Hi Klaus,
I think something similar. But I understand that you can use the Kerberos delegation in AD. That's partly why I'm not convinced by the documentation I read, which tells me to create a user account in Active Directory. And I don't understand what a user account has to do here. Maybe the documentation is wrong and actually refers to a computer account, and the operation of adding a Service Principal Name should be done to the computer object. I don't know. But I'm going to try to do it and see what I can achieve.
I think something similar. But I understand that you can use the Kerberos delegation in AD. That's partly why I'm not convinced by the documentation I read, which tells me to create a user account in Active Directory. And I don't understand what a user account has to do here. Maybe the documentation is wrong and actually refers to a computer account, and the operation of adding a Service Principal Name should be done to the computer object. I don't know. But I'm going to try to do it and see what I can achieve.
I'll be back.
El jue., 23 de jul. de 2020 a la(s) 13:16, Klaus Brandl (klaus_brandl@xxxxxxxx) escribió:
Hi Gabriel,
same problem here on our HA systems.
I think, this is caused by kerberos overall, the tickets are always bound to
the hosts realname and address, look at "klist" on your client, and only
exactly this name could be used as proxy entry.
But if anyone knows a solution, i will spread my ears :)
Klaus
---
genua GmbH
Domagkstrasse 7, 85551 Kirchheim bei Muenchen
tel +49 89 991950-0, fax -999, www.genua.de
Geschaeftsfuehrer: Matthias Ochs, Marc Tesch
Amtsgericht Muenchen HRB 98238
genua ist ein Unternehmen der Bundesdruckerei-Gruppe.
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users