I appreciate the input. Do you (or anyone else) know if keytab is required in a windows only environment for kerberos authentication?
From: Amos Jeffries <squid3@xxxxxxxxxxxxx>
To: Todd Pearson <rtpearson@xxxxxxxxx>; "squid-users@xxxxxxxxxxxxxxxxxxxxx" <squid-users@xxxxxxxxxxxxxxxxxxxxx>
Sent: Tuesday, June 27, 2017 10:37 AM
Subject: Re: NTLM authentication worked in Squid 2.7.STABLE8 Squid Web Proxy, now need it in v3.5 hosted on Windows server 2k12
On 28/06/17 05:12, Todd Pearson wrote:
>
> Thank you for the information. Is there any place to download the
> helper binaries for NTLM? Or do I need to build them myself?
>
Since you were using the SSPI helper for NTLM you should have the
Negotiate/Kerberos equivalent already. It is mswin_sspi in Squid-2 or
negotiate_sspi_auth in Squid-3.2+. The group checking helpers work with
both auth types.
Diladele provide Squid-3 builds for Windows
(<http://squid.diladele.com/>) if you are still going that way.
> Is there additional information on kerberos configuration in a windows
> environment. Trying to wrap my head around the keytab and creation of
> it in a windows only environment.
This may be of help understanding what the Kerberos process is:
<http://wiki.squid-cache.org/ConfigExamples/Authenticate/Kerberos>
though the config examples and setup commands we have are all for
non-Windows Squid machines it seems.
PS. I don't use Windows Squid servers myself, so cant be much help here.
Maybe someone more familiar can help out.
Amos
>
> Thank you for the information. Is there any place to download the
> helper binaries for NTLM? Or do I need to build them myself?
>
Since you were using the SSPI helper for NTLM you should have the
Negotiate/Kerberos equivalent already. It is mswin_sspi in Squid-2 or
negotiate_sspi_auth in Squid-3.2+. The group checking helpers work with
both auth types.
Diladele provide Squid-3 builds for Windows
(<http://squid.diladele.com/>) if you are still going that way.
> Is there additional information on kerberos configuration in a windows
> environment. Trying to wrap my head around the keytab and creation of
> it in a windows only environment.
This may be of help understanding what the Kerberos process is:
<http://wiki.squid-cache.org/ConfigExamples/Authenticate/Kerberos>
though the config examples and setup commands we have are all for
non-Windows Squid machines it seems.
PS. I don't use Windows Squid servers myself, so cant be much help here.
Maybe someone more familiar can help out.
Amos
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
