0 10:45 AM
> To: squid-users@lists.squid-cache.org
> Subject: Re: [squid-users] Problem with HAProxy + Squid 4.11 + Kerberos
> authentication
>
> Hi Brett,
>
> but then you have a single point of failure, if your loadbalancer is down,
> nothing will work. We need a solution, that eac
On Fri, Jul 24, 2020 at 10:44:34AM +0200, Klaus Brandl wrote:
>
> but then you have a single point of failure, if your loadbalancer is down,
> nothing will work. We need a solution, that each system can work by itself.
> So
> at the moment we merge the keytabs of each system together, and we
quid-users@lists.squid-cache.org
Onderwerp: [squid-users] Problem with HAProxy + Squid 4.11 + Kerberos
authentication
Hi, everybody.
I have a SQUID 4.11 compiled on Debian 9.8 with kerberos integration
authenticating and browsing without problems:
cache.log
squid_kerb_auth: User
nden: vrijdag 24 juli 2020 11:39
> Aan: Brett Lymn; Klaus Brandl
> CC: squid-users@lists.squid-cache.org
> Onderwerp: Re: [squid-users] Problem with HAProxy + Squid
> 4.11 + Kerberos authentication
>
> Hello Klaus, Brett, all list members,
>
> This is the scheme with ha
Thanks Amos, Kerberos is really hard to learn for a rookie like me, but you
explained it in an excellent and concise way.
In my case, the SQUID servers are joined to the domain with their
respective SPN and UPN that I mentioned in the msktutil command.
And in the case of the Load Balancer HAProxy
Thanks, Brett, for the answer. I did exactly the same thing and it's
working for me now.
I only have to decrypt how to see the client's IP in SQUID's logs. I will
follow your instructions to try to achieve it.
Best regards,
Gabriel
El jue., 23 de jul. de 2020 a la(s) 21:23, Brett Lymn (
[mailto:squid-users-boun...@lists.squid-cache.org] Namens
Service MV
Verzonden: donderdag 23 juli 2020 17:36
Aan: squid-users@lists.squid-cache.org
Onderwerp: [squid-users] Problem with HAProxy + Squid 4.11 + Kerberos
authentication
Hi, everybody.
I have a SQUID 4.11 compiled on Debian 9.8
Service MV
Verzonden: donderdag 23 juli 2020 17:36
Aan: squid-users@lists.squid-cache.org
Onderwerp: [squid-users] Problem with HAProxy + Squid 4.11 + Kerberos
authentication
Hi, everybody.
I have a SQUID 4.11 compiled on Debian 9.8 with kerberos integration
authenticating and browsing without
] Problem with HAProxy + Squid 4.11 + Kerberos
authentication
Hi Brett,
but then you have a single point of failure, if your loadbalancer is down,
nothing will work. We need a solution, that each system can work by itself. So
at the moment we merge the keytabs of each system together, and we are able
-
From: squid-users On Behalf Of
Brett Lymn
Sent: Friday, July 24, 2020 2:23 AM
To: Klaus Brandl
Cc: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Problem with HAProxy + Squid 4.11 + Kerberos
authentication
On Thu, Jul 23, 2020 at 06:07:39PM +0200, Klaus Brandl wrote
Hi Brett,
but then you have a single point of failure, if your loadbalancer is down,
nothing will work. We need a solution, that each system can work by itself. So
at the moment we merge the keytabs of each system together, and we are able to
takeover the addresses of the other systems. Then
On 24/07/20 5:09 am, Service MV wrote:
> Hi Klaus,
> I think something similar. But I understand that you can use the
> Kerberos delegation in AD. That's partly why I'm not convinced by the
> documentation I read, which tells me to create a user account in Active
> Directory. And I don't
On Thu, Jul 23, 2020 at 06:07:39PM +0200, Klaus Brandl wrote:
>
> But if anyone knows a solution, i will spread my ears :)
>
What we do is:
1) create a user account in AD that will be used for the HA front end,
set a password and export the keytab for this user
2) Use ktadmin to import the
Hi Klaus,
I think something similar. But I understand that you can use the Kerberos
delegation in AD. That's partly why I'm not convinced by the documentation
I read, which tells me to create a user account in Active Directory. And I
don't understand what a user account has to do here. Maybe the
Hi Gabriel,
same problem here on our HA systems.
I think, this is caused by kerberos overall, the tickets are always bound to
the hosts realname and address, look at "klist" on your client, and only
exactly this name could be used as proxy entry.
But if anyone knows a solution, i will spread
Hi, everybody.
I have a SQUID 4.11 compiled on Debian 9.8 with kerberos integration
authenticating and browsing without problems:
cache.log
squid_kerb_auth: User some.user authenticated
access.log
10.10.10.203 TCP_TUNNEL/200 5264 CONNECT update.googleapis.com:443
some.user
16 matches
Mail list logo
