On 2021-06-08 16:05, m k wrote:
hi all,
Thank you for always helping me with my difficulties.
With your help I am able to complete the proxy. Please help me again
this time.
I want to configure my squid authentication as follows.
Try single sign-on for squid with Kerberos authentication.
hi all,
Thank you for always helping me with my difficulties.
With your help I am able to complete the proxy. Please help me again this
time.
I want to configure my squid authentication as follows.
Try single sign-on for squid with Kerberos authentication.
↓.
Squid will try authentication with
Thanks.
Eliezer Croitoru
Tech Support
Mobile: +972-5-28704261
Email: ngtech1...@gmail.com
-Original Message-
From: Klaus Brandl
Sent: Thursday, November 5, 2020 11:21 AM
To: ngtech1...@gmail.com
Cc: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] squid kerberos auth
Klaus Brandl
> Sent: Monday, July 27, 2020 7:36 PM
> To: squid-users@lists.squid-cache.org
> Subject: Re: [squid-users] squid kerberos auth, acl note group
>
> Hi Markus and Amos,
>
> thanks for your answers, it is working now, after the group was
> deleted and
> created n
Mobile: +972-5-28704261
Email: ngtech1...@gmail.com
-Original Message-
From: squid-users On Behalf Of
Klaus Brandl
Sent: Monday, July 27, 2020 7:36 PM
To: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] squid kerberos auth, acl note group
Hi Markus and Amos,
thanks for your
> > But i think, we have a caching problem here, i found out, that the
> > group
> > informations are only updated on a squid reconfigure.
> >
> > And also the acl note group ... seems to be cached as long as squid
> > is
> > restarted completely. I removed the configured group from the user,
>
Hi Markus and Amos,
thanks for your answers, it is working now, after the group was deleted and
created new. Most likely it was no security object...
Regards
On Saturday 25 July 2020 16:43:13 Markus Moeller wrote:
> Hi Klaus,
>
> Is the group you added a security group ? Only security
Hi Klaus,
Is the group you added a security group ? Only security groups are part
of the Kerberos ticket. Which authorisation helper do you use or is this
just based on the auth helper output ?
What do you see on the client ? e.g. in powershell run whoami /groups
Did you clear
On 25/07/20 2:48 am, Klaus Brandl wrote:
> sorry, i did not found this script, and the binary is not available on our
> product, because i'm no developer...
>
Darn. Okay that hinders testing a bit.
> But i think, we have a caching problem here, i found out, that the group
> informations are
sorry, i did not found this script, and the binary is not available on our
product, because i'm no developer...
But i think, we have a caching problem here, i found out, that the group
informations are only updated on a squid reconfigure.
And also the acl note group ... seems to be cached as
On 23/07/20 12:53 am, Klaus Brandl wrote:
> On Thursday 23 July 2020 00:16:45 Amos Jeffries wrote:
>> On 22/07/20 8:59 pm, Klaus Brandl wrote:
>>> but i have compared the encoded string from the auth helper with the
>>> string at the Proxy-Authentication header from the client with tcpdump,
>>>
On Thursday 23 July 2020 00:16:45 Amos Jeffries wrote:
> On 22/07/20 8:59 pm, Klaus Brandl wrote:
> > but i have compared the encoded string from the auth helper with the
> > string at the Proxy-Authentication header from the client with tcpdump,
> > and it's exactly the same:
> >
> >
On 22/07/20 8:59 pm, Klaus Brandl wrote:
>
> but i have compared the encoded string from the auth helper with the string
> at
> the Proxy-Authentication header from the client with tcpdump, and it's
> exactly
> the same:
>
> Proxy-Authorization: Negotiate
On Tuesday 21 July 2020 14:21:46 Alex Rousskov wrote:
> On 7/21/20 10:41 AM, Klaus Brandl wrote:
> > we have a problem with the squid kerberos auth helper and the note acl
> > matching to user groups in an active directory.
> > First the user was in one group, which was configured via the groupSid
On 7/21/20 10:41 AM, Klaus Brandl wrote:
> we have a problem with the squid kerberos auth helper and the note acl
> matching to user groups in an active directory.
