[squid-users] Problem with Kerberos and ext_kerberos_ldap_group_acl not being able to reach realm's KDC
Silamael Darkomen
silamael at coronamundi.de
Mon Sep 19 11:35:10 UTC 2016
On 16.09.2016 10:52, L.P.H. van Belle wrote:
> I think you forgot in your test, that you may need to modify the default
> kerberos ticket used.
>
>
>
>
>
> I suggest you change you config a bit to something like
>
>
>
> external_acl_type internet-win-allowed %LOGIN
> /usr/local/libexec/squid/ext_kerberos_ldap_group_acl \
>
> -D YOUR.REALM.TLD \
>
> -g allowed-internet at YOUR.REALM.TLD \
>
> -N NTDOMAIN at YOUR.REALM.TLD \
>
> -S
> dc1.your.dnsdomain.tld at YOUR.REALM.TLD:dc2.your.dnsdomain.tld at YOUR.REALM.TLD
Hello,
Tried your suggestions but that doesn't change anything.
Furthermore the ext_kerberos_ldap_group_acl creates a core dump after
iterating over all the entries for the keytab...
Any further ideas?
-- Matthias
More information about the squid-users
mailing list