Hi Daniel,
You need to check your client when you get an NTLM token instead of a
Kerberos token. It means the client can not get the HTTP/fqdn token for
for squid proxy. You can check this with tools like wireshark ( Check
communication on port 88).
Regards
Markus
Daniel Reif wrote
Hi Markus,
The answers are:
1) Yes
2) The keytab contains the hostname of the squid server. So you would
need multiple keytabs
3) The principal name will be based on a fixed part HTTP and the name you
use in the Browser configuration. If you use in IE squid1.domain.com then
you must