> In more detail the required steps for squid_kerb_auth (from > https://sourceforge.net/project/showfiles.php?group_id=196348 or from > latest > squid distribution) are: > > 1) Install kerberos client package > 2) Install msktutil package from > http://dag.wieers.com/rpm/packages/msktutil/ > 3) Configure krb5.conf > 4) Configure squid by adding > auth_param negotiate program /usr/sbin/squid_kerb_auth > auth_param negotiate children 10 > auth_param negotiate keep_alive on > 5) Create keytab for HTTP/fqdn with msktutil. > a) kinit administra...@domain > b) msktutil -c -b "CN=COMPUTERS" -s HTTP/<fqdn> -h <fqdn> -k > /etc/squid/HTTP.keytab --computer-name squid-HTTP --upn HTTP/<fqdn> > --server > <domain controller> --verbose > > 6) Add the following to thw squid startup script > KRB5_KTNAME=/etc/squid/HTTP.keytab > export KRB5_KTNAME > > 7) Done > > Markus > > Thanks Markus
apprecite your quick reply. actually i was jus workin on plain text authentication with my win2003 AD server bascially following from http://www.itinfusion.ca/linux/squid-proxy-server-with-windows-ad-authentication/ i jus managed to have my linux box to authenticate with AD server runing the following command /usr/lib/squid/squid_ldap_auth -v 3 -b "dc=baladia,dc=local" -D "cn=Administrator,cn=Users,dc=baladia,dc=local" -w "xxxxxx" -f sAMAccountName=%s -h aa.aa.aa.aa where xxxxxxx is the password of administrator aa.aa.aa.aa is the IP address of AD server after i put the username n password i get OK so authentication is OK i will jus try having acls in my squid conf n testing it out regards n thnks once again simon > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > -- Network ADMIN ------------- KUWAIT MUNICIPALITY: -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
