I am running a squid proxy server (CentOS 5) that I am trying to get working with kerberos through our AD server (Windows Server 2008).
I have followed the instructions here: http://wiki.squid-cache.org/ConfigExamples/Authenticate/Kerberos
To setup a keytab for the server, which has all worked perfectly.
The problem occurs when I attempt to use the proxy from a client PC, where it immediately falls back to basic authentication.
If I use the ip address of the proxy I receive this message in cache.log:
authenticateNegotiateHandleReply: Error validating user via Negotiate. Error returned 'BH received type 1 NTLM token'
If I use the domain name of the proxy I receive this message in cache.log:
authenticateNegotiateHandleReply: Error validating user via Negotiate. Error returned 'BH gss_acquire_cred() failed: Unspecified GSS failure. Minor code may provide more information. Configuration file does not specify default realm'
If I run klist on the client it has a ticket for the proxy server listed.
Thanks in advance!