Hello everyone,
I have configured the Squid Proxy on OPNsense (latest version) and successfully connected OPNsense to the AD. When I access a website from a client, the login prompt appears, and I can successfully authenticate with the AD user.
After that, I installed the Kerberos plugin and enabled SSO for the proxy. When I enter the username and password of an AD user on the SSO page for testing, a token is generated, and it seems to be OK. At least when I deliberately enter incorrect data, I get a different message.
However, when I then try to access a website from the client, the login prompt still appears. But even when I enter the AD user's credentials, I can't get any further.
I am not entirely sure if this is supposed to work at all or in a broken state, but ...
For Kerberos to work the OPNsense MUST use the AD DCs as its recursive name servers and no other one.
Also time synchronisation is critical.
Is that the case?