|
Hi Marcio, Have a look here a good guide. https://dev.tranquil.it/wiki/SAMBA_-_Configuration_Squid_Kerberos
Most important, make sure your DNS setup
is correct and the proxy server has an A and PTR (RR) record. Can be done without but that can result in
problems. You must create the krb5.keytab file when using Samba 4 as DC? If
positive, how to create it? On the proxy itself as member server. Make sure you then have also those 2. #
enable offline logins
winbind offline logon = yes #
renew the kerberos ticket
winbind refresh tickets = yes net ads join -U administrator
net ads keytab add HTTP -U administrator or with
samba tool on the DC. which i did since i use 2 proxys and 1 user for SPNs samba-tool user create squid-proxy --description="Unprivileged user for SQUID-Proxy Services" --random-password
samba-tool user setexpiry squid-proxy –noexpiry
samba-tool spn add HTTP/proxy1.internal.domain.tld
squid-proxy samba-tool spn add HTTP/proxy1.internal.domain.tld@REALM
squid-proxy and export it. samba-tool domain exportkeytab
--principal=HTTP/proxy1.
internal.domain.tld proxy1.keytab and put the proxy1.keytab file in place on
the proxy server, see link above. Kerberos authentication (squid_kerb_auth) works for both Windows and
Linux? Yes In this type of authentication the user will not need to enter your
username / password when you open the browser? Correct, but you also need to setup your
webbrowser for it. On the workstations I install ntp or ntpdate package? No, but the make sure time is in sync with
the DC’s. |
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
