[squid-users] Squid Config with AD Intranet Example
Hi everybody, Would anybody be willing to post up there configuration where they have allowed access to there company Intranet and have AD users authenticated? Of course, remove relevant data that shouldn't be shown online. I'm just interested in seeing an example, because I can't get my configuration working correctly.
Re: [squid-users] Squid Config with AD Intranet Example
Would anybody be willing to post up there configuration where they have allowed access to there company Intranet and have AD users authenticated? Of course, remove relevant data that shouldn't be shown online. I'm just interested in seeing an example, because I can't get my configuration working correctly. Is it mandatory that your intranet go via squid instead of direct? If so does your Intranet use Integrated Windows Authentication? This thread may be useful http://www.squid-cache.org/mail-archive/squid-users/201201/0189.html
Re: [squid-users] Squid Config with AD Intranet Example
It actually doesn't require going through Squid. I never really thought I could bypass it. My plan was to utilize WCCP in my Squid implementation, would this create a problem? So would I configure Squid to ignore the intranet address when a user on the proxy types it in? I'm thinking this is what needs to be done since I'm going to be using WCCP per user port on the switch. On Sat, Jan 14, 2012 at 3:25 PM, James Robertson j...@mesrobertson.com wrote: Would anybody be willing to post up there configuration where they have allowed access to there company Intranet and have AD users authenticated? Of course, remove relevant data that shouldn't be shown online. I'm just interested in seeing an example, because I can't get my configuration working correctly. Is it mandatory that your intranet go via squid instead of direct? If so does your Intranet use Integrated Windows Authentication? This thread may be useful http://www.squid-cache.org/mail-archive/squid-users/201201/0189.html
Re: [squid-users] Squid Config with AD Intranet Example
It actually doesn't require going through Squid. I never really thought I could bypass it. My plan was to utilize WCCP in my Squid implementation, would this create a problem? So would I configure Squid to ignore the intranet address when a user on the proxy types it in? I'm thinking this is what needs to be done since I'm going to be using WCCP per user port on the switch. I have never used WCCP but looking at the squid wiki I would expect connections to the Intranet from the client to go via the LAN (bypassing squid) anyway (that assumes not client configuration). There are a number of methods to bypass certain addresses or networks. The simplest of which would be to add exclusions into the web browser proxy configuration directly. I use WPAD on the installations I do and it works very well (IE can have a stupid quirk if you have not previously used a proxy on your LAN though). http://serverfault.com/questions/54567/internet-explorer-isnt-auto-discovering-http-wpad-wpad-dat-auto-config/313284#313284
Re: [squid-users] Squid Config with AD Intranet Example
in? I'm thinking this is what needs to be done since I'm going to be using WCCP per user port on the switch. I have never used WCCP but looking at the squid wiki I would expect connections to the Intranet from the client to go via the LAN (bypassing squid) anyway (that assumes not client configuration). Just re-read the point about the switch Disregard my comment here as I was thinking of the Firewall doing WCCP in which case LAN HTTP traffic would not hit the firewall and therefore go across the LAN direct. Seems overly complicated, just my 2 cents...
Re: [squid-users] Squid Config with AD Intranet Example
On 15/01/2012 12:58 p.m., James Robertson wrote: in? I'm thinking this is what needs to be done since I'm going to be using WCCP per user port on the switch. I have never used WCCP but looking at the squid wiki I would expect connections to the Intranet from the client to go via the LAN (bypassing squid) anyway (that assumes not client configuration). Just re-read the point about the switch Disregard my comment here as I was thinking of the Firewall doing WCCP in which case LAN HTTP traffic would not hit the firewall and therefore go across the LAN direct. Seems overly complicated, just my 2 cents... Yes, WCCP interception is tricky and authentication is impossible when traffic is intercepted. You are forced to add some side-band authorization instead which adds yet another two layers of complexity and is not quite as reliable. It is far better is to use WPAD across the network and the clients which support it will go through the proxy and authentication processes without any further trouble on your part. WCCP or other interception can be used as backup for WPAD to catch the software which is not supporting WPAD. As for configuration examples; the default squid.conf is setup to permit proxying LAN traffic for clients which are either configured directly or through WPAD to use the proxy. You can find example configuration snippets at http://wiki.squid-cache.org/ConfigExamples which get added to the default config as needed for the feature you want to configure. The examples should be clear enough so long as you remember they are just snippets of the particular lines for that feature, you still need to polish exact order-specific locations of those settings to work the feature into your existing config. Amos
