Quantcast
Channel: linuxadmin: Expanding Linux SysAdmin knowledge
Viewing all articles
Browse latest Browse all 17837

Squid/AD Integration

$
0
0

Does anyone have any experience with linking Squid to Active Directory? I've been following the doco (http://wiki.squid-cache.org/ConfigExamples/Authenticate/WindowsActiveDirectory), but authentication is failing. When I do a tcpdump, there's no activity on port 88 (Kerberos) and in cache.log, I get:

ERROR: Negotiate Authentication validating user. Error returned 'BH received type 1 NTLM token'

So it looks like Squid isn't even trying to auth using Kerberos, and is simply falling back to NTLM.

My krb5.conf looks like this: http://pastebin.com/xqpn0cPm

My squid.conf looks like this: http://pastebin.com/mRBj5X2H

I've got a user 'squid' in AD, and I created the Kerberos keytab using this command:

ktpass -princ HTTP/squid03.domain.local@DOMAIN.LOCAL -mapuser squid@DOMAIN.LOCAL -crypto aes256-sha1 -pass ************* -ptype KRB5_NT_PRINCIPAL -out squid03-http.keytab

I tried using msktutil as in the doco, but I had the same issue.

In the doco, it mentions using negotiate_wrapper (wouldn't compile on any system I tried it on) and squid_kerb_auth (not included with my Squid install). As in my squid.conf, I'm using negotiate_kerberos_auth, which seems to do a similar job.

If anyone has any suggestions, I'd be really grateful to hear them.

submitted by sysadmin_guy
[link][6 comments]

Viewing all articles
Browse latest Browse all 17837

Trending Articles