OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • Web Proxy Filtering and Caching (Moderator: fabian) »
  • web Proxy sso
« previous next »
  • Print
Pages: [1]

Author Topic: web Proxy sso  (Read 6865 times)

HughJazz84

  • Newbie
  • *
  • Posts: 4
  • Karma: 0
    • View Profile
web Proxy sso
« on: April 30, 2019, 12:53:48 am »
hey all,

so i have the webproxy sso plugin installer, configured and it passes all chks and seems to work, when I test the kerberos login i get

Password for hxxxx@INTERNAL.EXAMPLE.CA:
AF oRQwEqADCgEAoQsasdfSqGSIb3EgECAg== hxxx@INTERNAL.EXAMPLE.CA
BH quit command

so it seems to be working.... but when I try to use the web browser, it downloads the wpad.dat file and then asks for authentication.

cache.log has many examples of
ERROR: Negotiate Authentication validating user. Result: {result=BH, notes={message: received type 1 NTLM token; }}

how can I debug the kerberos authentication and ensure that kerberos auth and not ntlm are being processed.

I think im close, but i cant for the life of me get this last step...

Thanks in advance

Hugh
Logged

Kekek

  • Newbie
  • *
  • Posts: 14
  • Karma: 2
    • View Profile
Re: web Proxy sso
« Reply #1 on: April 30, 2019, 05:34:05 am »
The proxy server address must be specified as FQDN. You cannot specify an IP address.
Logged

cristian_asir

  • Newbie
  • *
  • Posts: 20
  • Karma: 1
    • View Profile
Re: web Proxy sso
« Reply #2 on: April 30, 2019, 08:28:44 am »
Quote from: HughJazz84 on April 30, 2019, 12:53:48 am
hey all,

so i have the webproxy sso plugin installer, configured and it passes all chks and seems to work, when I test the kerberos login i get

Password for hxxxx@INTERNAL.EXAMPLE.CA:
AF oRQwEqADCgEAoQsasdfSqGSIb3EgECAg== hxxx@INTERNAL.EXAMPLE.CA
BH quit command

so it seems to be working.... but when I try to use the web browser, it downloads the wpad.dat file and then asks for authentication.

cache.log has many examples of
ERROR: Negotiate Authentication validating user. Result: {result=BH, notes={message: received type 1 NTLM token; }}

how can I debug the kerberos authentication and ensure that kerberos auth and not ntlm are being processed.

I think im close, but i cant for the life of me get this last step...

Thanks in advance

Hugh


Hello friend, can u please help me with ldap integration with kerberos plugin?
Logged

HughJazz84

  • Newbie
  • *
  • Posts: 4
  • Karma: 0
    • View Profile
Re: web Proxy sso
« Reply #3 on: April 30, 2019, 02:04:45 pm »
i am using FQDN in the wpad file, i also tried manually configuring it with the FQDN and got the same result.

What is the best way to debug the KERB auth exchange?

Hugh
Logged

HughJazz84

  • Newbie
  • *
  • Posts: 4
  • Karma: 0
    • View Profile
Re: web Proxy sso
« Reply #4 on: April 30, 2019, 02:29:06 pm »
christian:  once i get it working, i would be happy to.  right now, I dont have it working so I need to focus on my system.

Hugh
Logged

distrimed

  • Newbie
  • *
  • Posts: 4
  • Karma: 0
    • View Profile
Re: web Proxy sso
« Reply #5 on: February 21, 2020, 02:52:48 pm »
Hello
i cant find any intel about how to configure the sso.
You said that all look like ok for you
could you tell me how do you do that
thank
Logged
Plusieurs Opnsense virtualisé en services et quelque pfsense non encore migré
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • English Forums »
  • Web Proxy Filtering and Caching (Moderator: fabian) »
  • web Proxy sso
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2