"
I have to say that 10.109.2.80 is an IP of my high school VPN
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
#2
General Discussion / Nextcloud question
May 23, 2019, 04:24:12 PM
Hello,
In my home I have a server connected to my router and I have one server with nextcloud configured using Kubuntu (similar Ubuntu). I have this server in a different network.
Server - - > 192.168.0.16
OPNsense - - >10.109.2.80
Help, thanks.
In my home I have a server connected to my router and I have one server with nextcloud configured using Kubuntu (similar Ubuntu). I have this server in a different network.
Server - - > 192.168.0.16
OPNsense - - >10.109.2.80
Help, thanks.
#3
Web Proxy Filtering and Caching / error with format of squid.keytab
May 16, 2019, 09:47:43 AM
Password for Administrador@PROXY.ASIR:
-- init_password: Wiping the computer password structure
-- generate_new_password: Generating a new, random password for the computer account
-- generate_new_password: Characters read from /dev/urandom = 77
-- get_dc_host: Attempting to find Domain Controller to use via DNS SRV record in domain PROXY.ASIR for procotol tcp
-- validate: Found DC: dominio45.proxy.asir. Checking availability...
-- get_dc_host: Found preferred Domain Controller: dominio45.proxy.asir
-- create_fake_krb5_conf: Created a fake krb5.conf file: /tmp/.msktkrb5.conf-0WoRb4
-- destroy_g_context: Destroying Kerberos Context
-- initialize_g_context: Creating Kerberos Context
-- finalize_exec: SAM Account Name is: OPNSENSE-K$
-- try_machine_keytab_princ: Trying to authenticate for OPNSENSE-K$ from local keytab
-- try_machine_keytab_princ: Error: krb5_get_init_creds_keytab failed (Generic preauthentication failure)
-- try_machine_keytab_princ: Authentication with keytab failed
-- try_machine_keytab_princ: Trying to authenticate for OPNSENSE-K$ from local keytab
-- try_machine_keytab_princ: Error: krb5_get_init_creds_keytab failed (Generic preauthentication failure)
-- try_machine_keytab_princ: Authentication with keytab failed
-- try_machine_keytab_princ: Trying to authenticate for host/opnsense.proxy.asir from local keytab
-- try_machine_keytab_princ: Error: krb5_get_init_creds_keytab failed (Client not found in Kerberos database)
-- try_machine_keytab_princ: Authentication with keytab failed
-- try_machine_password: Trying to authenticate for OPNSENSE-K$ with password
-- create_default_machine_password: Default machine password for OPNSENSE-K$ is opnsense-k
-- try_machine_password: Error: krb5_get_init_creds_keytab failed (Preauthentication failed)
-- try_machine_password: Authentication with password failed
-- try_user_creds: Checking if default ticket cache has tickets
-- finalize_exec: Authenticated using method 5
-- LDAPConnection: Connecting to LDAP server: dominio45.proxy.asir
SASL/GSSAPI authentication started
SASL username: Administrador@PROXY.ASIR
SASL SSF: 256
SASL data security layer installed.
