Hi.
On 31.07.2012 04:54, Markus Moeller wrote:
Hi Eugene,
For squid_kerb_ldap to work with automatic ldap server detection you
need to setup your DNS correctly. All SRV records must be hostnames
(not IPs as in your cases some are). The the hostname will be
resolved in an IP and back into a hostname to eliminated CNAMEs. For
the final hostnames a ldap/hostname principal must exist. e.g
TEST.com a CNAME resolves into 192.1.1.1 which resolves in server1.com
which means a ldap/server1.com principal must exits.
Thanks for a clear explanation, now I see why it doesn't work. And I was
able to fix the binding to some particular DCs.
But I think (it's only my imo though) that circular resolving to
eliminate CNAMEs is a bit complicated: reverse zones aren't needed even
for an AD domain to work properly.
Thanks for your help and for your helper.
Eugene.
