> Here is a short overview what squid_kerb_ldap does.
> 1) A user authenticates with either NTLM (username will be NT-DOM\user)
>or Kerberos (username will be user_at_KERB-DOM)
> 2) squid_kerb_ldap uses the -N flag to map NT-DOM to KERB-DOM for NTLM
>authenticated users
> 3) Uses DNS SRV records to find AD server for KERB-DOM
> 4) Uses the Kerberos Keytab to authenticate an ldap connection to AD
>using SASL/GSSAPI.
> 5) Searches AD if the user is member of the group given by -s ( The newer
>squid_kerb_ldap version has also an -m option to allow recursive search
>(e.g. check if a group is a member of another group ....)
>
> Does this help ?
Markus,
Sure does... So by creating a computer account in AD, I can avoid the LDAP
bind account I was using with the older squid_ldap_auth helper, great.
Thanks!
jlc
Received on Thu Aug 05 2010 - 22:18:47 MDT
This archive was generated by hypermail 2.2.0 : Fri Aug 06 2010 - 12:00:01 MDT