You need to create one AD entry for proxy.domain.tld and copy the same
keytab to both squid servers and use the -s GSS_C_NO_NAME option for
squid_kerb_auth or negotiate_kerberos_auth.
Regards
Markus
"Emmanuel Lacour" <elacour@xxxxxxxxxxxxxxx> wrote in message
news:20110909120152.GC2669@xxxxxxxxxxxxxxx...
Hi,
I have two squids using NTLM auth against AD. Those squids are used by
client through a single A DNS entry (proxy.domain.tld) (so round robin).
I want to switch to kerberos, but I don't know what to create with
msktutil:
- two machines with same proxy.domain.tld UPN ?
- one machine used by both squids ?
- it's just impossible to do ?
any hints?
