> I forgot to mention that I'm running Server 2008 R2 domain > controllers. Secondly, when I do a 'locate PROXY.keytab' I can't find > it which should be in the squid correctly if I'm not mistaken. You may need to run "updatedb" to update the index before running the find command. >> I'm currently running Squid 2.7 (I'm a little afraid to do the upgrade >> and mess something up, and don't know how yet) but in the config line >> 'default_keytab_name = /etc/squid3/PROXY.keytab' you list Squid3. >> Could that be a problem? Yes that's a problem. Debian uses /etc/squid for v 2 and /etc/squid3 for v 3. This will also be a problem in /etc/default/squid3 and it's contents. You may be better of using an independant directory or even the default Keytab path in case you forget about it in future, after upgrades etc. If you are doing this on a production system it's probably a bit risky given that you are new to Linux and Squid - make sure you are taking backups of you conf files and server along the way :). If you have the option (perhaps through a vm) I would suggest setting up a new dev/testing machine. Until implementation of the wpad stuff the dev/testing proxy will have no affect on your network. Also, I don't know if negotiate_wrapper works with squid 2.X. Perhaps Markus or another list subscriber could clarify that? >> As for my resolv.conf I simply have both of my internal DNS servers >> listed. Not quite sure what else to verify. I've also added my Squid >> box to the unlimited policy on my network to make sure nothing is >> blocking it. Are the hostnames of your kdc's correct in /etc/krb5.conf (in the [realms] section). can you resolve their hostnames from the squid box?