Re: [squid-users] Squid and two Active Directory

From: Markus Moeller <huaraz_at_moeller.plus.com>
Date: Wed, 2 Sep 2009 22:29:22 +0100

squid_kerb_auth should be able to handel two AD Forests without trust. Use
the -s GSS_C_NO_NAME and add keys from both ADs to the keytab.

Regards
Markus

"Guido Serassio" <guido.serassio_at_acmeconsulting.it> wrote in message
news:58FD293CE494AF419A59EF7E597FA4E639334D_at_hermes.acmeconsulting.loc...
Hi,

If the the two domains are placed in two different AD Forests, a forest
trust is needed for Kerberos authentication.

But the two AD forests must be at least Windows 2003 AD Forests running in
forest and domain Windows 2003 native mode.

Here you can find more details:
http://technet.microsoft.com/en-us/library/cc736526(WS.10).aspx

Regards

Guido Serassio
Acme Consulting S.r.l.
Microsoft Gold Certified Partner
Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY
Tel. : +39.011.9530135 Fax. : +39.011.9781115
Email: guido.serassio_at_acmeconsulting.it
WWW: http://www.acmeconsulting.it

> -----Messaggio originale-----
> Da: Henrik Nordstrom [mailto:henrik_at_henriknordstrom.net]
> Inviato: mercoledė 2 settembre 2009 20.26
> A: SecureSoft - Daniel Merino
> Cc: squid-users_at_squid-cache.org
> Oggetto: RE: [squid-users] Squid and two Active Directory
>
> ons 2009-09-02 klockan 12:52 -0500 skrev SecureSoft - Daniel Merino:
> > How works this? Because when i configure the squid Server in the
> Kerberos
> > and samba i set up a active directory config and I don't know how to add
> > another one.
>
> Trust relations is configured in the active directory servers.
>
> But for kerberos I think you can just use a merged keytab with
> principals from both trees. But not entirely sure..
>
> > This trust relation, its like the 2 active directory know each other and
> > when I ask groups and users from the first active directory it also give
> me
> > the users and groups from the other AD in trust relation?
>
> Yes.
>
> Regards
> Henrik
Received on Wed Sep 02 2009 - 21:31:07 MDT

This archive was generated by hypermail 2.2.0 : Thu Sep 03 2009 - 12:00:02 MDT