[squid-users] Passing Windows username to parent proxy

Amos Jeffries squid3 at treenet.co.nz
Wed May 3 13:54:52 UTC 2017


On 03/05/17 22:47, BurningSky wrote:
> Hi,
>
> I have been searching around the web for a while now to try and find a
> solution but having not had much luck I was wondering if someone on here
> could help.
>
> I have set up a Windows 2008 R2 server running the Diladele pre-complied
> Squid 3.5 proxy and am looking to make use of our firewall for URL
> filtering. Our firewall allows/denies access to certain web sites by using
> the AD group memberships of the Windows end user.
>
> I have managed to get a basic config up and running and am using the line
> below to forward the traffic via the proxy setup on our firewall. If I point
> the end user machine directly at the firewall then the filtering works but
> the firewall doesn't have caching, thus wanting to use Squid.
> cache_peer whl-utm1.e2v.com parent 3128 0 no-query default login=PASSTHRU
>
> As I am new to Squid I thought, perhaps naively, that the end user domain
> username would automatically be forwarded on with the requests to the parent
> but in the parents log file I just seem to see the username of the account
> that I have RDPed to the server on, not of the end user machine that the
> request is coming from.

Not sure exactly what you mean by "RPDd", but you can only authenticate 
one user at a time with connection based authentication.

The login=PASSTHRU is correct for passing whatever the clients sends 
through to the parent proxy and vice versa for the parents response auth 
headers. Squid must not itself perform any type of authentication with 
either client, or the parents cache_peer TCP connections.

Amos



More information about the squid-users mailing list