OPNsense Forum

English Forums => Web Proxy Filtering and Caching => Topic started by: HughJazz84 on April 30, 2019, 12:53:48 am

Title: web Proxy sso
Post by: HughJazz84 on April 30, 2019, 12:53:48 am

hey all,

so i have the webproxy sso plugin installer, configured and it passes all chks and seems to work, when I test the kerberos login i get

Password for hxxxx@INTERNAL.EXAMPLE.CA:
AF oRQwEqADCgEAoQsasdfSqGSIb3EgECAg== hxxx@INTERNAL.EXAMPLE.CA
BH quit command

so it seems to be working.... but when I try to use the web browser, it downloads the wpad.dat file and then asks for authentication.

cache.log has many examples of
ERROR: Negotiate Authentication validating user. Result: {result=BH, notes={message: received type 1 NTLM token; }}

how can I debug the kerberos authentication and ensure that kerberos auth and not ntlm are being processed.

I think im close, but i cant for the life of me get this last step...

Thanks in advance

Hugh

Title: Re: web Proxy sso
Post by: Kekek on April 30, 2019, 05:34:05 am

The proxy server address must be specified as FQDN. You cannot specify an IP address.

Title: Re: web Proxy sso
Post by: cristian_asir on April 30, 2019, 08:28:44 am

Quote from: HughJazz84 on April 30, 2019, 12:53:48 am

hey all,

so i have the webproxy sso plugin installer, configured and it passes all chks and seems to work, when I test the kerberos login i get

Password for hxxxx@INTERNAL.EXAMPLE.CA:
AF oRQwEqADCgEAoQsasdfSqGSIb3EgECAg== hxxx@INTERNAL.EXAMPLE.CA
BH quit command

so it seems to be working.... but when I try to use the web browser, it downloads the wpad.dat file and then asks for authentication.

cache.log has many examples of
ERROR: Negotiate Authentication validating user. Result: {result=BH, notes={message: received type 1 NTLM token; }}

how can I debug the kerberos authentication and ensure that kerberos auth and not ntlm are being processed.

I think im close, but i cant for the life of me get this last step...

Thanks in advance

Hugh

Hello friend, can u please help me with ldap integration with kerberos plugin?

Title: Re: web Proxy sso
Post by: HughJazz84 on April 30, 2019, 02:04:45 pm

i am using FQDN in the wpad file, i also tried manually configuring it with the FQDN and got the same result.

What is the best way to debug the KERB auth exchange?

Hugh

Title: Re: web Proxy sso
Post by: HughJazz84 on April 30, 2019, 02:29:06 pm

christian:  once i get it working, i would be happy to.  right now, I dont have it working so I need to focus on my system.

Hugh

Title: Re: web Proxy sso
Post by: distrimed on February 21, 2020, 02:52:48 pm

Hello
i cant find any intel about how to configure the sso.
You said that all look like ok for you
could you tell me how do you do that
thank