., JC Putter wrote:
Hi
I followed
http://wiki.squid-cache.org/ConfigExamples/Authenticate/WindowsActiveDirectory
I can see the cache.log the the client is authenticating with a Kerberos ticket
however for every connection get a TCP/DENIED 407 and then the connection is
client responds with a Kerberos ticket.
-Original Message-
From: Amos Jeffries [mailto:squ...@treenet.co.nz]
Sent: 08 March 2012 01:55 PM
To: squid-users@squid-cache.org
Subject: Re: [squid-users] Kerberos TCP/DENIED 407
On 8/03/2012 9:17 p.m., JC Putter wrote:
> Hi
>
> I followe
On 9/03/2012 1:07 a.m., JC Putter wrote:
Amos,
Thank you for the reply.
Sorry I meant 3.0 STABLE 19.
Please at minimum upgrade to 3.0.STABLE26 then, if possible 3.1.19.
There are a handful of major security vulnerabilities in between.
The Zimbra Desktop client connects via port 443 and
s Jeffries [mailto:squ...@treenet.co.nz]
Sent: 08 March 2012 02:44 PM
To: squid-users@squid-cache.org
Subject: Re: [squid-users] Kerberos TCP/DENIED 407
On 9/03/2012 1:07 a.m., JC Putter wrote:
> Amos,
>
> Thank you for the reply.
>
> Sorry I meant 3.0 STABLE 19.
Please at minimum upgrade
On 08.05.2012 08:16, Wladner Klimach wrote:
Hi to all,
I'm using squid with kerberos authentication. It was working just
fine. For some unknown reason now it isn't. Look what it is in
cache.log:
squid_kerb_auth: ERROR: gss_acquire_cred() failed: Unspecified GSS
failure. Minor code may provid
>The patch is already included since the following STABLE versions:
>
>2.7 STABLE1
>3.0 STABLE2
Guido,
Thanks, I should have read all the comments in the post:) Do you know
if it's possible to facilitate the following scenario where access is
auth'ed by Kerberos, and an ldap external_acl_type chec
Hi,
I successfully configured squid to authenticate against AD using kerberos. I
inserted an acl that authenticated users are allowed.
The next step should be, that only users in a defined group in the AD will be
allowed. I´ve read that this should be possible by using the external helper
squi
>But then, in 2006, Henrik Nordstrom says[2] neither squid_ldap_group nor
>squid_ldap_auth support Kerberos SSO. After the initial posting of the patch
>in '04, I can't >find any more references to it on the mailinglists.
See squid_kerb_ldap.
http://squidkerbauth.sourceforge.net/
jlc
Of course I just bumped into that little gem *after* I sent the
previous message to this list...
It has the downside of not being included in, or supported by
downstream distro's though. The major upside of having Kerberos
support in Squid's ldap_group helper would be the fact that downstream
dist
On Mon, 30 Aug 2010 16:32:51 +0200, Maxim Burgerhout
wrote:
> Of course I just bumped into that little gem *after* I sent the
> previous message to this list...
>
> It has the downside of not being included in, or supported by
> downstream distro's though. The major upside of having Kerberos
> su
> On Mon, 30 Aug 2010 16:32:51 +0200, Maxim Burgerhout
> wrote:
>> Of course I just bumped into that little gem *after* I sent the
>> previous message to this list...
>>
>> It has the downside of not being included in, or supported by
>> downstream distro's though. The major upside of having Ker
Nick Cairncross wrote:
On Mon, 30 Aug 2010 16:32:51 +0200, Maxim Burgerhout
wrote:
Of course I just bumped into that little gem *after* I sent the
previous message to this list...
It has the downside of not being included in, or supported by
downstream distro's though. The major upside of havi
Hi,
I have a domain with 2008 and 2003 DCs. If I genus a keytab in windows 2008
only work with 2008 server's and if I genus a keytab with 2003 it not work
in 2008 or 2003. The last case error example
[root@proxyprueba ~]# kinit -V -k -t /etc/squid/.keytab proxyprueba.xxx.xxx
Using default cache:
I think the BCP (best current practice) is to use, in sequence:
1) negotiate_wrapper configured with kerberos and ntlm
2) pure ntlm with ntlm_auth
3) one basic auth of your choice
Inserting those three methods in sequence on your squid.conf will do the job.
If you have problems with prompted aut
That's what (I think) I tried:
auth_param negotiate program /usr/local/bin/squid_kerb_auth -d -s
HTTP/squidserver.bnpapeis.local
auth_param negotiate children 5
auth_param negotiate keep_alive on
auth_param ntlm program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp
auth_param ntlm c
On Wed, May 15, 2013 at 03:45:28PM -0300, Delton wrote:
> That's what (I think) I tried:
>
> auth_param negotiate program /usr/local/bin/squid_kerb_auth -d -s
> HTTP/squidserver.bnpapeis.local
> auth_param negotiate children 5
> auth_param negotiate keep_alive on
>
> auth_param ntlm program /usr
As far as i know, the only auth mech that will prompt for password is
the basic one, so you're not enabling one per time.