-- ldap_get_base_dn: Determining default LDAP base: dc=PROXY,dc=ASIR
-- ldap_check_account: Checking that a computer account for OPNSENSE-K$ exists
-- ldap_check_account: Checking computer account - found
-- ldap_check_account: Found userAccountControl = 0x1000
-- ldap_check_account: Found supportedEncryptionTypes = 28
-- ldap_check_account: Found dNSHostName = opnsense.proxy.asir
-- ldap_check_account: Found Principal: host/opnsense.proxy.asir
-- ldap_check_account: Found Principal: HTTP/OPNsense.proxy.asir
-- ldap_check_account: userPrincipal specified on command line
-- ldap_check_account_strings: Inspecting (and updating) computer account attributes
-- ldap_check_account_strings: Found userPrincipalName = HTTP/OPNsense.proxy.asir@PROXY.ASIR
-- ldap_check_account_strings: userPrincipalName should be HTTP/OPNsense.proxy.asir@PROXY.ASIR
-- ldap_check_account_strings: Nothing to do
-- ldap_set_supportedEncryptionTypes: No need to change msDs-supportedEncryptionTypes they are 28
-- ldap_set_userAccountControl_flag: Setting userAccountControl bit at 0x200000 to 0x0
-- ldap_set_userAccountControl_flag: userAccountControl not changed 0x1000
-- ldap_get_kvno: KVNO is 4
-- set_password: Attempting to reset computer's password
-- set_password: Try change password using user's ticket cache
-- ldap_get_pwdLastSet: pwdLastSet is 132024662198350819
-- set_password: Successfully set password
-- remove_keytab_entries: Trying to remove entries for OPNSENSE-K$ from keytab
-- execute: Updating all entries for computer account OPNSENSE-K$ in the keytab WRFILE:/usr/local/etc/squid/squid.keytab
-- update_keytab: Updating all entries for OPNSENSE-K$
-- add_principal_keytab: Adding principal to keytab: OPNSENSE-K$
-- get_salt: Using salt of PROXY.ASIRhostopnsense-k.proxy.asir
-- add_principal_keytab: Adding entry of enctype 0x17
Error: krb5_kt_add_entry failed failed (Unsupported key table format version number)
-- init_password: Wiping the computer password structure
-- generate_new_password: Generating a new, random password for the computer account
-- generate_new_password: Characters read from /dev/urandom = 77
-- get_dc_host: Attempting to find Domain Controller to use via DNS SRV record in domain PROXY.ASIR for procotol tcp
-- validate: Found DC: dominio45.proxy.asir. Checking availability...
-- get_dc_host: Found preferred Domain Controller: dominio45.proxy.asir
-- create_fake_krb5_conf: Created a fake krb5.conf file: /tmp/.msktkrb5.conf-0WoRb4
-- destroy_g_context: Destroying Kerberos Context
-- initialize_g_context: Creating Kerberos Context
-- finalize_exec: SAM Account Name is: OPNSENSE-K$
-- try_machine_keytab_princ: Trying to authenticate for OPNSENSE-K$ from local keytab
-- try_machine_keytab_princ: Error: krb5_get_init_creds_keytab failed (Generic preauthentication failure)
-- try_machine_keytab_princ: Authentication with keytab failed
-- try_machine_keytab_princ: Trying to authenticate for OPNSENSE-K$ from local keytab
-- try_machine_keytab_princ: Error: krb5_get_init_creds_keytab failed (Generic preauthentication failure)
-- try_machine_keytab_princ: Authentication with keytab failed
-- try_machine_keytab_princ: Trying to authenticate for host/opnsense.proxy.asir from local keytab
-- try_machine_keytab_princ: Error: krb5_get_init_creds_keytab failed (Client not found in Kerberos database)
-- try_machine_keytab_princ: Authentication with keytab failed
-- try_machine_password: Trying to authenticate for OPNSENSE-K$ with password
-- create_default_machine_password: Default machine password for OPNSENSE-K$ is opnsense-k
-- try_machine_password: Error: krb5_get_init_creds_keytab failed (Preauthentication failed)
-- try_machine_password: Authentication with password failed
-- try_user_creds: Checking if default ticket cache has tickets
-- finalize_exec: Authenticated using method 5
-- LDAPConnection: Connecting to LDAP server: dominio45.proxy.asir
SASL/GSSAPI authentication started
SASL username: Administrador@PROXY.ASIR
SASL SSF: 256
SASL data security layer installed.
