<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0cm;
        margin-bottom:.0001pt;
        font-size:11.0pt;
        font-family:"Calibri","sans-serif";
        mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
span.E-mailStijl17
        {mso-style-type:personal-compose;
        font-family:"Calibri","sans-serif";
        color:windowtext;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-family:"Calibri","sans-serif";
        mso-fareast-language:EN-US;}
@page WordSection1
        {size:612.0pt 792.0pt;
        margin:70.85pt 70.85pt 70.85pt 70.85pt;}
div.WordSection1
        {page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="NL" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span lang="EN-GB" style="font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222;background:white">I'm trying to replace my basic ldap authentication by kerberos single sign on.</span><span lang="EN-GB"><o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span lang="EN-GB" style="font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222">The user can succesfully login with single sign on, but I have restriction on groups and that is where it goes wrong.<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span lang="EN-GB" style="font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222">I would like to use -r to trim the domain name, but when I do so it seems to work even less.<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span lang="EN-GB" style="font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222">Someone any ideas what to try, I believe the system is loking wrong in active directory but adding -b OU=Users,DC=yyy,DC=local
 does not help me further<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span lang="EN-GB" style="font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222"><o:p> </o:p></span></p>
<p class="MsoNormal" style="background:white"><span lang="EN-GB" style="font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222">=======<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span lang="EN-GB" style="font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222"><o:p> </o:p></span></p>
<p class="MsoNormal" style="background:white"><span lang="EN-GB" style="font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222">auth_param negotiate program /usr/sbin/negotiate_wrapper_auth -d --ntlm /usr/bin/ntlm_auth --diagnostics --helper-protocol=squid-2.5-ntlmssp
 --domain=yyy --kerberos /usr/sbin/negotiate_kerberos_auth -d -s GSS_C_NO_NAME<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span lang="EN-GB" style="font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222">auth_param negotiate children 20 startup=0 idle=1<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span lang="EN-GB" style="font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222">auth_param negotiate keep_alive off<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span lang="EN-GB" style="font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222"><o:p> </o:p></span></p>
<p class="MsoNormal" style="background:white"><span lang="EN-GB" style="font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222">external_acl_type XXX_InternetAllowed ttl=3600 negative_ttl=3600 %LOGIN /usr/sbin/ext_kerberos_ldap_group_acl -b OU=Users,OU=BenH,DC=yyy,DC=local
 -g AD_XXX_InternetAllowed@yyy.LOCAL -d<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span lang="EN-GB" style="font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222">external_acl_type RestrictedAdult ttl=3600 negative_ttl=3600 %LOGIN /usr/sbin/ext_kerberos_ldap_group_acl -b OU=Users,OU=BenH,DC=yyy,DC=local
 -g ADGroupRestrictedAdult@yyy.LOCAL -d<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span lang="EN-GB" style="font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222"><o:p> </o:p></span></p>
<p class="MsoNormal" style="background:white"><span lang="EN-GB" style="font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222">acl XXX_InternetAllowed external XXX_InternetAllowed<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span lang="EN-GB" style="font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222">acl XXX_Adult external XXX_Adult<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span lang="EN-GB" style="font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222"><o:p> </o:p></span></p>
<p class="MsoNormal" style="background:white"><span lang="EN-GB" style="font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222">acl XXX_AdultX dstdomain .</span><span style="font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222"><a href="http://alternate.com/" target="_blank"><span lang="EN-GB" style="color:#1155CC">alternate.com</span></a></span><span lang="EN-GB" style="font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222"> .</span><span style="font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222"><a href="http://brood.nl/" target="_blank"><span style="color:#1155CC">brood.nl</span></a> .<a href="http://broodnodig.nl/" target="_blank"><span style="color:#1155CC">broodnodig.nl</span></a><o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span style="font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222"><o:p> </o:p></span></p>
