Univention Bugzilla – Bug 31968
samba 3 support for univention-squid-kerberos
Last modified: 2017-08-08 07:09:16 CEST
Currently univention-squid-kerberos creates the HTTP/FQDN_PROXY@HANS.DE only in a samba 4 environment. Why is that?
Development of univention-squid-kerberos was aborted at some point, amongst other things due to Bug 27401.
By now our auth helper squid_ldap_ntlm_auth is also a negotiate wrapper (with kerberos (squid_kerb_auth) and ntlm as backends). I think there is no reason not "kerberosify" the univention-squid in a non-Samba4 environment. -> univention-install univention-squid -> eval "$(ucr shell)" -> udm kerberos/kdcentry create "$@" \ --ignore_exists \ --position "cn=kerberos,$ldap_base" \ --set name="HTTP/$hostname.$domainname" \ --set generateRandomPassword=1 -> kadmin -l ext \ --keytab=/var/lib/samba/private/http-proxy-$hostname.keytab \ 'HTTP/$hostname.$domainname@$keberos_realm' -> chown proxy /var/lib/samba/private/http-proxy-master.keytab -> ucr set squid/krb5auth='yes' -> /etc/init.d/squid3 restart
*** Bug 27980 has been marked as a duplicate of this bug. ***
The keytab should also rather be placed in /etc/squid3 or /var/spool/squid3/ than in a samba specific directory. The univention-squid template for /etc/default/squid3 needs to be adjusted accordingly as well.
This issue has been filed against UCS 3. UCS 3 is out of the normal maintenance and many UCS components have vastly changed in UCS 4. If this issue is still valid, please change the version to a newer UCS version otherwise this issue will be automatically closed in the next weeks.
This issue has been filed against UCS 3.1. UCS 3.1 is out of maintenance and many UCS components have vastly changed in later releases. Thus, this issue is now being closed. If this issue still occurs in newer UCS versions, please use "Clone this bug" or reopen this issue. In this case please provide detailed information on how this issue is affecting you.