Hi Markus,
Thanks for your input. I ended up completely removing everything and
recreating my key tab and it works great now.
One more question for you or the list: Is it possible to do machine based
AD auth to squid?
We have a use case here where we would want to allow a machine access to a
Hi Scott,
You mean authentication and authorisation ?
I think you can. I would expect you see instead of user@DOMAIN a
host/fqdn@DOMAIN and if you add the computer account to the AD group it
should authorise.
I am very curious to see it :-)
Markus
Scott Finlon wrote in message
Hi All,
I have squid_kerb_auth working and authenticating via my key tab file.
However, when trying to lock it down to users that are in a group in AD,
I¹m seeing a weird issue.
I put my sanitized output here: http://pastebin.com/wGc3RC0h
But basically if I use this ./squid_kerb_ldap -d -g
Hi Scott,
So from what see in your first log you have a user MYSUER with a
domain/realm MYDOMAIN, but squid belongs to SUBDOMAIN.DOMAIN.COM.
squid_kerb_ldap tries to authenticate to the domain MYDOMAIN using the
keytab but does not find any entry for MYDOMAIN in the keytab. Then