[squid-users] Authentication pass-through cache_peer

Rafael Akchurin rafael.akchurin at diladele.com
Mon Nov 21 12:53:16 UTC 2016

Hello Eduardo,

Not exactly squid peering and passing authentication there and back but the approach works for us.

May be you will find it interesting. See https://docs.diladele.com/administrator_guide_4_8/active_directory/redundancy/index.html (haproxy using  TCP round robin + farm of Kerberos/NTLM/Basic LDAP authenticating Squids).

Best regards,
Rafael Akchurin
Diladele B.V.

-----Original Message-----
From: squid-users [mailto:squid-users-bounces at lists.squid-cache.org] On Behalf Of Eduardo Carneiro
Sent: Monday, November 21, 2016 1:33 PM
To: squid-users at lists.squid-cache.org
Subject: [squid-users] Authentication pass-through cache_peer

Hi all.

Sorry if this is already answered here. But I couldn't find any clear tips about this topic.

I'm using Squid 3.5.19 with dynamic content caching in a huge user base (almost 10.000). Due to the large number of requisitions, internet access is getting very slow.

So I decided to use cache_peer to balance the traffic between servers. Would be a basic environment. One child (that receive the requisitions of the
users) and three parent servers in a cluster. The problem is the authentication.
Today I use NTLM to authenticate my accesses (in a AD Win2008). I have read here, that Squid doesn't support ntlm pass-through between child -> parent servers.

The question I have is: There is any way to send user authentication credentials of the child server to parent servers transparently? Without need to enter username and password in the browser authentication box?

Thanks in advance.

View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Authentication-pass-through-cache-peer-tp4680587.html
Sent from the Squid - Users mailing list archive at Nabble.com.
squid-users mailing list
squid-users at lists.squid-cache.org

More information about the squid-users mailing list