But all three enabled shouldn't give you problems anyway...
Try setting
auth_param negotiate keep_alive off
and
auth_param ntlm keep_alive off
Add "--diagnostics" to ntlm_aut
On Wed, May 15, 2013 at 10:00:18PM -0300, Carlos Defoe wrote:
> As far as i know, the only auth mech that will prompt for password is
> the basic one, so you're not enabling one per time.
>
I believed that IE will prompt credentials when using NTLM
iff the machine is not part of the domain. It a
Guys,
I ran some more tests.
Only authentication with 'Basic' - worked on devices inside and outside
the domain, but asks for password;
With only authentication 'Kerberos' - worked in the domain and does not
prompt for password;
Authentication 'Kerberos' and 'Basic':
1 - worked in the domain b
Hi,
I've read a lot of post about kerberos and load balancers, but I don't have
clear the configuration. I have work one squid with kerberos, but now I want
balance the service. I think that correct configuration is:
1º - Create a account o computer acount in AD
loadbalancer.abg.local
2º
Hello everyone,
I am having a difficult time. I am not just trying to do something
similar to
http://wiki.squid-cache.org/ConfigExamples/Authenticate/Bypass, but
without blocking most sites for unauthenticated users.
The sites I need to block except for certain groups / authentication,
etc., are
Zettler"
> Cc: squid-users@squid-cache.org
> Betreff: Re: [squid-users] Kerberos / Authentication / squid
>
> Berthold
>
> if you look in
>
> squid-3.3.10/helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.cc
>
> the define states
>
> #ifndef
Hi there,
What is the recommended way to configure Kerberos authentication behind two
load balancers?
AFAIK, based on the mailing lists, I should
1) Create a user account KrbUser on the AD server and add an SPN
HTTP/loadbalancer.example.com for the load balancer
2) Join the domain with Kerber
>>> Rolf Loudon 12/06/10 7:46 PM >>>
>Hello
>
>I've done this but against AD. As far as I can see the squid helpers
>squid_kerb_auth and squidkerb_ldap are not AD specific and implement pure
>kerberos authentication. The former comes with squid 2.7 but getting the
>latest and compiling >prov
Hello list,
I'm currently running 3.0.STABLE19 on Ubuntu 10 LTS. I have configured
Kerberos AD authentication as in the config examples at
http://wiki.squid-cache.org/ConfigExamples/Authenticate/Kerberos (the
"Samba method"). It successfully worked for over half a year but
suddenly the SSO authen
Hi,
I'm using squid version - 2.7 Stable9. My Kerberos authentication is
working good as well. I'm receiving this info in my cache.log and just
want to confirm that its not worry some.
squid_kerb_auth: parseNegTokenInit failed with rc=102
2011/07/21 10:54:50| squid_kerb_auth: AF
oYGgMIGdoAMKAQ
Hi friends,
I have a problem for implement kerberos authentication on my squid
server. I'm using this article of the squid wiki:
http://wiki.squid-cache.org/ConfigExamples/Authenticate/WindowsActiveDirectory
My server is Red Hat Enterprise Linux (minimal) 6.2 (all package
updated), with the offic
Hi list,
I think I have a problem with one of my SPNs/keytab - wondered if someone could
confirm this:
3 x squid boxes on different sites, squid1, squid2 and squid3 are their
hostnames. I have one AD account with the SPNs of all on it. Using fqdn for the
proxy address to 2 of them results in K
Hi all,
I've been trying to get my squid 2.7 S9 to work with kerberos
authentication against AD 2003 server for a couple weeks now but still
failed. I've read through lots of posts in the list and different
tutorials following them 1 at a time but still no go. I've been
following tuts by Klaubert
On 30/08/2013 4:32 a.m., Trever L. Adams wrote:
Hello everyone,
I am having a difficult time. I am not just trying to do something
similar to
http://wiki.squid-cache.org/ConfigExamples/Authenticate/Bypass, but
without blocking most sites for unauthenticated users.
It is a key property of secur
On 28/11/2013 10:42 p.m., Berthold Zettler wrote:
> Hi Madhav,
>
>
>
> all relevant a systems (AD-Controllers and the clients (Windows 7)) have a
> value for "MaxTokenSize" of 65535.
>
> Therefore i don't think, that this failure was caused by AD- or client
> settings.
>
> The tokensize (273
I've configured Kerberos authentication for users in AD, but there is
one problem: after half an hour IE7 "forgets" about Kerberos and tries
to use NTLM. User have to restart IE7 to use Kerberos again. What
parameter is responsible for Kerberos authentication lifetime?
--
Best regards,
Dmitry
I'm working on a new squid installation, where squid users need to be
authenticated to Active Directory via Kerberos. I've read several
configuration examples and I can't remember how many how-to guides, but
I must be overlooking something simple.