<p class="MsoNormal" style="background:white"><span style="font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222">acl localnet src xxx.xxx.xxx.0/24<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span lang="EN-GB" style="font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222">acl CONNECT method CONNECT<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span lang="EN-GB" style="font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222"><o:p> </o:p></span></p>
<p class="MsoNormal" style="background:white"><span lang="EN-GB" style="font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222">acl auth proxy_auth REQUIRED<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span lang="EN-GB" style="font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222"><o:p> </o:p></span></p>
<p class="MsoNormal" style="background:white"><span lang="EN-GB" style="font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222">http_access deny !Safe_ports<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span lang="EN-GB" style="font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222">http_access deny CONNECT !SSL_ports<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span lang="EN-GB" style="font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222">http_access allow localhost manager<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span lang="EN-GB" style="font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222">http_access deny manager<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span lang="EN-GB" style="font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222">http_access deny auth !XXX_InternetAllowed<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span lang="EN-GB" style="font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222">http_access deny XXX_Adult XXX_AdultX<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span lang="EN-GB" style="font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222">http_access allow localnet<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span lang="EN-GB" style="font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222">http_access allow localhost<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span lang="EN-GB" style="font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222">http_access deny all<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span lang="EN-GB" style="font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222"><o:p> </o:p></span></p>
<p class="MsoNormal" style="background:white"><span lang="EN-GB" style="font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222">========<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span lang="EN-GB" style="font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222"><o:p> </o:p></span></p>
<p class="MsoNormal" style="background:white"><span lang="EN-GB" style="font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222">support_member.cc(63): pid=7612 :2018/02/16 11:50:07| kerberos_ldap_group: DEBUG: User domain loop: group@domain AD_XXX_InternetAllowed@YYY.LOCAL<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span lang="EN-GB" style="font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222">support_member.cc(65): pid=7612 :2018/02/16 11:50:07| kerberos_ldap_group: DEBUG: Found group@domain AD_XXX_InternetAllowed@YYY.LOCAL<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span lang="EN-GB" style="font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222">support_ldap.cc(898): pid=7612 :2018/02/16 11:50:07| kerberos_ldap_group: DEBUG: Setup Kerberos credential cache<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span lang="EN-GB" style="font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222">support_krb5.cc(127): pid=7612 :2018/02/16 11:50:07| kerberos_ldap_group: DEBUG: Set credential cache to MEMORY:squid_ldap_7612<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span lang="EN-GB" style="font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222">support_krb5.cc(138): pid=7612 :2018/02/16 11:50:07| kerberos_ldap_group: DEBUG: Get default keytab file name<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span lang="EN-GB" style="font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222">support_krb5.cc(144): pid=7612 :2018/02/16 11:50:07| kerberos_ldap_group: DEBUG: Got default keytab file name /etc/krb5.keytab<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span lang="EN-GB" style="font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222">support_krb5.cc(158): pid=7612 :2018/02/16 11:50:07| kerberos_ldap_group: DEBUG: Get principal name from keytab /etc/krb5.keytab<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span lang="EN-GB" style="font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222">support_krb5.cc(169): pid=7612 :2018/02/16 11:50:07| kerberos_ldap_group: DEBUG: Keytab entry has realm name: YYY.LOCAL<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span lang="EN-GB" style="font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222">support_krb5.cc(189): pid=7612 :2018/02/16 11:50:07| kerberos_ldap_group: DEBUG: Found principal  name: hosts/lnx01.yyy.local@YYY.LOCAL<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span lang="EN-GB" style="font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222">support_krb5.cc(205): pid=7612 :2018/02/16 11:50:07| kerberos_ldap_group: DEBUG: Got principal name hosts/lnx01.yyy.local@YYY.LOCAL<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span lang="EN-GB" style="font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222">support_krb5.cc(64): pid=7612 :2018/02/16 11:50:07| kerberos_ldap_group: ERROR: Error while initialising credentials from