> First the user was in one group, which was configured via the groupSid base64
> string as a note acl, and this was working very
Hi there,
we have a problem with the squid kerberos auth helper and the note acl
matching to user groups in an active directory.
First the user was in one group, which was configured via the groupSid base64
string as a note acl, and this was working very well.
Then there was added a new group
rs-boun...@lists.squid-cache.org] Namens
Kevin M???hlparzer
Verzonden: dinsdag 13 juni 2017 14:00
Aan: squid-users@lists.squid-cache.org
Onderwerp: [squid-users] Negotiate Kerberos Auth - BH Invalid request
Hello list,
I asked about a problem with NTLM-Authentication before. (BH SPNEGO req
Hello list,
I asked about a problem with NTLM-Authentication before. (BH SPNEGO request
invalid prefix; thats the error of the helper protocol
"helper-protocol=squid-2.5-ntlmssp" I used with NTLM, while basic works fine)
A user told me I should use negotiate_kerberos_auth instead of
Many thanks Markus, i solved everythings!
Sent: Tuesday, March 22, 2016 at 1:25 AM
From: "Markus Moeller" <hua...@moeller.plus.com>
To: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] NEGOTIATE Kerberos Auth
Hi,
1) Yes, you should see user@DOM
KNOWN
User's PC belonging to EXTERNALS.COM are joined to EXTERNALS.COM
Best Regards.
Sent: Saturday, March 19, 2016 at 12:28 AM
From: "Markus Moeller" <hua...@moeller.plus.com>
To: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] NEGOTIATE Kerberos Auth
Hi,
Is you client
Hi,
Is you client a member of FATHER.COM or KID1.FATHER.COM / KID2.FATHER.COM ?
Can you get a wireshark capture on your client on port 88 ? You should
see some TGS –REQs in the capture and I assume also TGS-REPs with error
messages. Can you share these error messages ?
Regards
Hi Enrico,
The Kerberos helper will authenticate only for now ( There is a now code to
get the group information, but it is not further processed). It does not do
anything to group membership like the winbind cache. Also keep in mind
Kerberos cache for about 10 hours the ticket on the
Hello together,
My Issue is the following:
Using Squid3 with Kerberos Auth works just fine but does not update the users
group membership in the winbind cache of samba as for examle ntlm_auth does.
So when using /usr/lib/squid3/negotiate_kerberos_auth for Kerberos, the auth
works, but group
Hello guys,
I'm having problems when trying to authenticate using squid squid_kerb_auth.
In access.log only denies the request and the browser keeps requesting
credentials.
In cache.log get the following in return:
08/13/2014 16:58:27 kid1 | ERROR: Negotiate Authentication validating user.
Could it be that a Windows application uses its system key to authenticate
against squid ? This could happen if now user is logged in and the
application runs as a service.
Markus
JC Putter jcput...@gmail.com wrote in message
Ah! That makes sense! Thanks!
On Thu, May 2, 2013 at 9:23 PM, Markus Moeller hua...@moeller.plus.com wrote:
Could it be that a Windows application uses its system key to authenticate
against squid ? This could happen if now user is logged in and the
application runs as a service.
Markus
One partial answer to my own question: in the proxypac, ftp traffic
could be diverted to another proxy:
if (shExpMatch(url, ftp:*)) {
return PROXY otherproxy.mysite.ch:80;
}
On 17 April 2013 08:56, Sean Boran s...@boran.com wrote:
Hi,
Kerberos is authenticating http/s traffic for me
(sorry for the slow answer, an over-eager spam filter swallowed this msg).
In wireshark, the server name sent in the ticket is correct
(proxy.example.com) , encryption is rc4-hmac and knvo=5.
This is the same kvno as seen in klist -ekt /etc/krb5.keytab (with
des-cbc-crc, des-cbc-md5,
That should work. What do you see in Wireshark when you look at the traffic
to the proxy ? If you exand the Negotiate header you should see what is the
principal name and kvno. Both must match what is in your keytab ( check with
klist -ekt /etc/keytab)
Markus
Sean Boran s...@boran.com
: [squid-users] No Kerberos Auth
I think encrypte Type is already 28.
