Hi, I am trying to setup Squid as a local HTTP child proxy to a parent/corporate Cisco Ironport WSA proxy. I need help in setting up authentication(Negotiate) to be done automatically from any client who is trying to access internet through the child proxy. So here is what I did. - Installed Squid on Windows machine with the installable given by Diladele v 3.5.24. Configured the service to run with an account (domain\account1) that has admin rights to that machine.
- Got a keytab file for the account and host from our AD Admins. Here is the command run to get the keytab file. ktpass /princ HTTP/server1.subdomain.domain....@subdomain.domain.com/mapuser domain\account1 /crypto all /pass <password_for_account1> /ptypeKRB5_NT_PRINCIPAL /out account.keytab - Copied that keytab file into etc\squid folder of my Windows installation of Squid. - - Set the following configuration in squid.conf. http_port 3128cache_peer <parent_proxy_Ip> parent 80 0 no-query default proxy-only login=NEGOTIATE http_access allow allnever_direct allow allicp_access deny all dns_nameservers <DNS_IP1> <DNS_IP2> 127.0.0.1 My objective is **any allowed client** irrespective of Unix/Windows/domain/non-domain users should be able to reach to internet. I will set up ACL to specify the IP addresses to use this proxy later. But for now, I am getting a 407 error from any machine trying to use this proxy. I am not sure what is going wrong. Please advise. I was looking at this link as well. Squid - Users - Parent proxy with authentication | | | | | | | | | | | Squid - Users - Parent proxy with authentication Parent proxy with authentication. Hello, can someone please tell me, what my my cache_peer line must look like, ... | | | | TIA
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
