I configured Squid Proxy in conjunction with Kerberos authentication in an Active Directory Domain. During my Tests I used kinit to check my Kerberos ticket on the Ubuntu Server and got the following error message:
kinit: Client not found in Kerberos database while getting initial credentials
The reason was two identical SPNs (Service Principal Names) in the Active Directory. To find them I checked the Active Directory for double SPNs with the setspn command and the -x parameter:
This command checks the Active Directory for identical SPNs and list them.
The command showed me two entries for my Squid Proxy account svcSquid. I deleted both of them with the setspn command and the -D Parameter:
setspn -D HTTP/squid.contoso.com contoso\svcSquid
Then I recreated the SPN with setspn and the -A Parameter:
setspn -A HTTP/squid.contoso.com contoso\svcSquid
I checked the SPNs once again with the setspn and the -x Parameter and it showed no results meaning there are no identical SPNs. After this modification I was able to use kinit command to receive a ticket on the Ubuntu server.