On Wed, 2 Mar 2011 17:26:25 +0100, Essad Korkic wrote:
Hi there,
We would like to implement Squid instead of MS-ISA for our company,
for now the Squid server is running fine, however I'm having some
issues with getting AD authentication working.
I've set my eyes on squid_kerb_ldap to do the job, and if I run it
manually it works, however it takes a long time to get the result.
It appears that the helper is trying to (reverse)resolve all the LDAP
servers.
FYI:
We had a period of testing sponsored recently looking at ISA->squid
migration and feature compatibility. This brought to light a lot of
minor bugs and behaviour problems.
For best comparson you will need the latest Squid-3.1.10 or later.
Ideally 3.2.0.5 with its better HTTP/1.1 support, but there are kerberos
crash issues there on the urgent to-do list.
Also, the latest squid kerberos helper you can build will be better
compatible with todays Kerberos systems.
Amos
