Hi All, I have squid_kerb_auth working and authenticating via my key tab file. However, when trying to lock it down to users that are in a group in AD, I¹m seeing a weird issue. I put my sanitized output here: http://pastebin.com/wGc3RC0h But basically if I use this "./squid_kerb_ldap -d -g proxy_allow -D MYDOMAIN² it is able to auth to AD and eventually attempts to use a bind path of dc=MYDOMAIN instead of dc=MYDOMAIN,dc=DOMAIN,dc=COM, and then it gives a referral error. So seeing that, I tried to use my full domain as the default domain, like this "./squid_kerb_ldap -d -g proxy_allow -D MYDOMAIN.MYDOMAIN.COM² it gives a Preauthentication failed error and doesn¹t even make it in to AD, full output here: http://pastebin.com/Gk1ci0nt That makes me think it¹s an issue with the key tab file, but it works appropriately with kerb auth just not kerb ldap. Any ideas? I am going to try and make a key tab file with ktpass instead of msktutil and see if that has any affect. Thanks, -Scott
