We have a branch office in Costa Rica where, back then, we had implemented a Squid proxy with SSO using AD and it was working perfectly. Just recently we implemented an RODC at the site. Once that happened, no one was able to authenticate and I haven't been able to fix the issue. I've deleted the AD object used for the kerberos authentication and ran this command:
msktutil -c -b "CN=COMPUTERS" -s HTTP/PROXY.domain.com -k /etc/squid3/PROXY.keytab --computer-name PROXY-K --upn HTTP/PROXY.domain.com --server dc1.domain.com --verbose
This command actually creates the object in AD but doesn't set the password. I get the following error:
Error: krb5_set_password_using_ccache failed (Cannot contact any KDC for requested realm) Error: set_password failed
I've made sure that this machine can resolve the domain controllers.
At this point, I'm lost. Been battling this for a month on and off and could really use some guidance. I have four other identical squid proxies that don't sit behind an RODC and work perfectly.