This is the output with -- encrypt 28
-- ldap_set_supportedEncryptionTypes: No need to change
msDs-supportedEncryptionTypes they are 28
Von: Jarosch, Ralph
Gesendet: Dienstag, 30. Oktober 2012 15:24
An: 'Bastien Ceriani'
Cc
Hi,
i have some trouble to authenticate our web browser over Kerberos.
I Always get the following error message.
2012/10/30 14:27:55| squid_kerb_auth: DEBUG: Decode
: Bastien Ceriani [mailto:bastien.ceri...@bulkypix.com]
Gesendet: Dienstag, 30. Oktober 2012 15:00
An: Jarosch, Ralph
Betreff: Re: [squid-users] No Kerberos Auth
I'm in the same case..
Try to check kerberos TGS REQ and TGS REP with wireshark ?
Can you display :
- your keytab ? (klist -ekt
-cache.org
Betreff: Re: [squid-users] No Kerberos Auth
Ok Thx,
With Windows Server 2008 you should use --enctypes 28 parameter with msktutils
command.
Did your ntlm authentification work fine ? How did you configure it ? With
Samba/Winbind ?
On Tue, Oct 30, 2012 at 3:08 PM, Jarosch, Ralph
ralph.jaro
Betreff: AW: [squid-users] No Kerberos Auth
Oh ok.. yes it work fine until ten minute i wrote the mail. There it crashed
from one minute to the other I'am just troubleshoot the problem..
Von: Bastien Ceriani [mailto:bastien.ceri...@bulkypix.com]
Gesendet: Dienstag, 30. Oktober 2012 15:16
i am planing to setup kerberos auth in squid. At the moment we are using ntlm
auth but want also to provide Kerberos/negotiate auth.
A few questions:
1) Do we need a keytab file?
2) We have multiple squid-servers, do I need an individual keytab-file for each
server or would it be enough to
Hey people,
i'm runing squid-3.1 with negotiate with squid_kerb_auth program. The
only problem is that it's generating slowlyness for browsing sites.
Could anyone point some article of tunning squid with kerberos?
regards,
Wladner
Hi Wladner,
If you use MIT Kerberos you could try to disable the replay cache
Kerberos can keep a replay cache to detect the reuse of Kerberos tickets
(usually only possible in a 5 minute window) . If squid is under high load
with Negotiate(Kerberos) proxy authentication requests the replay
Did you try my negotiate wrapper ? It is part of squid 3.2, but right now
only works with 3.1 ( I have an open bug for 3.2)
Markus
Emmanuel Lacour elac...@easter-eggs.com wrote in message
news:20111209110446.gc11...@easter-eggs.com...
On Thu, Dec 08, 2011 at 09:14:51PM +0100, Emmanuel
On Fri, Dec 09, 2011 at 06:31:07PM -, Markus Moeller wrote:
Did you try my negotiate wrapper ? It is part of squid 3.2, but
right now only works with 3.1 ( I have an open bug for 3.2)
looks interesting, I'm going to grab it from last 3.2 sources and
compile it for 3.1. I'll let you know
On Fri, Dec 09, 2011 at 06:31:07PM -, Markus Moeller wrote:
Did you try my negotiate wrapper ? It is part of squid 3.2, but
right now only works with 3.1 ( I have an open bug for 3.2)
Can you give me hints on how to build it for 3.1 ?
] Re: [squid-users] Re: Kerberos auth with Active
Directory.
hello
Thank you again for your advice. Researching the SASL support requirements
I discovered from the output of configure for squid_kerb_ldap that the check
for sasl.h returned no. So I identified the debian package libsasl2-dev
Rolf Loudon r...@ses.tas.gov.au wrote in message
news:ea4139a9-af4d-4e0d-8a05-c7b0c3ef4...@ses.tas.gov.au...
hello
Hi Rolf
I am trying to setup kerberos auth against Active Directory - Windows
2000 - in squid, 2.7. This is primarily so that the username is captured
in the access log.
Hi all,
about environment:
Squid version = squid-3.0.STABLE8
Active Directory Windows 2003
Linux Redhat EL 5
I´m trying using kerberos auth with squid_kerb_auth looking for
http://klaubert.wordpress.com/2008/01/09/squid-kerberos-authentication-and-ldap-authorization-in-active-directory/
43 matches
Mail list logo
