Hi
I have many dubt about kerberos authentication in the Squid 3 (3.4.8) on Debian 8. I'm using Samba 4 (4.2.1) as DC.
If I to join Squid Server in the Domain (net ads join) I don't need to execute the command-line msktutil as bellow ?
msktutil -c -b "CN=COMPUTERS" -s HTTP/squidproxy.example.local -k /etc/squid3/PROXY.keytab \
--computer-name SQUIDPROXY-K --upn HTTP/squidproxy.example.local --server dc1.example.local --verbose
Is SQUIDPROXY-K an alias for squidproxy.example.local or is another server?
What is the correct value for default_keytab_name in /etc/krb5.conf file: = /etc/squid3/HTTP.keytab or /etc/krb5.keytab?
Have to enable Samba4 and Winbind services or disable ?
Is join the Squid server on Domain better use than msktutil command?
Does Kerberos uses enctypes by default? My DC is Samba4. Do I need to configure the following directives in /etc/krb5.conf ?
;for Windows 2008 with AES
default_tgs_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5
default_tkt_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5
permitted_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5
Regards,
Márcio
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
