cancel
Showing results for 
Search instead for 
Did you mean: 

How to chain Squid with MWG and authentication

Jump to solution

Hi,

I would like to know if it's possible to get the following proxy chain : Client > Proxy Squid > Proxy MWG +  LDAP authentication.

I've configured simple LDAP authentication rules on MWG with success : Client > Proxy MWG + LDAP authentication. But when adding Squid in the chain i've got an block authentication required message on client browser.

I'm using simple cache_peer configuration in squid.conf : cache_peer X.X.X.X parent 3128 0 default no-query

I think i'm wrong but don't know where

Regards

Vincent

0 Kudos
1 Solution

Accepted Solutions
otruniger
Level 10

Re: How to chain Squid with MWG and authentication

Jump to solution

Yes you can provide authentication from Squid to MWG if you use the same authentication on both. Just use the same LDAP setting on Squid and on MWG and use this in your Squid conf:

cache_peer xxx.xxx.xxx.xxx parent 8080 0 no-query login=PASS

0 Kudos
5 Replies
bwallace1
Level 9

Re: How to chain Squid with MWG and authentication

Jump to solution

Hi Vincent -

Based on the following thread, I'd have to say this is not possible, but perhaps someone else can chime in with further detail and to confirm:

https://community.mcafee.com/message/310711#310711

0 Kudos
eelsasser
Level 15

Re: How to chain Squid with MWG and authentication

Jump to solution

I concur.

Authentication is hop-by-hop per the RFC. You cannot chain authentication through to a second proxy.

0 Kudos

Re: How to chain Squid with MWG and authentication

Jump to solution

Hi.

Thanks for answers. I'm going to authenticate users otherwise.

Regards

Vincent

0 Kudos
otruniger
Level 10

Re: How to chain Squid with MWG and authentication

Jump to solution

Yes you can provide authentication from Squid to MWG if you use the same authentication on both. Just use the same LDAP setting on Squid and on MWG and use this in your Squid conf:

cache_peer xxx.xxx.xxx.xxx parent 8080 0 no-query login=PASS

0 Kudos

Re: How to chain Squid with MWG and authentication

Jump to solution

Hi,

I've configured squid.conf with :

#LDAP Authentication

auth_param basic program /usr/lib64/squid/squid_ldap_auth -D "cn=Administrator,cn=Users,dc=my,dc=domain" -w password -b "cn=Users,dc=my,dc=domain" -f "sAMAccountName=%s" -h xxx.xxx.xxx.xxx -p 389

auth_param basic children 5

auth_param basic realm Proxy Authentication

auth_param basic credentialsttl 1 hours

And of course with the cache_peer options ... login=PASS

This works well now

The first authentication was pass from Squid to the MWG. Then the MWG verify the user's group to validate the authentication. I had to play with the Authentication cache TTL while removing my user from the authorized group to test it again.

Thanks for help

Vincent

0 Kudos