On 18/06/25 20:49, Mark Cairney wrote:
Hi,
I’ve been trying to get Kerberos Authentication against AD working but
have been seeing inconsistent results/behaviour across multiple Oses and
I’m not sure if the issue lies with the DNS configuration, Kerberos
itself or with the Squid config:
THE DNS setup is as follows:
test.squid.cluster. 3600 IN CNAME test-squid-
cluster.dyn-zone.
test-squid-cluster.dyn-zone. 60 IN A 1.2.3.4
Where 1.2.3.4 is the IP of one of the servers in the cluster. The
intention is to have multiple Squid servers behind a single DNS name for
high-availability.
FYI, you cannot have multiple CNAME for test.squid.cluster pointing at
different Squid server names. So this should not be a problem.
In Kerberos:
* Setup your keytab entry for HTTP/test-squid-cluster.dyn-zone@REALM.
* export the HTTP/test-squid-cluster.dyn-zone@REALM keytab to each proxy
In DNS:
* Add as many proxy as you want to test-squid-cluster.dyn-zone with A or
AAAA records in DNS.
* point any domains you want those proxy to be acting as a CDN to
test-squid-cluster.dyn-zone using CNAME in DNS.
Cheers
Amos
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
https://lists.squid-cache.org/listinfo/squid-users
