squid_kerb_auth should be able to handel two AD Forests without trust. Use
the -s GSS_C_NO_NAME and add keys from both ADs to the keytab.
Regards
Markus
"Guido Serassio" <guido.serassio@xxxxxxxxxxxxxxxxx> wrote in message
news:58FD293CE494AF419A59EF7E597FA4E639334D@xxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hi,
If the the two domains are placed in two different AD Forests, a forest
trust is needed for Kerberos authentication.
But the two AD forests must be at least Windows 2003 AD Forests running in
forest and domain Windows 2003 native mode.
Here you can find more details:
http://technet.microsoft.com/en-us/library/cc736526(WS.10).aspx
Regards
Guido Serassio
Acme Consulting S.r.l.
Microsoft Gold Certified Partner
Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY
Tel. : +39.011.9530135 Fax. : +39.011.9781115
Email: guido.serassio@xxxxxxxxxxxxxxxxx
WWW: http://www.acmeconsulting.it
-----Messaggio originale-----
Da: Henrik Nordstrom [mailto:henrik@xxxxxxxxxxxxxxxxxxx]
Inviato: mercoledì 2 settembre 2009 20.26
A: SecureSoft - Daniel Merino
Cc: squid-users@xxxxxxxxxxxxxxx
Oggetto: RE: Squid and two Active Directory
ons 2009-09-02 klockan 12:52 -0500 skrev SecureSoft - Daniel Merino:
> How works this? Because when i configure the squid Server in the
Kerberos
> and samba i set up a active directory config and I don't know how to add
> another one.
Trust relations is configured in the active directory servers.
But for kerberos I think you can just use a merged keytab with
principals from both trees. But not entirely sure..
> This trust relation, its like the 2 active directory know each other and
> when I ask groups and users from the first active directory it also give
me
> the users and groups from the other AD in trust relation?
Yes.
Regards
Henrik
