[squid-users] Cache-Peer - Negotiate

Hareesh harishmeetsu at yahoo.com
Tue Mar 21 12:26:15 UTC 2017 

Hi,
I am trying to setup Squid as a local HTTP child proxy to a parent/corporate Cisco Ironport WSA proxy. I need help in setting up authentication(Negotiate) to be done automatically from any client who is trying to access internet through the child proxy. So here is what I did.
   
   - Installed Squid on Windows machine with the installable given by Diladele v 3.5.24. Configured the service to run with an account (domain\account1) that has admin rights to that machine.   

   - Got a keytab file for the account and host from our AD Admins. Here is the command run to get the keytab file.   

            ktpass /princ HTTP/server1.subdomain.domain.com at SUBDOMAIN.DOMAIN.COM/mapuser domain\account1 /crypto all  /pass <password_for_account1> /ptypeKRB5_NT_PRINCIPAL /out account.keytab
   
   - Copied that keytab file into etc\squid folder of my Windows installation of Squid.   

   -    

   - Set the following configuration in squid.conf.   


http_port 3128cache_peer <parent_proxy_Ip> parent 80 0 no-query default proxy-only login=NEGOTIATE
http_access allow allnever_direct allow allicp_access deny all
dns_nameservers <DNS_IP1>  <DNS_IP2> 127.0.0.1
My objective is **any allowed client** irrespective of Unix/Windows/domain/non-domain users should be able to reach to internet. I will set up ACL to specify the IP addresses to use this proxy later. But for now, I am getting a 407 error from any machine trying to use this proxy. I am not sure what is going wrong. Please advise.
I was looking at this link as well.
Squid - Users - Parent proxy with authentication

  
|  
|   
|   
|   |    |

   |

  |
|  
|   |  
Squid - Users - Parent proxy with authentication
 Parent proxy with authentication. Hello, can someone please tell me, what my my cache_peer line must look like, ...  |   |

  |

  |

 

TIA




--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Cache-Peer-Negotiate-tp4681866.html
Sent from the Squid - Users mailing list archive at Nabble.com.

More information about the squid-users mailing list