Hi
I have tried to use only Kerberos authentication, but didn't work! I have already used the 3 way below:
1) auth_param negotiate program /usr/lib/squid3/negotiate_kerberos_auth
2) auth_param negotiate program /usr/lib/squid3/negotiate_kerberos_auth -s GSS_C_NO_NAME -i
3) auth_param negotiate program /usr/lib/squid3/negotiate_kerberos_auth -s HTTP/proxy.cms.ensino.br@xxxxxxxxxxxxx
Now, kerberos and NTLM together is OK with Windows worstations, but with Linux appear the message in my Browser: "cache denied access".
Thus, I have used the basic_ldap_auth to Linux machines.
Following is authentication block the my squid.conf:
### Kerberos and NTLM ###
auth_param negotiate program /usr/lib/squid3/negotiate_wrapper_auth -d --ntlm /usr/bin/ntlm_auth --diagnostics
--helper-protocol=squid-2.5-ntlmssp --domain=CMS --kerberos /usr/lib/squid3/negotiate_kerberos_auth -d -s GSS_C_NO_NAME
auth_param negotiate children 10
auth_param negotiate keep_alive off
### LDAP ###
auth_param basic program /usr/lib/squid3/basic_ldap_auth -R -b DC=cms,DC=ensino,DC=br -D CN=proxy,CN=Users,DC=cms,DC=ensino,DC=br -w passwd -h 192.168.200.25 -p 389 -s sub -v 3 -f "sAMAccountName=%s"
auth_param basic children 50
auth_param basic realm "Acesso Monitorado - CMS"
auth_param basic credentialsttl 8 hours
auth_param basic casesensitive off
Now I would like to identify groups of the users (admins, managers and domain users) to create access profiles. How can I do this?
ext_ldap_group_acl or ext_kerberos_ldap_group_acl ?
Regards,
Márcio
I have tried to use only Kerberos authentication, but didn't work! I have already used the 3 way below:
1) auth_param negotiate program /usr/lib/squid3/negotiate_kerberos_auth
2) auth_param negotiate program /usr/lib/squid3/negotiate_kerberos_auth -s GSS_C_NO_NAME -i
3) auth_param negotiate program /usr/lib/squid3/negotiate_kerberos_auth -s HTTP/proxy.cms.ensino.br@xxxxxxxxxxxxx
Now, kerberos and NTLM together is OK with Windows worstations, but with Linux appear the message in my Browser: "cache denied access".
Thus, I have used the basic_ldap_auth to Linux machines.
Following is authentication block the my squid.conf:
### Kerberos and NTLM ###
auth_param negotiate program /usr/lib/squid3/negotiate_wrapper_auth -d --ntlm /usr/bin/ntlm_auth --diagnostics
--helper-protocol=squid-2.5-ntlmssp --domain=CMS --kerberos /usr/lib/squid3/negotiate_kerberos_auth -d -s GSS_C_NO_NAME
auth_param negotiate children 10
auth_param negotiate keep_alive off
### LDAP ###
auth_param basic program /usr/lib/squid3/basic_ldap_auth -R -b DC=cms,DC=ensino,DC=br -D CN=proxy,CN=Users,DC=cms,DC=ensino,DC=br -w passwd -h 192.168.200.25 -p 389 -s sub -v 3 -f "sAMAccountName=%s"
auth_param basic children 50
auth_param basic realm "Acesso Monitorado - CMS"
auth_param basic credentialsttl 8 hours
auth_param basic casesensitive off
Now I would like to identify groups of the users (admins, managers and domain users) to create access profiles. How can I do this?
ext_ldap_group_acl or ext_kerberos_ldap_group_acl ?
Regards,
Márcio
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
