Hi, I'm trying to configure Kerberos Authentication for squid. I'm running Squid 3.1.12 and Windows 2008 R2 SP2. I have followed the kerberos authentication guide on squid-cache and many other guides, I always end up with these logs in my cache.log. My client browser keeps prompting for username/password. Even a valid set of credentials are not accepted. 2011/04/30 10:24:32| squid_kerb_auth: WARNING: received type 1 NTLM token 2011/04/30 10:24:32| authenticateNegotiateHandleReply: Error validating user via Negotiate. Error returned 'BH received type 1 NTLM token' 2011/04/30 10:24:36| squid_kerb_auth: DEBUG: Got 'YR TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAbAdAAAADw==' from squid (length: 59). 2011/04/30 10:24:36| squid_kerb_auth: DEBUG: Decode 'TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAbAdAAAADw==' (decoded length: 40). 2011/04/30 10:24:36| squid_kerb_auth: WARNING: received type 1 NTLM token 2011/04/30 10:24:36| authenticateNegotiateHandleReply: Error validating user via Negotiate. Error returned 'BH received type 1 NTLM token' 2011/04/30 10:24:36| squid_kerb_auth: DEBUG: Got 'YR TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAbAdAAAADw==' from squid (length: 59). 2011/04/30 10:24:36| squid_kerb_auth: DEBUG: Decode 'TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAbAdAAAADw==' (decoded length: 40). 2011/04/30 10:24:36| squid_kerb_auth: WARNING: received type 1 NTLM token 2011/04/30 10:24:36| authenticateNegotiateHandleReply: Error validating user via Negotiate. Error returned 'BH received type 1 NTLM token' I want to check and make sure my keytab entries are good. How do I do that? My client System can list the tickets for client principal. Please have a look at my krb5.conf & keytab file here http://pastebin.com/vTBr3r5D I'm using this command to create the keytab file. msktutil -c -b "CN=COMPUTERS" -s HTTP/proxyserver.orangegroup.com -h proxyserver.orangegroup.com -k /etc/krb5.keytab --computer-name proxyserver-http --upn HTTP/proxyserver.orangegroup.com --server ad01.orangegroup.com --verbose All the domains are resolving properly to IPs. Thanks for your help.