On 09/23/2016 10:28 AM, lravelo wrote:
Good morning!
I have four squid 3.3.8 proxies load balanced behind two VIPs (in groups of
two) using least connections load balancing. I've been having issues with
the .amazonaws.com and .cloudfront.com domains. We use TCP load balancing
and not HTTP load balancing. Basically what happens is that these web pages
request a keep-alive and on the browser console I'm seeing messages saying
that proxy authentication failed and some "ERR_CACHE_ACCESS_DENIED 0" errors
as well. We do have kerberos authentication for SSO. Not sure if anyone
else has had this issue and what's been done to resolve it.
--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/issues-with-amazonaws-cloudfront-tp4679665.html
Sent from the Squid - Users mailing list archive at Nabble.com.
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
what is the DNS name of the VIP you load balance behind? does the DNS
name match the HTTP principal you created in kerberos? for example:
dns name: proxy.domain.tld
kerberos principal: HTTP/proxy.domain.tld@REALM
the keytabs that you created, they have to be identical for each load
balanced pool member. you should have made one keytab, and securely
copied it to each pool member. if they are not exactly identical, one
proxy will work (the one with the latest keytab created, because the
KVNO will be ordinally greater[use "klist -Kket /path/to/file.keytab])
and the other wont work.
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
