Oui mis je n’ai pas beaucoup de temps…
Alors si tu as suivi le lien de mon post précédent :
OR with Samba
Join host to domain with net ads join
Create keytab for HTTP/fqdn with net ads keytab
Squid Configuration File
Paste the configuration file like this:
auth_param negotiate program /usr/sbin/squid_kerb_auth
auth_param negotiate children 10
auth_param negotiate keep_alive on
The basic auth ACL controls to make use of it are:
acl auth proxy_auth REQUIRED
http_access deny !auth
http_access allow auth
http_access deny all
Add the following to the squid startup script (Make sure the keytab is readable by the squid process owner e.g. chgrp squid /etc/squid/HTTP.keytab; chmod g+r /etc/squid/HTTP.keytab )
KRB5_KTNAME=/etc/squid/HTTP.keytab
export KRB5_KTNAME
Kerberos can keep a replay cache to detect the reuse of Kerberos tickets (usually only possible in a 5 minute window) . If squid is under high load with Negotiate(Kerberos) proxy authentication requests the replay cache checks can create high CPU load. If the environment does not require high security the replay cache check can be disabled for MIT based Kerberos implementations by adding the following to the startup script
KRB5RCACHETYPE=none
export KRB5RCACHETYPE
Il faut biensûr également configurer kerberos correctement !
En utilisant samba plus besoin de mskutils, tu joins la machine au domaine avec net ads join !