> In more detail the required steps for squid_kerb_auth (from
> https://sourceforge.net/project/showfiles.php?group_id=196348 or from
> latest
> squid distribution) are:
>
> 1) Install kerberos client package
> 2) Install msktutil package from
> http://dag.wieers.com/rpm/packages/msktutil/
> 3) Configure krb5.conf
> 4) Configure squid by adding
> auth_param negotiate program /usr/sbin/squid_kerb_auth
> auth_param negotiate children 10
> auth_param negotiate keep_alive on
> 5) Create keytab for HTTP/fqdn with msktutil.
> a) kinit administrator_at_DOMAIN
> b) msktutil -c -b "CN=COMPUTERS" -s HTTP/<fqdn> -h <fqdn> -k
> /etc/squid/HTTP.keytab --computer-name squid-HTTP --upn HTTP/<fqdn>
> --server
> <domain controller> --verbose
>
> 6) Add the following to thw squid startup script
> KRB5_KTNAME=/etc/squid/HTTP.keytab
> export KRB5_KTNAME
>
> 7) Done
>
> Markus
>
>
Thanks Markus
apprecite your quick reply.
actually i was jus workin on plain text authentication with my win2003 AD
server
bascially following from
http://www.itinfusion.ca/linux/squid-proxy-server-with-windows-ad-authentication/
i jus managed to have my linux box to authenticate with AD server runing
the following command
/usr/lib/squid/squid_ldap_auth -v 3 -b "dc=baladia,dc=local" -D
"cn=Administrator,cn=Users,dc=baladia,dc=local" -w "xxxxxx" -f
sAMAccountName=%s -h aa.aa.aa.aa
where xxxxxxx is the password of administrator
aa.aa.aa.aa is the IP address of AD server
after i put the username n password
i get OK so authentication is OK
i will jus try having acls in my squid conf n testing it out
regards
n thnks once again
simon
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
-- Network ADMIN ------------- KUWAIT MUNICIPALITY: -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.Received on Sun Mar 22 2009 - 15:51:51 MDT
This archive was generated by hypermail 2.2.0 : Mon Mar 23 2009 - 12:00:02 MDT