[Freeipa-users] Squid authentication in FreeIPA

holo holosian at gmail.com
Fri Nov 20 22:21:04 UTC 2015 

Thank you for your reply. 
I think i wasnt clear enough. Clients of proxy server are not
kerberized. I want to just authenticate them for proxy use in kerberos
DB when they are trying to use it (just by popup like in NTLM). Is such
thing possible with kerberos? I saw on yt such thing wasa posible with
AD.
//holo
On Fri, 2015-11-20 at 17:11 -0430, Loris Santamaria wrote:
> El vie, 20-11-2015 a las 22:24 +0100, holo escribió:
> > Hello
> > 
> > I configured Squid to use kerberos authentication according to that
> > howto: http://www.freeipa.org/page/Squid_Integration_with_FreeIPA_u
> > sing_Single_Sign_On but I'm not getting any popup when im trying to
> > use proxy, instead I'm just getting information that I'm not
> > authenticated.
> > 
> > Anyone is using FreeIPA in such configuration?
> Yes and it works perfectly. 
> 
> First check the basic stuff: the pc accessing squid should be part of
> the ipa domain or a trusted domain, the browser should be configured
> to access squid by its full name (accessing by IP won't work),
> browser must support negotiate auth, client and server clocks must be
> in sync.
> 
> If everything seems ok, restart squid, try connection from a client,
> and check for any error messages in squid's cache.log file
> 
> Best regards
> 
> > -- 
> > Manage your subscription for the Freeipa-users mailing list:
> > https://www.redhat.com/mailman/listinfo/freeipa-users
> > Go to http://freeipa.org for more info on the project
> -- 
> Loris Santamaria   linux user #70506   xmpp:loris at lgs.com.ve
> Links Global Services, C.A.            http://www.lgs.com.ve
> Tel: 0286 952.06.87  Cel: 0414 095.00.10  sip:103 at lgs.com.ve
> ------------------------------------------------------------
> "If I'd asked my customers what they wanted, they'd have said
> a faster horse" - Henry Ford
> -- 
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20151120/e9ea553c/attachment.htm>

More information about the Freeipa-users mailing list