Search squid archive

RE: Re: squid_kerb_ldap clarification

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



>  Here is a short overview what squid_kerb_ldap does.
>   1) A user authenticates with either NTLM (username  will be NT-DOM\user) 
>or Kerberos (username will be user@KERB-DOM)
>   2) squid_kerb_ldap uses the -N flag to map NT-DOM to KERB-DOM for NTLM 
>authenticated users
>   3) Uses DNS SRV records to find AD server for KERB-DOM
>   4) Uses the Kerberos Keytab to authenticate an ldap connection to AD 
>using SASL/GSSAPI.
>   5) Searches AD if the user is member of the group given by -s ( The newer 
>squid_kerb_ldap version has also an -m option to allow recursive search 
>(e.g. check if a group is a member of another group ....)
>
>  Does this help ?

Markus,
Sure does... So by creating a computer account in AD, I can avoid the LDAP
bind account I was using with the older squid_ldap_auth helper, great.

Thanks!
jlc




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux