[squid-users] Passing Windows username to parent proxy

BurningSky sam.egerton at ntlworld.com
Wed May 3 14:19:39 UTC 2017


Hi Amos,

Thanks for the reply. Sorry, what I meant by that was that I was logged into the Squid Windows server using remote desktop so that I could edit the configuration so that is separate from the machine trying to use Squid a a proxy.

So it would seem like the issue is with the firewall from what you're saying? Using the most basic Squid config pointing it at the firewall as a parent should be all I need to do for the Windows username to be passed through to the firewall?

Thanks,
Sam 

> On 3 May 2017, at 14:43, Amos Jeffries [via Squid Web Proxy Cache] <ml+s1019090n4682277h30 at n4.nabble.com> wrote:
> 
> On 03/05/17 22:47, BurningSky wrote:
> 
> > Hi, 
> > 
> > I have been searching around the web for a while now to try and find a 
> > solution but having not had much luck I was wondering if someone on here 
> > could help. 
> > 
> > I have set up a Windows 2008 R2 server running the Diladele pre-complied 
> > Squid 3.5 proxy and am looking to make use of our firewall for URL 
> > filtering. Our firewall allows/denies access to certain web sites by using 
> > the AD group memberships of the Windows end user. 
> > 
> > I have managed to get a basic config up and running and am using the line 
> > below to forward the traffic via the proxy setup on our firewall. If I point 
> > the end user machine directly at the firewall then the filtering works but 
> > the firewall doesn't have caching, thus wanting to use Squid. 
> > cache_peer whl-utm1.e2v.com parent 3128 0 no-query default login=PASSTHRU 
> > 
> > As I am new to Squid I thought, perhaps naively, that the end user domain 
> > username would automatically be forwarded on with the requests to the parent 
> > but in the parents log file I just seem to see the username of the account 
> > that I have RDPed to the server on, not of the end user machine that the 
> > request is coming from.
> 
> Not sure exactly what you mean by "RPDd", but you can only authenticate 
> one user at a time with connection based authentication. 
> 
> The login=PASSTHRU is correct for passing whatever the clients sends 
> through to the parent proxy and vice versa for the parents response auth 
> headers. Squid must not itself perform any type of authentication with 
> either client, or the parents cache_peer TCP connections. 
> 
> Amos 
> 
> _______________________________________________ 
> squid-users mailing list 
> [hidden email] 
> http://lists.squid-cache.org/listinfo/squid-users
> 
> 
> If you reply to this email, your message will be added to the discussion below:
> http://squid-web-proxy-cache.1019090.n4.nabble.com/Passing-Windows-username-to-parent-proxy-tp4682272p4682277.html
> To unsubscribe from Passing Windows username to parent proxy, click here.
> NAML




--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Passing-Windows-username-to-parent-proxy-tp4682272p4682278.html
Sent from the Squid - Users mailing list archive at Nabble.com.


More information about the squid-users mailing list