Thanks, Brett, for the answer. I did exactly the same thing and it's working for me now. I only have to decrypt how to see the client's IP in SQUID's logs. I will follow your instructions to try to achieve it.
Best regards, Gabriel El jue., 23 de jul. de 2020 a la(s) 21:23, Brett Lymn ( brett.l...@baesystems.com) escribió: > On Thu, Jul 23, 2020 at 06:07:39PM +0200, Klaus Brandl wrote: > > > > But if anyone knows a solution, i will spread my ears :) > > > > What we do is: > > 1) create a user account in AD that will be used for the HA front end, > set a password and export the keytab for this user > 2) Use ktadmin to import the keytab entries for the user created in step > 1 into the keytab for squid on the squid servers. > 3) Set a SPN (setspn) in AD that maps HTTP://ha.fqdn.address to the user > created in 1 > > The SPN (service principal name) tells kerberos to use the user details > set up in step 1 to authenticate http requests. This works for us, has > been for years. > > One thing, if you want to know the IP addresses of your clients in the > squid logs you will need to do some extra stuff because all accesses > will appear to come from the HA loadbalancer. We have configured our > load balancers to insert the X-Forwarded-For header into the http > traffic and then modified the logging to log both the loadblancer and > client IP. > > -- > Brett Lymn > This email has been sent on behalf of one of the following companies > within the BAE Systems Australia group of companies: > > BAE Systems Australia Limited - Australian Company Number 008 423 005 > BAE Systems Australia Defence Pty Limited - Australian Company Number 006 > 870 846 > ASC Shipbuilding Pty Limited - Australian Company Number 051 899 864 > > BAE Systems Australia's registered office is Evans Building, Taranaki > Road, Edinburgh Parks, Edindurgh, South Australia, 5111. > ASC Shipbuilding's registered office is Level 2, 80 Flinders Street, > Adelaide, South Australia, 5000. > If the identity of the sending company is not clear from the content of > this email, please contact the sender. > > This email and any attachments may contain confidential and legally > privileged information. If you are not the intended recipient, do not copy > or disclose its content, but please reply to this email immediately and > highlight the error to the sender and then immediately delete the message. > > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users