[squid-users] Passing Windows username to parent proxy
BurningSky
sam.egerton at ntlworld.com
Wed May 3 14:19:39 UTC 2017
Hi Amos,
Thanks for the reply. Sorry, what I meant by that was that I was logged into the Squid Windows server using remote desktop so that I could edit the configuration so that is separate from the machine trying to use Squid a a proxy.
So it would seem like the issue is with the firewall from what you're saying? Using the most basic Squid config pointing it at the firewall as a parent should be all I need to do for the Windows username to be passed through to the firewall?
Thanks,
Sam
> On 3 May 2017, at 14:43, Amos Jeffries [via Squid Web Proxy Cache] <ml+s1019090n4682277h30 at n4.nabble.com> wrote:
>
> On 03/05/17 22:47, BurningSky wrote:
>
> > Hi,
> >
> > I have been searching around the web for a while now to try and find a
> > solution but having not had much luck I was wondering if someone on here
> > could help.
> >
> > I have set up a Windows 2008 R2 server running the Diladele pre-complied
> > Squid 3.5 proxy and am looking to make use of our firewall for URL
> > filtering. Our firewall allows/denies access to certain web sites by using
> > the AD group memberships of the Windows end user.
> >
> > I have managed to get a basic config up and running and am using the line
> > below to forward the traffic via the proxy setup on our firewall. If I point
> > the end user machine directly at the firewall then the filtering works but
> > the firewall doesn't have caching, thus wanting to use Squid.
> > cache_peer whl-utm1.e2v.com parent 3128 0 no-query default login=PASSTHRU
> >
> > As I am new to Squid I thought, perhaps naively, that the end user domain
> > username would automatically be forwarded on with the requests to the parent
> > but in the parents log file I just seem to see the username of the account
> > that I have RDPed to the server on, not of the end user machine that the
> > request is coming from.
>
> Not sure exactly what you mean by "RPDd", but you can only authenticate
> one user at a time with connection based authentication.
>
> The login=PASSTHRU is correct for passing whatever the clients sends
> through to the parent proxy and vice versa for the parents response auth
> headers. Squid must not itself perform any type of authentication with
> either client, or the parents cache_peer TCP connections.
>
> Amos
>
> _______________________________________________
> squid-users mailing list
> [hidden email]
> http://lists.squid-cache.org/listinfo/squid-users
>
>
> If you reply to this email, your message will be added to the discussion below:
> http://squid-web-proxy-cache.1019090.n4.nabble.com/Passing-Windows-username-to-parent-proxy-tp4682272p4682277.html
> To unsubscribe from Passing Windows username to parent proxy, click here.
> NAML
--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Passing-Windows-username-to-parent-proxy-tp4682272p4682278.html
Sent from the Squid - Users mailing list archive at Nabble.com.
More information about the squid-users
mailing list