Hi,
FYI ... I got the two squids working behind the (Kemp) load balancer
with kerberos auth
Procedure:
0. myproxy.vptt.ch points to the IP of the load balancer. This is
referenced in wpad.dat or browser settings. Squid runs on port 80, so
the URL of the proxy is http://myproxy.ch:80
1. create an AD service account account
lets call it my-kerb
2. add an SPN for the LB to that AD account. Did this on windows:
setspn -S http/myproxy.ch my-kerb
3. create a keytab on each squid
rm /etc/krb5.keytab
net ads keytab CREATE HTTP -U my-kerb
ktutil
ktutil: rkt /etc/krb5.keytab
addent -password -p HTTP/myproxy.ch -k 5 -e rc4-hmac (use the my-kerb passwd)
ktutil: wkt /etc/krb5.keytab
chmod 644 /etc/krb5.keytab (or use a group to allow the squid user
to read it).
Regards,
Sean Boran
Received on Tue Mar 26 2013 - 12:36:02 MDT
This archive was generated by hypermail 2.2.0 : Tue Mar 26 2013 - 12:00:05 MDT