Hi,
I am trying to setup Squid as a local HTTP child proxy to a parent/corporate Cisco Ironport WSA proxy. I need help in setting up authentication(Negotiate) to be done automatically from any client who is trying to access internet through the child proxy. So here is what I did.
- Installed Squid on Windows machine with the installable given by Diladele v 3.5.24. Configured the service to run with an account (domain\account1) that has admin rights to that machine.
- Got a keytab file for the account and host from our AD Admins. Here is the command run to get the keytab file.
ktpass /princ HTTP/server1.subdomain.domain.com@xxxxxxxxxxxxxxxxxxxx
/mapuser domain\account1 /crypto all /pass <password_for_account1> /ptype
KRB5_NT_PRINCIPAL /out account.keytab
- Copied that keytab file into etc\squid folder of my Windows installation of Squid.
- Set the following configuration in squid.conf.
http_port 3128
cache_peer <parent_proxy_Ip> parent 80 0 no-query default proxy-only login=NEGOTIATE
http_access allow all
never_direct allow all
icp_access deny all
dns_nameservers <DNS_IP1> <DNS_IP2> 127.0.0.1
My objective is **any allowed client** irrespective of Unix/Windows/domain/non-domain users should be able to reach to internet. I will set up ACL to specify the IP addresses to use this proxy later. But for now, I am getting a 407 error from any machine trying to use this proxy. I am not sure what is going wrong. Please advise.
I was looking at this link as well.
|
TIA
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users