[squid-users] Setting Up Squid - my scenario
S V Hareesh
harishmeetsu at yahoo.com
Thu Mar 9 17:00:09 UTC 2017
Ok, I tried that but it didnt work. I can put a conf file here. As a start I am currently in a scenario trying to replace a simple CNTLM HTTP proxy with Squid. I want to configure one account which authenticates with parent proxy send the downstream requests with out taking any creds.
Sent from Yahoo Mail on Android
On Thu, Mar 9, 2017 at 4:50 PM, Amos Jeffries<squid3 at treenet.co.nz> wrote: On 10/03/2017 5:19 a.m., S V Hareesh wrote:
> On top of the conf file from default setup on Windows, I added the following line in the conf. I added the dns servers and allowed localhost.
>
> cache_peer <corporate_proxy> parent 80 0 default connection-auth=on proxy-only
>
> never_direct allow all
>
> When I point my browser to this proxy, it gives me 407, auth required.
>
> Also, configured squid service on windows to run with a service account that has access to Internet/corp proxy.
Squid cannot authenticate to a cache_peer using NTLM. It can only do
Nagotiate/Kerberos to the parent proxy, and only when "login=NEGOTIATE"
is added (with or without a named keytab file).
NOTE: 'connection-auth=on' is about allowing the browser to use NTLM or
Negotiate/Kerberos through the cache_peer. It needs to also have
"login=PASSTHRU" if that peer is a proxy (as opposed to a web or
Exchange server).
See the 'AUTHENTICATION OPTIONS' section of
<http://www.squid-cache.org/Doc/config/cache_peer/>
Amos
_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20170309/0c722157/attachment-0001.html>
More information about the squid-users
mailing list