 keytab : Client 'hosts/lnx01.yyy.local@YYY.LOCAL' not found in Kerberos database<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span lang="EN-GB" style="font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222">support_krb5.cc(169): pid=7612 :2018/02/16 11:50:07| kerberos_ldap_group: DEBUG: Keytab entry has realm name: YYY.LOCAL<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span lang="EN-GB" style="font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222">support_krb5.cc(189): pid=7612 :2018/02/16 11:50:07| kerberos_ldap_group: DEBUG: Found principal  name: HTTP/lnx01.yyy.local@YYY.LOCAL<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span lang="EN-GB" style="font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222">support_krb5.cc(205): pid=7612 :2018/02/16 11:50:07| kerberos_ldap_group: DEBUG: Got principal name HTTP/lnx01.yyy.local@YYY.LOCAL<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span lang="EN-GB" style="font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222">support_krb5.cc(269): pid=7612 :2018/02/16 11:50:07| kerberos_ldap_group: DEBUG: Stored credentials<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span lang="EN-GB" style="font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222">support_ldap.cc(927): pid=7612 :2018/02/16 11:50:07| kerberos_ldap_group: DEBUG: Initialise ldap connection<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span lang="EN-GB" style="font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222">support_ldap.cc(933): pid=7612 :2018/02/16 11:50:07| kerberos_ldap_group: DEBUG: Canonicalise ldap server name for domain
 YYY.LOCAL<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span lang="EN-GB" style="font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222">support_resolv.cc(379): pid=7612 :2018/02/16 11:50:07| kerberos_ldap_group: DEBUG: Resolved SRV _ldap._tcp.YYY.LOCAL record
 to ad02.yyy.local<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span lang="EN-GB" style="font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222">support_resolv.cc(379): pid=7612 :2018/02/16 11:50:07| kerberos_ldap_group: DEBUG: Resolved SRV _ldap._tcp.YYY.LOCAL record
 to ad01.yyy.local<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span lang="EN-GB" style="font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222">support_resolv.cc(379): pid=7612 :2018/02/16 11:50:07| kerberos_ldap_group: DEBUG: Resolved SRV _ldap._tcp.YYY.LOCAL record
 to ad02.yyy.local<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span lang="EN-GB" style="font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222">support_resolv.cc(379): pid=7612 :2018/02/16 11:50:07| kerberos_ldap_group: DEBUG: Resolved SRV _ldap._tcp.YYY.LOCAL record
 to ad01.yyy.local<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span lang="EN-GB" style="font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222">support_resolv.cc(207): pid=7612 :2018/02/16 11:50:07| kerberos_ldap_group: DEBUG: Resolved address 1 of YYY.LOCAL to ad01.yyy.local<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span lang="EN-GB" style="font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222">support_resolv.cc(207): pid=7612 :2018/02/16 11:50:07| kerberos_ldap_group: DEBUG: Resolved address 2 of YYY.LOCAL to ad01.yyy.local<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span lang="EN-GB" style="font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222">support_resolv.cc(207): pid=7612 :2018/02/16 11:50:07| kerberos_ldap_group: DEBUG: Resolved address 3 of YYY.LOCAL to ad01.yyy.local<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span lang="EN-GB" style="font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222">support_resolv.cc(207): pid=7612 :2018/02/16 11:50:07| kerberos_ldap_group: DEBUG: Resolved address 4 of YYY.LOCAL to ad02.yyy.local<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span lang="EN-GB" style="font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222">support_resolv.cc(207): pid=7612 :2018/02/16 11:50:07| kerberos_ldap_group: DEBUG: Resolved address 5 of YYY.LOCAL to ad02.yyy.local<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span lang="EN-GB" style="font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222">support_resolv.cc(207): pid=7612 :2018/02/16 11:50:07| kerberos_ldap_group: DEBUG: Resolved address 6 of YYY.LOCAL to ad02.yyy.local<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span lang="EN-GB" style="font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222">support_resolv.cc(407): pid=7612 :2018/02/16 11:50:07| kerberos_ldap_group: DEBUG: Adding YYY.LOCAL to list<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span lang="EN-GB" style="font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222">support_resolv.cc(443): pid=7612 :2018/02/16 11:50:07| kerberos_ldap_group: DEBUG: Sorted ldap server names for domain YYY.LOCAL:<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span lang="EN-GB" style="font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222">support_resolv.cc(445): pid=7612 :2018/02/16 11:50:07| kerberos_ldap_group: DEBUG: Host: ad01.yyy.local Port: 389 Priority:
 0 Weight: 100<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span lang="EN-GB" style="font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222">support_resolv.cc(445): pid=7612 :2018/02/16 11:50:07| kerberos_ldap_group: DEBUG: Host: ad02.yyy.local Port: 389 Priority:
 0 Weight: 100<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span lang="EN-GB" style="font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222">support_resolv.cc(445): pid=7612 :2018/02/16 11:50:07| kerberos_ldap_group: DEBUG: Host: YYY.LOCAL Port: -1 Priority: -2
 Weight: -2<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span lang="EN-GB" style="font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222">support_ldap.cc(942): pid=7612 :2018/02/16 11:50:07| kerberos_ldap_group: DEBUG: Setting up connection to ldap server ad01.yyy.local:389<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span lang="EN-GB" style="font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222">support_ldap.cc(953): pid=7612 :2018/02/16 11:50:07| kerberos_ldap_group: DEBUG: Bind to ldap server with SASL/GSSAPI<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span lang="EN-GB" style="font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222">support_ldap.cc(967): pid=7612 :2018/02/16 11:50:07| kerberos_ldap_group: DEBUG: Successfully initialised connection to ldap
 server ad01.yyy.local:389<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span lang="EN-GB" style="font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222">support_ldap.cc(333): pid=7612 :2018/02/16 11:50:07| kerberos_ldap_group: DEBUG: Search ldap server with bind path "" and
 filter: (objectclass=*)<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span lang="EN-GB" style="font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222">support_ldap.cc(602): pid=7612 :2018/02/16 11:50:07| kerberos_ldap_group: DEBUG: Search ldap entries for attribute : schemaNamingContext<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span lang="EN-GB" style="font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222">support_ldap.cc(645): pid=7612 :2018/02/16 11:50:07| kerberos_ldap_group: DEBUG: 1 ldap entry found with attribute : schemaNamingContext<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span lang="EN-GB" style="font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222">support_ldap.cc(342): pid=7612 :2018/02/16 11:50:07| kerberos_ldap_group: DEBUG: Search ldap server with bind path CN=Schema,CN=Configuration,DC=bnh,DC=local
 and filter: (ldapdisplayname=samaccountname)<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span lang="EN-GB" style="font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222">support_ldap.cc(345): pid=7612 :2018/02/16 11:50:07| kerberos_ldap_group: DEBUG: Found 0 ldap entries<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span lang="EN-GB" style="font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222">support_ldap.cc(350): pid=7612 :2018/02/16 11:50:07| kerberos_ldap_group: DEBUG: Determined ldap server not as an Active
 Directory server<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span lang="EN-GB" style="font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222">support_ldap.cc(1061): pid=7612 :2018/02/16 11:50:07| kerberos_ldap_group: ERROR: Error determining ldap server type: Operations
 error<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span lang="EN-GB" style="font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222">support_member.cc(76): pid=7612 :2018/02/16 11:50:07| kerberos_ldap_group: INFO: User Administrator is not member of group@domain
 AD_XXX_InternetAllowed@YYY.LOCAL<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span lang="EN-GB" style="font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222">support_member.cc(91): pid=7612 :2018/02/16 11:50:07| kerberos_ldap_group: DEBUG: Default domain loop: group@domain AD_XXX_InternetAllowed@YYY.LOCAL<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span lang="EN-GB" style="font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222">support_member.cc(119): pid=7612 :2018/02/16 11:50:07| kerberos_ldap_group: DEBUG: Default group loop: group@domain AD_XXX_InternetAllowed@YYY.LOCAL<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span lang="EN-GB" style="font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222">kerberos_ldap_group.cc(416): pid=7612 :2018/02/16 11:50:07| kerberos_ldap_group: DEBUG: ERR<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span lang="EN-GB" style="font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222"><o:p> </o:p></span></p>
<p class="MsoNormal" style="background:white"><span style="font-size:9.5pt;font-family:"Arial","sans-serif";color:#222222">regards Jeroen Ruijter<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>