-- ldap_get_base_dn: Determining default LDAP base: dc=PROXY,dc=ASIR
-- ldap_check_account: Checking that a computer account for OPNSENSE-K$ exists
-- ldap_check_account: Checking computer account - found
-- ldap_check_account: Found userAccountControl = 0x1000
-- ldap_check_account: Found supportedEncryptionTypes = 28
-- ldap_check_account: Found dNSHostName = opnsense.proxy.asir
-- ldap_check_account: Found Principal: host/opnsense.proxy.asir
-- ldap_check_account: Found Principal: HTTP/OPNsense.proxy.asir
-- ldap_check_account: userPrincipal specified on command line
-- ldap_check_account_strings: Inspecting (and updating) computer account attributes
-- ldap_check_account_strings: Found userPrincipalName = HTTP/OPNsense.proxy.asir@PROXY.ASIR
-- ldap_check_account_strings: userPrincipalName should be HTTP/OPNsense.proxy.asir@PROXY.ASIR
-- ldap_check_account_strings: Nothing to do
-- ldap_set_supportedEncryptionTypes: No need to change msDs-supportedEncryptionTypes they are 28
-- ldap_set_userAccountControl_flag: Setting userAccountControl bit at 0x200000 to 0x0
-- ldap_set_userAccountControl_flag: userAccountControl not changed 0x1000
-- ldap_get_kvno: KVNO is 4
-- set_password: Attempting to reset computer's password
-- set_password: Try change password using user's ticket cache
-- ldap_get_pwdLastSet: pwdLastSet is 132024662198350819
-- set_password: Successfully set password
-- remove_keytab_entries: Trying to remove entries for OPNSENSE-K$ from keytab
-- execute: Updating all entries for computer account OPNSENSE-K$ in the keytab WRFILE:/usr/local/etc/squid/squid.keytab
-- update_keytab: Updating all entries for OPNSENSE-K$
-- add_principal_keytab: Adding principal to keytab: OPNSENSE-K$
-- get_salt: Using salt of PROXY.ASIRhostopnsense-k.proxy.asir
-- add_principal_keytab: Adding entry of enctype 0x17
Error: krb5_kt_add_entry failed failed (Unsupported key table format version number)
#4
Web Proxy Filtering and Caching / krb5.conf question
May 16, 2019, 09:07:19 AM
I have all the parameters OK but I do not know how can I configurate /etc/krb5.conf
I know how to configurate it but it changes.....
This is the message:
root@OPNsense:/etc # cat krb5.conf
# Autogenerated config. Do not edit manualy.
How can I autoconfigurate it????? Is urgent
I know how to configurate it but it changes.....
This is the message:
root@OPNsense:/etc # cat krb5.conf
# Autogenerated config. Do not edit manualy.
How can I autoconfigurate it????? Is urgent
#5
Web Proxy Filtering and Caching / Configuration of Kerberos plugin for authentication against AD domain
May 15, 2019, 04:54:11 PM
Hi,
Anyone knows how can I configurate Kerberos plugin?
I would like to read some pdf with the documentation or something like that (how-to).
Please, give me a happy notice!
IS FOR MY PROJECT OF UNIVERSITY!!
Anyone knows how can I configurate Kerberos plugin?
I would like to read some pdf with the documentation or something like that (how-to).
Please, give me a happy notice!
IS FOR MY PROJECT OF UNIVERSITY!!
#6
Web Proxy Filtering and Caching / Re: pkg problem
May 15, 2019, 04:23:32 PM
Understood, thanks for your time!
#7
Web Proxy Filtering and Caching / pkg problem
May 14, 2019, 11:45:17 AM
Anyone Knows this problem? I cannot install some packages like for example: samba
Code:
root@OPNsense:~ # pkg install samba48
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
pkg: No packages available to install matching 'samba48' have been found in the repositories
root@OPNsense:~ #
Code:
root@OPNsense:~ # pkg install samba48
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
pkg: No packages available to install matching 'samba48' have been found in the repositories
root@OPNsense:~ #
#8
Web Proxy Filtering and Caching / Integration of OPNsense on AD Domain
May 13, 2019, 07:15:44 PM
Anyone has a How-To (Tutorial) about how can I integrate OPNsense on Active Directory?
Help!!!
Help!!!
