Hi, FYI ... I got the two squids working behind the (Kemp) load balancer with kerberos auth
Procedure: 0. myproxy.vptt.ch points to the IP of the load balancer. This is referenced in wpad.dat or browser settings. Squid runs on port 80, so the URL of the proxy is http://myproxy.ch:80 1. create an AD service account account lets call it my-kerb 2. add an SPN for the LB to that AD account. Did this on windows: setspn -S http/myproxy.ch my-kerb 3. create a keytab on each squid rm /etc/krb5.keytab net ads keytab CREATE HTTP -U my-kerb ktutil ktutil: rkt /etc/krb5.keytab addent -password -p HTTP/myproxy.ch -k 5 -e rc4-hmac (use the my-kerb passwd) ktutil: wkt /etc/krb5.keytab chmod 644 /etc/krb5.keytab (or use a group to allow the squid user to read it). Regards, Sean Boran
