Search squid archive

Cache-Peer - Negotiate

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

I am trying to setup Squid as a local HTTP child proxy to a parent/corporate Cisco Ironport WSA proxy. I need help in setting up authentication(Negotiate) to be done automatically from any client who is trying to access internet through the child proxy. So here is what I did.

  • Installed Squid on Windows machine with the installable given by Diladele v 3.5.24. Configured the service to run with an account (domain\account1) that has admin rights to that machine.
  • Got a keytab file for the account and host from our AD Admins. Here is the command run to get the keytab file.
            ktpass /princ HTTP/server1.subdomain.domain.com@xxxxxxxxxxxxxxxxxxxx /mapuser domain\account1 /crypto all  /pass <password_for_account1> /ptype KRB5_NT_PRINCIPAL /out account.keytab

  • Copied that keytab file into etc\squid folder of my Windows installation of Squid.

  • Set the following configuration in squid.conf.

http_port 3128
cache_peer <parent_proxy_Ip> parent 80 0 no-query default proxy-only login=NEGOTIATE

http_access allow all
never_direct allow all
icp_access deny all

dns_nameservers <DNS_IP1>  <DNS_IP2> 127.0.0.1

My objective is **any allowed client** irrespective of Unix/Windows/domain/non-domain users should be able to reach to internet. I will set up ACL to specify the IP addresses to use this proxy later. But for now, I am getting a 407 error from any machine trying to use this proxy. I am not sure what is going wrong. Please advise.

I was looking at this link as well.




TIA

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux