Hi.
On 31.07.2012 04:54, Markus Moeller wrote:
> Hi Eugene,
>
> For squid_kerb_ldap to work with automatic ldap server detection you
> need to setup your DNS correctly. All SRV records must be hostnames
> (not IPs as in your cases some are). The the hostname will be
> resolved in an IP and back into a hostname to eliminated CNAMEs. For
> the final hostnames a ldap/hostname principal must exist. e.g
> TEST.com a CNAME resolves into 192.1.1.1 which resolves in server1.com
> which means a ldap/server1.com principal must exits.
>
Thanks for a clear explanation, now I see why it doesn't work. And I was
able to fix the binding to some particular DCs.
But I think (it's only my imo though) that circular resolving to
eliminate CNAMEs is a bit complicated: reverse zones aren't needed even
for an AD domain to work properly.
Thanks for your help and for your helper.
Eugene.
Received on Tue Jul 31 2012 - 04:44:05 MDT
This archive was generated by hypermail 2.2.0 : Tue Jul 31 2012 - 12:00:02 MDT