Hi, Using squid squid-3.5.19-1.el7.centos.x86_64,
I obtain a kerberos ticket but I get the following when trying to use the proxy: 2016/07/14 12:57:03.711 kid1| 29,4| UserRequest.cc(290) authenticate: No Proxy-Auth header and no working alternative. Requesting auth header. 2016/07/14 12:57:03.712 kid1| 29,9| UserRequest.cc(487) addReplyAuthHeader: headertype:46 authuser:NULL 2016/07/14 12:57:03.712 kid1| 29,9| Config.cc(188) fixHeader: Sending type:46 header: 'Negotiate' 2016/07/14 12:57:04.159 kid1| 29,4| UserRequest.cc(290) authenticate: No Proxy-Auth header and no working alternative. Requesting auth header. 2016/07/14 12:57:04.159 kid1| 29,9| UserRequest.cc(487) addReplyAuthHeader: headertype:46 authuser:NULL 2016/07/14 12:57:04.159 kid1| 29,9| Config.cc(188) fixHeader: Sending type:46 header: 'Negotiate' My squid.conf is as follows: acl localnet src 10.0.0.0/8 acl localnet src 172.16.0.0/12 acl localnet src 192.168.0.0/16 acl localnet src fc00::/7 acl localnet src fe80::/10 acl SSL_ports port 443 acl Safe_ports port 80 acl Safe_ports port 21 acl Safe_ports port 443 acl Safe_ports port 70 acl Safe_ports port 210 acl Safe_ports port 1025-65535 acl Safe_ports port 280 acl Safe_ports port 488 acl Safe_ports port 591 acl Safe_ports port 777 acl CONNECT method CONNECT acl step1 at_step SslBump1 acl step2 at_step SslBump2 acl step3 at_step SslBump3 acl nobumpSites ssl::server_name "/etc/squid/acls/nobumpSites.txt" http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost manager http_access deny manager acl social_ips src "/etc/squid/acls/social_ips" acl social_dom dstdomain "/etc/squid/acls/social_dom" auth_param negotiate program /usr/lib64/squid/negotiate_kerberos_auth -d -s HTTP/proxy.example.local@EXAMPLE.LOCAL auth_param negotiate children 10 auth_param negotiate keep_alive on acl kerb_auth proxy_auth REQUIRED ssl_bump peek step1 all ssl_bump splice nobumpSites ssl_bump bump http_access allow kerb_auth http_access deny social_ips http_access deny social_dom acl numeric_IPs urlpath_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ acl connect method CONNECT http_access deny connect numeric_IPs all http_access allow localnet http_access allow localhost http_access deny all always_direct allow all sslcrtd_program /usr/lib64/squid/ssl_crtd -s /var/spool/squid_ssldb -M 4MB visible_hostname proxy.example.local http_port 3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=6MB cert=/etc/squid/ssl_cert/myCA.pem coredump_dir /var/spool/squid refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 url_rewrite_program /usr/sbin/ufdbgclient –l /var/ufdbguard/logs url_rewrite_children 64 access_log daemon:/var/log/squid/access.log combined And klist output: klist -k /etc/squid/HTTP.keytab Keytab name: FILE:/etc/squid/HTTP.keytab KVNO Principal ---- -------------------------------------------------------------------------- 2 host/proxy.example.local@EXAMPLE.LOCAL 2 host/proxy.example.local@EXAMPLE.LOCAL 2 host/proxy.example.local@EXAMPLE.LOCAL 2 host/proxy.example.local@EXAMPLE.LOCAL 2 host/proxy.example.local@EXAMPLE.LOCAL 2 host/proxy@EXAMPLE.LOCAL 2 host/proxy@EXAMPLE.LOCAL 2 host/proxy@EXAMPLE.LOCAL 2 host/proxy@EXAMPLE.LOCAL 2 host/proxy@EXAMPLE.LOCAL 2 KANBAN$@EXAMPLE.LOCAL 2 KANBAN$@EXAMPLE.LOCAL 2 KANBAN$@EXAMPLE.LOCAL 2 KANBAN$@EXAMPLE.LOCAL 2 KANBAN$@EXAMPLE.LOCAL 2 HTTP/proxy.example.local@EXAMPLE.LOCAL 2 HTTP/proxy.example.local@EXAMPLE.LOCAL 2 HTTP/proxy.example.local@EXAMPLE.LOCAL 2 HTTP/proxy.example.local@EXAMPLE.LOCAL 2 HTTP/proxy.example.local@EXAMPLE.LOCAL 2 HTTP/proxy@EXAMPLE.LOCAL 2 HTTP/proxy@EXAMPLE.LOCAL 2 HTTP/proxy@EXAMPLE.LOCAL 2 HTTP/proxy@EXAMPLE.LOCAL 2 HTTP/proxy@EXAMPLE.LOCAL End of output, Please could you help me? Am I doing something wrong? Thanks in advance! -- -- Sergio Belkin LPIC-2 Certified - http://www.lpi.org
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
