[squid-users] Setting Up Squid - my scenario
Amos Jeffries
squid3 at treenet.co.nz
Thu Mar 9 16:49:56 UTC 2017
On 10/03/2017 5:19 a.m., S V Hareesh wrote:
> On top of the conf file from default setup on Windows, I added the following line in the conf. I added the dns servers and allowed localhost.
>
> cache_peer <corporate_proxy> parent 80 0 default connection-auth=on proxy-only
>
> never_direct allow all
>
> When I point my browser to this proxy, it gives me 407, auth required.
>
> Also, configured squid service on windows to run with a service account that has access to Internet/corp proxy.
Squid cannot authenticate to a cache_peer using NTLM. It can only do
Nagotiate/Kerberos to the parent proxy, and only when "login=NEGOTIATE"
is added (with or without a named keytab file).
NOTE: 'connection-auth=on' is about allowing the browser to use NTLM or
Negotiate/Kerberos through the cache_peer. It needs to also have
"login=PASSTHRU" if that peer is a proxy (as opposed to a web or
Exchange server).
See the 'AUTHENTICATION OPTIONS' section of
<http://www.squid-cache.org/Doc/config/cache_peer/>
Amos
More information about the squid-users
mailing list