Can you use kerbtray on the client ( it is available as part of the support
tools or resource tools). I suspect that your ticket has expired. The ticket
will usually be renewed when you lock/unlock your screen or access a share.
XP should also renew when IE accesses a web server or proxy with negotiate
(although I have heard of some issues here).
Can you try to lock and unlock the screen instead of logout/login.
Markus
BTW What does the squid logfile say when you use squid_kerb_auth -d -i ...
?
"Plant, Dean" <dean.plant_at_roke.co.uk> wrote in message
news:2181C5F19DD0254692452BFF3EAF1D6803940F90_at_rsys005a.comm.ad.roke.co.uk...
Testing squid-2.6.STABLE20 on CentOS 5 with WinXP clients that are part
of and AD domain.
I have been testing the Kerberos authentication and have noticed that
after a few days I can no longer use the proxy. My Kerberos tickets are
valid on the proxy and on the client and I can access windows network
resources normally. If I login to different machine I can use the proxy
so all seems well with the proxy configuration. If I logout of the
affected machine and then login again proxy access is restored.
I have tested this with a few other users who have been logged in for
over a week with the same results. All were denied access until logging
out and in again.
Time is correct on all machines.
Any ideas for the best way to debug the Kerberos handshake.
Thanks in advance.
Dean.
Received on Wed Jun 11 2008 - 18:58:32 MDT
This archive was generated by hypermail 2.2.0 : Thu Jun 19 2008 - 12:00:05 MDT