Hi Marcio,
Have a look here a good guide. https://dev.tranquil.it/wiki/SAMBA_-_Configuration_Squid_Kerberos Most important, make sure your DNS setup is correct and the proxy server has an A and PTR (RR) record. Can be done without but that can result in problems. You must create the krb5.keytab file when using Samba 4 as DC? If positive, how to create it? On the proxy itself as member server. Make sure you then have also those 2. # enable offline logins winbind offline logon = yes # renew the kerberos ticket winbind refresh tickets = yes net ads join -U administrator net ads keytab add HTTP -U administrator or with samba tool on the DC. which i did since i use 2 proxys and 1 user for SPNs samba-tool user create squid-proxy --description="Unprivileged user for SQUID-Proxy Services" --random-password samba-tool user setexpiry squid-proxy –noexpiry samba-tool spn add HTTP/proxy1.internal.domain.tld squid-proxy samba-tool spn add HTTP/proxy1.internal.domain.tld@REALM squid-proxy and export it. samba-tool domain exportkeytab --principal=HTTP/proxy1. internal.domain.tld proxy1.keytab and put the proxy1.keytab file in place on the proxy server, see link above. Kerberos authentication (squid_kerb_auth) works for both Windows and Linux? Yes In this type of authentication the user will not need to enter your username / password when you open the browser? Correct, but you also need to setup your webbrowser for it. On the workstations I install ntp or ntpdate package? No, but the make sure time is in sync with the DC’s.
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
