Hi Victor,
That sounds a bit strange. Can you capture with wireshark the traffic on
port 88 on the system which has squiduser in the cache ( best after a clear
the cache with kerbtray first) when accessing squid and send it to me as cap
file ?
Markus
"Victor Sudakov" wrote in message
news:20141016161928.GA49304@xxxxxxxxxxxxxxxxxxxxxx...
This question is neither exactly squid-related nor Heimdal-related, but
maybe someone guru could shed some light.
I configure MSIE to use the proxy server "proxy.sibptus.transneft.ru".
On starting MSIE, some Windows hosts request a ticket for the
principal HTTP/proxy.sibptus.transneft.ru" and receive it from the DC
and get authenticated successfully by squid. So far so good.
However, some other Windows hosts when requesting a ticket for
HTTP/proxy.sibptus.transneft.ru, in fact receive a ticket for
squiduser@xxxxxxxxxxxxxxxxxxxx (kerbtray.exe shows this) and therefore
fail to get authenticated by squid.
"squiduser@xxxxxxxxxxxxxxxxxxxx" is the AD account to which the SPN
"HTTP/proxy.sibptus.transneft.ru" is bound. But why do they receive a
ticket for a different name than requested, is beyond me.
Has anyone seen anything like this?
The KDC involved is the w2k AD.
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
sip:sudakov@xxxxxxxxxxxxxxxx
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