I'm running squid 3.0STABLE18 on CentOS 5.4 in a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi friends,
I have a problem for implement kerberos authentication on my squid
server. I'm using this article of the squid wiki:
http://wiki.squid-cache.org/ConfigExamples/Authenticate/WindowsActiveDirectory
My server is Red Hat Enterprise Linux (m
. : +39.011.9781115
Email: guido.seras...@acmeconsulting.it
WWW: http://www.acmeconsulting.it
> -Messaggio originale-
> Da: Joseph L. Casale [mailto:jcas...@activenetwerx.com]
> Inviato: domenica 31 gennaio 2010 0.48
> A: 'squid-users@squid-cache.org'
> Oggetto: [squid-users] ke
I get the following error whenever i try to use squid: (currently i am trying
to use it from the AD which is also the KDC for squid to provide
authentication.)
Access Denied:
Access control configuration prevents your request from being allowed at this
time. Please contact your service provid
Hi,
I’ve received (kemp) load balancers to put in front of squids to
provide failover.
The failover / balancing works fine until I enable Kerberos auth on the squid.
Test setup:
Browser ==> Kemp balancer ==> Squid ==> Internet
proxy.example.c
Hi All,
I have been setting up a new proxy, it needs to have Kerberos auth so
that the users on the domain do not get prompted for a password - but
are authenticated and this is to show in the logs. Sorry for the
formatting, I tried using the bold and embed tags but they did not
work
It does
Hello, I'm trying to set up a pilot to replace proprietary caches in
schools. Because of training issues with on-site technicians I'm kinda
stuck with using Windows but would like to use Squid.
Stumbling
block 1 - I've not been able to find any documentation on Kerberos
authentication by Squid f
I enabled kerberos auth on an AD domain with a fallback to ldap basic
auth.
It seems that if someone use the proxy from another lan in another AD
domain on which I have no control, the basic auth is not used.
Is this understandable? Any way to work around this?
GIGO . wrote:
I get the following error whenever i try to use squid: (currently i am trying
to use it from the AD which is also the KDC for squid to provide
authentication.)
Access Denied:
Access control configuration prevents your request from being allowed at this
time. Please contact you
Hi,
Kerberos is authenticating http/s traffic for me from certain client
addresses just fine.
However ftp is being rejected, does the browser+squid not auth ftp in
the same way as http?
If ftp does work with kerberos, is there a way (ACL) that ftp traffic
can be excluded from kerberos auth?
Than
On 2/28/2013 2:57 PM, Sean Boran wrote:
Hi,
I’ve received (kemp) load balancers to put in front of squids to
provide failover.
The failover / balancing works fine until I enable Kerberos auth on the squid.
It seems to me like a basic LB problem since it's working on L7 and not L2.
Why do you u
On Wed, May 22, 2013 at 12:46:08PM +0300, Eliezer Croitoru wrote:
> On 2/28/2013 2:57 PM, Sean Boran wrote:
> >Hi,
> >
> >Ive received (kemp) load balancers to put in front of squids to
> >provide failover.
> >The failover / balancing works fine until I enable Kerberos auth on the
> >squid.
> It
On 5/23/2013 8:42 AM, Brett Lymn wrote:
One problem with using L2 is that you then lose the ability to log the
client IP address, everything appears to come from the load balancer.
Using L7 you can, at least on some load balancers, insert a
X-FORWARDED-FOR header with the client IP in it so you c
Chiming in here about the kemps
I used the kemps because they were available for this project. They have
worked quite well and as very easy to manage. HA works fine. Troubleshooting
is OK too (its looks like a BSD box under the hood).
L7 so that (as noted by Brett), I see to see the client IPs. Squ
i am using HAProxy, with Kerberos auth and have no issues. Once i
figured out the keytab bit, where you make one keytab file and put that
one keytab file on all proxies in the load balanced pool, i was off and
running. My relevant HAProxy configs:
global
log 127.0.0.1 local1
pidf
Hi,
I have integrated squid with kerberos and all work fine. When I open the IE
8 never ask by the password, because I activate in web browser integrated
windows authentication. But I need that squid ask for the password because
some web get the user and password of windows domain and deny access.
Hi,
At 11.30 07/08/2009, Holly King wrote:
Hello, I'm trying to set up a pilot to replace proprietary caches in
schools. Because of training issues with on-site technicians I'm kinda
stuck with using Windows but would like to use Squid.
Stumbling
block 1 - I've not been able to find any docum
Guido Serassio wrote:
Hi,
At 11.30 07/08/2009, Holly King wrote:
Hello, I'm trying to set up a pilot to replace proprietary caches in
schools. Because of training issues with on-site technicians I'm kinda
stuck with using Windows but would like to use Squid.
Stumbling
block 1 - I've not been
not really
want to use Basic Authentication. I believe in a bit more security...
Thanks!
-Original Message-
From: Guido Serassio [mailto:guido.seras...@acmeconsulting.it]
Sent: Friday, August 07, 2009 6:22 AM
To: Holly King; Squid Mailinglist
Subject: Re: [squid-users] Kerberos authentica
Daniel wrote:
I have been trying to see what authentication options that I have as well
(in regards to AD & LDAP). I would assume that the suggestion given of using
the 2.7 binaries for Windows would imply that Squid will be ran on Windows.
What would the said suggestion be for Linux Squid use
1 - 100 of 117 matches
Mail list logo
