Transparent Proxy + Active Directory

40 views
Skip to first unread message

Enrique Fernandez

unread,
Aug 19, 2021, 9:01:53 AM8/19/21
to Diladele Web Safety
Hi.

I've configured integration with Active Directory (Windows 2003) following manual:


Link to Active Directory domain and Kerberos auth seems working fine, if I configure Proxy Settings on Windows Internet Settings, I can access to any web and I can see the user on Real Time traffic.

The problem is when I use Transparent Proxy without Proxy Settings on Windows Internet Settings. When I access an any url I can see the error:

ERR_UNEXPECTED_PROXY_AUTH

Thanks in advance.
Best regards.






rafael....@diladele.com

unread,
Aug 19, 2021, 9:25:37 AM8/19/21
to Diladele Web Safety
Unfortunately proxy authentication is not possible in transparent mode - please look at https://docs.diladele.com/faq/squid/authentication/transparent_authentication.html to understand why.

Enrique Fernandez

unread,
Aug 19, 2021, 9:29:01 AM8/19/21
to Diladele Web Safety
ah ok, I had not seen that entry.

Thanks!

Enrique Fernandez

unread,
Aug 20, 2021, 4:19:26 AM8/20/21
to Diladele Web Safety
Hi.

About this... Can I make the computers that were joining the domain use authentication with proxy settings in the browser and those that are not from the domain use transparent proxy at the same time?

Thanks!!.

rafael....@diladele.com

unread,
Aug 20, 2021, 4:20:48 AM8/20/21
to Diladele Web Safety
Somewhat yes - please see https://docs.diladele.com/faq/squid/authentication/mix_authenticated_and_non_authenticated_proxy_groups.html

Enrique Fernandez

unread,
Aug 20, 2021, 4:27:51 AM8/20/21
to Diladele Web Safety
Amazing!! I'm going to try this option.

Thank you for your quick answer!!.

Enrique Fernandez

unread,
Aug 20, 2021, 5:06:44 AM8/20/21
to Diladele Web Safety
Hi.

I do not know if I have understood it well.

In step 3: Exclude given server subnet from authentication in UI / Squid / Exclusions / by Authentication. This allows connections from the server subnet to the proxy to be non-authenticated.

Do I add a test ip like this?

Captura de pantalla 2021-08-20 a las 10.58.57.png

In step 4: Add the server subnet to the UI / Web Filter / Policies / Locked Policy/ Members by Subnet. Configure the locked policy as needed allowing connections to a handful of web sites and blocking all others.

Captura de pantalla 2021-08-20 a las 11.00.37.png

It doesn't seem to work, can you help me?

Now, a Windows host with domain authentication and proxy settings is working fine. And a Linux machine with IP 10.4.0.212 without proxy settings is not working.

Thanks.

Enrique Fernandez

unread,
Aug 20, 2021, 5:44:30 AM8/20/21
to Diladele Web Safety
Hi.

Now is working, I have configured the ip in Exclusions - User 

Captura de pantalla 2021-08-20 a las 11.39.42.png

Thanks!.

Enrique Fernandez

unread,
Aug 20, 2021, 6:00:48 AM8/20/21
to Diladele Web Safety
Hi.

Sorry! Is not working, with Exclusions -- IP, I am excluding the proxy from taking effect...

maybe I have to configure it like this?

Captura de pantalla 2021-08-20 a las 11.57.54.png

Thanks!.
Reply all
Reply to author
Forward
0 new messages