subject:"Re\: \[Freeipa\-users\] Squid authentication in FreeIPA"

Re: [Freeipa-users] Squid authentication in FreeIPA

2015-11-20 Thread Loris Santamaria

El vie, 20-11-2015 a las 22:24 +0100, holo escribió:
> Hello
> 
> I configured Squid to use kerberos authentication according to that
> howto: http://www.freeipa.org/page/Squid_Integration_with_FreeIPA_usi
> ng_Single_Sign_On but I'm not getting any popup when im trying to use
> proxy, instead I'm just getting information that I'm not
> authenticated.
> 
> Anyone is using FreeIPA in such configuration?
Yes and it works perfectly. 
First check the basic stuff: the pc accessing squid should be part of
the ipa domain or a trusted domain, the browser should be configured to
access squid by its full name (accessing by IP won't work), browser
must support negotiate auth, client and server clocks must be in sync.
If everything seems ok, restart squid, try connection from a client,
and check for any error messages in squid's cache.log file
Best regards
> -- 
> Manage your subscription for the Freeipa-users mailing list:
> 
https://www.redhat.com/mailman/listinfo/freeipa-users
> 
> Go to http://freeipa.org for more info on the project
-- 
Loris Santamaria   linux user #70506   xmpp:lo...@lgs.com.ve
Links Global Services, C.A.http://www.lgs.com.ve
Tel: 0286 952.06.87  Cel: 0414 095.00.10  sip:1...@lgs.com.ve

"If I'd asked my customers what they wanted, they'd have said
a faster horse" - Henry Ford



smime.p7s
Description: S/MIME cryptographic signature
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Squid authentication in FreeIPA

2015-11-20 Thread Natxo Asenjo

hi holo,


On Fri, Nov 20, 2015 at 11:21 PM, holo  wrote:

> Thank you for your reply.
>
> I think i wasnt clear enough. Clients of proxy server are not kerberized.
> I want to just authenticate them for proxy use in kerberos DB when they are
> trying to use it (just by popup like in NTLM). Is such thing possible with
> kerberos? I saw on yt such thing wasa posible with AD.
>
> //holo
>

did you ask this question in serverfault as well :-) ?

http://serverfault.com/questions/737902/squid-kerberos-authentication-no-popup/737909#737909

If you require ntlm, then you should joing the squid host to an AD realm, I
do not think this will work with freeipa because it does not do ntlm as far
as I know.

--
Groeten,
natxo
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Squid authentication in FreeIPA

2015-11-20 Thread holo

Thank you for your reply. 
I think i wasnt clear enough. Clients of proxy server are not
kerberized. I want to just authenticate them for proxy use in kerberos
DB when they are trying to use it (just by popup like in NTLM). Is such
thing possible with kerberos? I saw on yt such thing wasa posible with
AD.
//holo
On Fri, 2015-11-20 at 17:11 -0430, Loris Santamaria wrote:
> El vie, 20-11-2015 a las 22:24 +0100, holo escribió:
> > Hello
> > 
> > I configured Squid to use kerberos authentication according to that
> > howto: http://www.freeipa.org/page/Squid_Integration_with_FreeIPA_u
> > sing_Single_Sign_On but I'm not getting any popup when im trying to
> > use proxy, instead I'm just getting information that I'm not
> > authenticated.
> > 
> > Anyone is using FreeIPA in such configuration?
> Yes and it works perfectly. 
> 
> First check the basic stuff: the pc accessing squid should be part of
> the ipa domain or a trusted domain, the browser should be configured
> to access squid by its full name (accessing by IP won't work),
> browser must support negotiate auth, client and server clocks must be
> in sync.
> 
> If everything seems ok, restart squid, try connection from a client,
> and check for any error messages in squid's cache.log file
> 
> Best regards
> 
> > -- 
> > Manage your subscription for the Freeipa-users mailing list:
> > https://www.redhat.com/mailman/listinfo/freeipa-users
> > Go to http://freeipa.org for more info on the project
> -- 
> Loris Santamaria   linux user #70506   xmpp:lo...@lgs.com.ve
> Links Global Services, C.A.http://www.lgs.com.ve
> Tel: 0286 952.06.87  Cel: 0414 095.00.10  sip:1...@lgs.com.ve
> 
> "If I'd asked my customers what they wanted, they'd have said
> a faster horse" - Henry Ford
> -- 
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Squid authentication in FreeIPA

Re: [Freeipa-users] Squid authentication in FreeIPA

Re: [Freeipa-users] Squid authentication in FreeIPA

3 matches

Site Navigation

Mail list logo

Footer information