On 16/07/22 04:05, Johnathan Hasty wrote:
What HTTP authentication method(s) or scheme(s) does your upstream proxy support or require?
They're very vague and not helpful. It was said they look for email, but in reality it would be user@xxxxxxxxxxxxxxxx rather than user@xxxxxxxxxxx.
This is the only information I have for them.
https://support.goguardian.com/s/article/Deploying-GoGuardian-Gateway-1629767892527
https://view.highspot.com/viewer/5f7241dd628ba24915723e85
This document is providing some answers, but indeed are a bit obscure.
The authentication is using LDAP service. Which means Squid should have
its own account in LDAP registered as a machine account type (not a
regular user, so it can avoid constant password update requirements).
Those are the credentials you configure in the cache_peer line to be
passed to GG.
Make sure that you configure the full username string. Whether it be
login=user@xxxxxxxxxxxxxxxx:password or login=user@xxxxxxxxxxx:password
or login=user:password
Also, cache_peer should not need sslcapath= option. Just 'tls' and
ensure the Squid machine Trusted CA certs package is kept up to date. If
GG has a special Server certificate based on some custom CA, then use
the tls-cafile= option to load that custom public root cert.
If you are still having issues, the contents of the PAC file generated
for a test user account could have some more hints about what GG is
expecting.
HTH
Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
