RE: [squid-users] ntlm and kerberos

From: <Anders.Larsson_at_tieto.com>
Date: Thu, 5 Apr 2012 12:09:37 +0300

Ok i did the migration yesterday from ntlm to kerberos :) went very smooooth..

One other thing is there a way to set logging for kerberos so I can see failed auth against AD ?
And what do u recommend in children ? I got 15 now.
We got 4000 users in domain

The main issue that I moved from ntlm was that we had some issues with sistes that had to exclude in auth.. because java.. and that some users got problem with auth popup login in their IE.. they just needed to type user and password then it worked..

But now we still have the issue with popup for some users.. like 30 users.. very strange behavior.

 * Systemadmin Unix/Linux/Vmware
 * Tieto
 * Kyrkgatan 60
 * 831 34 �STERSUND
 * V�xel: +46 (0)10 481 98 00
 * Fax: +46 (0)10 481 98 10
 * Tel: +46 (0)10 481 02 20
 * Mobil: +46 (0)70 656 42 64
 * Mail: anders.larsson_at_tieto.com
 **********************************************
  
  ---- Debian is they way to salvation ----
  
  --- How Hard Can It Be ---

-----Original Message-----
From: Amos Jeffries [mailto:squid3_at_treenet.co.nz]
Sent: den 3 april 2012 13:17
To: squid-users_at_squid-cache.org
Subject: Re: [squid-users] ntlm and kerberos

On 3/04/2012 7:26 p.m., Anders.Larsson wrote:
> Hi!
>
> Im using at the moment ntlm to auth to AD, I got a test server that are using Kerberos..
> Now I want to change the prod machine to use Kerberos to.. is there a way to have both auth directives in conf ?

Yes. Simply put them both in.
http://wiki.squid-cache.org/Features/Authentication#Can_I_use_different_authentication_mechanisms_together.3F

>
> I want to take it in steps so I have to create a acl for src ip/hosts..
> But how do I do the point out witch auth so it uses the acl for Kerberos..??
> Possible ?

Not possible unfortunately. The clients software decides.

Amos
Received on Thu Apr 05 2012 - 09:09:55 MDT

This archive was generated by hypermail 2.2.0 : Thu Apr 05 2012 - 12:00:02 MDT