?
Solved

Kerberos not working when clients use auto detect

Posted on 2013-12-22
3
Medium Priority
?
1,936 Views
Last Modified: 2014-01-18
Our environment
Smoothwall set to use NTLM Auth for all clients except a range of IP's set in DHCP. The DHCP Range is excluded and clients are using MAC to IP Address Assignment. Smoothwall is set to apply Kerberos Authentication to MACBOOK Laptops by IP Address. We manually setup the MAC to IP Address in DHCP. The client selects Auto in the Proxy field and we use a PAC file hosted on our Smoothwall Device. DNS is set to use FQDN and the PAC file has FQDN in it. Smoothwall is set to use Reverse DNS as required for Kerberos to work ok. Also if we set up a port in Smoothwall and manually point the client to it without using the PAC file Kerberos authenticates fine.

The Macbook receives 'Kerberos Authentication Fails' which suggests that DHCP and Smoothwall is working ok but the user credentials are not being passed through.

Could this be a problem with the PAC file?  Proxy.Pac attached
proxy.txt
0
Comment
Question by:James Wilkinson
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 

Accepted Solution

by:
James Wilkinson earned 0 total points
ID: 39791787
I managed to fix this with help from Smoothwall, it took nearly 3 months but we got there. The Pac file was returning the Netbios name for the smoothwall server and not the FQDN. Which was not allowing the Kerberos Ticket to pass through. We setup DHCP MAC Address Reservation and told smoothwall to use the IP Address Reservation for Kerberos Authentication by setting a Location in Smoothwall and specifying the Range.

All works great now :)
0
 

Author Closing Comment

by:James Wilkinson
ID: 39791788
Case is closed but many Network Engineers may find this useful if rolling out Apple and Microsoft Devices together and using Smoothwall as their Web Filter.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This article outlines the struggles that Macs encounter in Windows-dominated workplace environments – and what Mac users can do to improve their network connectivity and remain productive.
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question