Displaying 3 results from an estimated 3 matches for "toto_long_form".
2016 Aug 30
0
set UPN / SPN from samba-tool.
...ich was key to get the squid ext_kerberos_ldap_group_acl correctly
> working.
>
>
SPN must unique in AD because they are used in LDAP filter to search user
account these SPN are linked to.
When search a user the filter could be "(sAMAccountName=toto)" or
"(userPrincipalName=toto_long_form at domain.tld)". This will return "toto"
user LDAP object, as you know.
Now, if my understanding is correct, when a service use SPN the LDAP filter
will use that SPN to retrieve user object:
"(serviceprincipalname=SERVICE/toto)". This, again, will retrieve toto LDAP
user o...
2016 Aug 29
5
set UPN / SPN from samba-tool.
Hai
After my squid group adventure, i have a remaining question here.
The problem was as followed. ( and this probely dont applie to squid kerberos helpers only. )
samba-tool setup for squid i used, was as followed.
samba-tool user create squid1-service --description="Unprivileged user for SQUID1-Proxy Services" --random-password
samba-tool user setexpiry
2016 Aug 30
2
set UPN / SPN from samba-tool.
...beros_ldap_group_acl correctly
>> working.
>>
>>
> SPN must unique in AD because they are used in LDAP filter to search user
> account these SPN are linked to.
>
> When search a user the filter could be "(sAMAccountName=toto)" or
> "(userPrincipalName=toto_long_form at domain.tld)". This will return "toto"
> user LDAP object, as you know.
>
> Now, if my understanding is correct, when a service use SPN the LDAP
> filter will use that SPN to retrieve user object: "(serviceprincipalname=SERVICE/toto)".
> This, again, will r...