On 19.09.2016 14:08, L.P.H. van Belle wrote:
> Well thats strange.
> No i cant speak about openBSD, but below is pretty general.
> When you test, did you set this before the test.
> And does that keytab contain the HTTP/SPN
> And test/check if you see http/SPN in the UPN, if not try that also.
> After that change the
> I just tested again to make my groups more flexible.
> /usr/lib/squid3/ext_kerberos_ldap_group_acl -m 4 \
> -D YOUR.REALM.TLD \
> -N ntdom...@your.realm.tld \
> - S dc1.your.dnsdomain....@your.realm.tld \
> -i -d
> This one is without the -g so we can use more group names,
> but test with -g first.
> from this example like. But i change the ldap group to kerberos group here.
That's all there, environment is correctly set up. Keytab looks good.
As said before, the negotiate_kerberos_auth part works like a charm.
All I get is a bunch of messages complaining about not being able to
reach any KDC in realm while initializing the credentials of the keytab...
Thought that it might be a DNS issue but even configuring DNS so that
the AD server does all the DNS stuff did not change a bit :(
squid-users mailing list