Hi. On 20.10.2014 22:29, Victor Sudakov wrote:
That's what we did. 1. Created an AD user called squiduser. 2. Extracted its keytab with something like ktpass -princ HTTP/proxy.sibptus.transneft.ru@xxxxxxxxxxxxxxxxxxxx -mapuser squiduser +rndPass -out squid.keytab -ptype KRB5_NT_PRINCIPAL /target dc01-sibptus -kvno 1 -crypto All 3. Checked the mapping with "setspn -Q HTTP/*" (positive) and checked for duplicate SPNs with "setspn -X" (negative). 4. Transferred squid.keytab to the proxy host. Does it agree with your understanding of the right way?
Yup. Eugene. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
