When switching from using NTLM to Kerberos as the proxy authentication method, user authentication fails.
When using Kerberos authentication, proxy settings on clients have to reference the proxy by host and domain name, not IP address. Using the IP address causes client authentication to fail. Proxy settings need to be updated to use the Smoothwall host and domain name and if the automatically generated Smoothwall PAC file is being used. Make sure that in the Smoothwall, on the WEB PROXY menu, under the Web proxy submenu, you click the Automatic configuration and select the Refer to proxy by domain name option.
If the proxy is using NTLM or Kerberos for authentication (Not the Via Redirect options), please consider moving to login scripts and/or our new IDex system. Almost all applications that use web ports and protocols, apart from browsers, don't support direct NTLM or Kerberos, which then cause issues with these applications. Bypassing authentication for the application target domains is one way of solving that issue but that leaves gaps in the logging of user access, which might not be acceptable.