[squid-users] Problem with Kerberos and ext_kerberos_ldap_group_acl not being able to reach realm's KDC

Silamael Darkomen silamael at coronamundi.de
Mon Sep 19 11:35:10 UTC 2016


On 16.09.2016 10:52, L.P.H. van Belle wrote:
> I think you forgot in your test, that you may need to modify the default
> kerberos ticket used.
> 
>  
> 
>  
> 
> I suggest you change you config a bit to something like
> 
>  
> 
> external_acl_type internet-win-allowed %LOGIN
> /usr/local/libexec/squid/ext_kerberos_ldap_group_acl \
> 
> -D YOUR.REALM.TLD \
> 
> -g allowed-internet at YOUR.REALM.TLD \
> 
> -N NTDOMAIN at YOUR.REALM.TLD \
> 
> -S
> dc1.your.dnsdomain.tld at YOUR.REALM.TLD:dc2.your.dnsdomain.tld at YOUR.REALM.TLD

Hello,

Tried your suggestions but that doesn't change anything.
Furthermore the ext_kerberos_ldap_group_acl creates a core dump after
iterating over all the entries for the keytab...
Any further ideas?

-- Matthias


More information about the squid-users mailing list