[squid-users] NTLM authentication worked in Squid 2.7.STABLE8 Squid Web Proxy, now need it in v3.5 hosted on Windows server 2k12
Todd Pearson
rtpearson at yahoo.com
Tue Jun 27 20:13:46 UTC 2017
I appreciate the input. Do you (or anyone else) know if keytab is required in a windows only environment for kerberos authentication?
From: Amos Jeffries <squid3 at treenet.co.nz>
To: Todd Pearson <rtpearson at yahoo.com>; "squid-users at lists.squid-cache.org" <squid-users at lists.squid-cache.org>
Sent: Tuesday, June 27, 2017 10:37 AM
Subject: Re: [squid-users] NTLM authentication worked in Squid 2.7.STABLE8 Squid Web Proxy, now need it in v3.5 hosted on Windows server 2k12
On 28/06/17 05:12, Todd Pearson wrote:
>
> Thank you for the information. Is there any place to download the
> helper binaries for NTLM? Or do I need to build them myself?
>
Since you were using the SSPI helper for NTLM you should have the
Negotiate/Kerberos equivalent already. It is mswin_sspi in Squid-2 or
negotiate_sspi_auth in Squid-3.2+. The group checking helpers work with
both auth types.
Diladele provide Squid-3 builds for Windows
(<http://squid.diladele.com/>) if you are still going that way.
> Is there additional information on kerberos configuration in a windows
> environment. Trying to wrap my head around the keytab and creation of
> it in a windows only environment.
This may be of help understanding what the Kerberos process is:
<http://wiki.squid-cache.org/ConfigExamples/Authenticate/Kerberos>
though the config examples and setup commands we have are all for
non-Windows Squid machines it seems.
PS. I don't use Windows Squid servers myself, so cant be much help here.
Maybe someone more familiar can help out.
Amos
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20170627/b4c5877a/attachment.html>
More information about the squid-users
mailing list