L.P.H. van Belle
2014-Dec-18 12:39 UTC
[Samba] Samba 4 with squid3 (--helper-protocol=gss-spnego )
Hai, ? Im know this might not be the place to ask, but im doing it anyway..? ;-) ? Im testing an debian Jessie server with squid3 ( 3.4.8 ) Its running Debian Samba 4.1.13 with winbind. ? Im having troubles, to get the squid auth working. So my question is is someone here using kerberos authentication on squid. ( 3.4.x ) Or someone who is using the gss-spnego helper protocol. ? Im using this line :? auth_param negotiate program /usr/bin/ntlm_auth --helper-protocol=gss-spnego wbinfo -a testuser at REALM? works ok. wbinfo -a DOMAIN\\testuser? works also ok. ? ssh login with kerberos works also ok. ? I?did have the HTTP spn to the?hostname of the proxyserver? in the AD. ? I have these SPN's on the squid host. samba-tool spn list proxy3\$ User CN=proxy3,CN=Computers,DC=internal,DC=domain,DC=tld has the following servicePrincipalName: ???? HOST/PROXY3???????? ?????HOST/proxy3.internal.domain.tld ?????HTTP/proxy3.internal.domain.tld at REALM ? my keytab contains the spn's as shown above, all in 1 keytab file? ( /etc/krb5.keytab ) and for squid i added also the following : ? I added the proxy user to the winbindd_priv group i did set the keytab file to proxy:proxy? ( 400 ) and i added this in /etc/default/squid3 KRB5_KTNAME=/etc/squid3/private/proxy3-HTTP.keytab export KRB5_KTNAME Which contains only the HTTP spn. ? ? So if anyone has any hint or thing i can test please tell me, that would be nice... google didnt help me, most of the things there are based on squid 3.1 and as of 3.3? ?--helper-protocol=gss-spnego? is also an option which look nicer to me. ? if i can get it to work ...? :-/?? ? ? ? Greetz, ? Louis ? ? ? ?
Apparently Analagous Threads
- samba4+squid3+ntlm
- Samba4 and Squid3 with ntlm_auth
- squid, ntlm_auth, winbind problem
- [squid-users] debian Jessie squid with auth (kerberos/ntlm/basic) ERROR type NTLM type 3
- [squid-users] debian Jessie squid with auth (kerberos/ntlm/basic) ERROR type NTLM type 3