Solved

Kerberos not working when clients use auto detect

Posted on 2013-12-22
3
1,907 Views
Last Modified: 2014-01-18
Our environment
Smoothwall set to use NTLM Auth for all clients except a range of IP's set in DHCP. The DHCP Range is excluded and clients are using MAC to IP Address Assignment. Smoothwall is set to apply Kerberos Authentication to MACBOOK Laptops by IP Address. We manually setup the MAC to IP Address in DHCP. The client selects Auto in the Proxy field and we use a PAC file hosted on our Smoothwall Device. DNS is set to use FQDN and the PAC file has FQDN in it. Smoothwall is set to use Reverse DNS as required for Kerberos to work ok. Also if we set up a port in Smoothwall and manually point the client to it without using the PAC file Kerberos authenticates fine.

The Macbook receives 'Kerberos Authentication Fails' which suggests that DHCP and Smoothwall is working ok but the user credentials are not being passed through.

Could this be a problem with the PAC file?  Proxy.Pac attached
proxy.txt
0
Comment
Question by:James Wilkinson
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 

Accepted Solution

by:
James Wilkinson earned 0 total points
ID: 39791787
I managed to fix this with help from Smoothwall, it took nearly 3 months but we got there. The Pac file was returning the Netbios name for the smoothwall server and not the FQDN. Which was not allowing the Kerberos Ticket to pass through. We setup DHCP MAC Address Reservation and told smoothwall to use the IP Address Reservation for Kerberos Authentication by setting a Location in Smoothwall and specifying the Range.

All works great now :)
0
 

Author Closing Comment

by:James Wilkinson
ID: 39791788
Case is closed but many Network Engineers may find this useful if rolling out Apple and Microsoft Devices together and using Smoothwall as their Web Filter.
0

Featured Post

Transaction Monitoring Vs. Real User Monitoring

Synthetic Transaction Monitoring Vs. Real User Monitoring: When To Use Each Approach? In this article, we will discuss two major monitoring approaches: Synthetic Transaction and Real User Monitoring.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
An introduction to the wonderful sport of Scam Baiting.  Learn how to help fight scammers by beating them at their own game. This great pass time helps the world, while providing an endless source of entertainment. Enjoy!
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question