(Created page with '== Kerberos == Squid can authenticate against a Kerberos KDC using the SQUID_KERB_AUTH helper.<br> This is particularly useful for Single Sign On authentication against Windows A...') |
(No difference)
|
Revision as of 15:54, 7 March 2011
Kerberos
Squid can authenticate against a Kerberos KDC using the SQUID_KERB_AUTH helper.
This is particularly useful for Single Sign On authentication against Windows Active Directory.
DNS & Hostname
On the Windows DNS server create a HOST(A) record that points to the squid server.
For this example we'll call the squid server web-proxy.domain.lan
You'll also need to set the hostname of the squid server to match.
On FreeBSD you set the hostname in /etc/rc.conf by setting:
hostname="web-proxy.domain.lan"
You'll also need to change /etc/hosts to match
192.168.99.254 web-proxy.domain.lan web-proxy
Now reboot your FreeBSD box to make the changes take effect.
NOTE: You're going to be creating a AD account with the same username as the squid servers hostname. Windows has a few reserved hostnames "proxy" is one of them. So while using a hostname like proxy.domain.lan seems logical, windows will complain so its best to avoid it.