#9
Web Proxy Filtering and Caching / Re: /etc/hosts issue
May 06, 2019, 09:28:39 AM
root@OPNsense:~ # cat /etc/hosts
127.0.0.1 localhost localhost.localdomain
192.168.60.1 OPNsense.localdomain OPNsense >> This is the issue: I have the ip of one of my clients interfaces. AND I WANT the IP of my firewall :((
root@OPNsense:~ # cat /etc/resolv.conf
domain localdomain
nameserver 10.109.2.80
root@OPNsense:~ #
127.0.0.1 localhost localhost.localdomain
192.168.60.1 OPNsense.localdomain OPNsense >> This is the issue: I have the ip of one of my clients interfaces. AND I WANT the IP of my firewall :((
root@OPNsense:~ # cat /etc/resolv.conf
domain localdomain
nameserver 10.109.2.80
root@OPNsense:~ #
#10
Web Proxy Filtering and Caching / Re: /etc/hosts issue
May 06, 2019, 09:14:43 AM
I will try it, thanks for your help!!
#11
Web Proxy Filtering and Caching / Re: /etc/hosts issue
May 06, 2019, 09:03:10 AM
Sorry sorry...
I try to write
127.0.0.1 localhost.localdomain localhost
10.109.2.80 OPNsense.localdomain OPNsense
(/etc/hosts)
But when I reboot OPNsense the second line (10.109.2.80 OPNsense.localdomain localdomain) changes and I have other line content
I try to write
127.0.0.1 localhost.localdomain localhost
10.109.2.80 OPNsense.localdomain OPNsense
(/etc/hosts)
But when I reboot OPNsense the second line (10.109.2.80 OPNsense.localdomain localdomain) changes and I have other line content
#12
Web Proxy Filtering and Caching / Re: /etc/hosts issue
May 06, 2019, 08:55:06 AM
That
127.0.0.1 localhost.localdomain localhost
10.109.2.80 OPNsense.localdomain OPNsense
search proxy.asir
domain proxy.asir
127.0.0.1 localhost.localdomain localhost
10.109.2.80 OPNsense.localdomain OPNsense
search proxy.asir
domain proxy.asir
#13
Web Proxy Filtering and Caching / /etc/hosts issue
May 06, 2019, 08:39:33 AM
Hello, I have an issue with /etc/hosts.
I make changes in /etc/hosts but when I reboot OPNsense this changes dissapear and I have the same content than before.
Is so strange but I need to resolve it because I want to join an AD domain
I make changes in /etc/hosts but when I reboot OPNsense this changes dissapear and I have the same content than before.
Is so strange but I need to resolve it because I want to join an AD domain
#14
Web Proxy Filtering and Caching / Re: proxy username and group issue
May 02, 2019, 08:30:50 AM
Hi,
I'm new on OPNsense too, and I configured my proxy on transparent mode and no transparent mode (ACLs for each user).
I have documentation about it, so if you have this problem, I can send you this PDF.
Cheers,
Cristian.
I'm new on OPNsense too, and I configured my proxy on transparent mode and no transparent mode (ACLs for each user).
I have documentation about it, so if you have this problem, I can send you this PDF.
Cheers,
Cristian.
#15
Web Proxy Filtering and Caching / Re: web Proxy sso
April 30, 2019, 08:28:44 AMQuote from: HughJazz84 on April 30, 2019, 12:53:48 AM
hey all,
so i have the webproxy sso plugin installer, configured and it passes all chks and seems to work, when I test the kerberos login i get
Password for hxxxx@INTERNAL.EXAMPLE.CA:
AF oRQwEqADCgEAoQsasdfSqGSIb3EgECAg== hxxx@INTERNAL.EXAMPLE.CA
BH quit command
so it seems to be working.... but when I try to use the web browser, it downloads the wpad.dat file and then asks for authentication.
cache.log has many examples of
ERROR: Negotiate Authentication validating user. Result: {result=BH, notes={message: received type 1 NTLM token; }}
how can I debug the kerberos authentication and ensure that kerberos auth and not ntlm are being processed.
I think im close, but i cant for the life of me get this last step...
Thanks in advance
Hugh
Hello friend, can u please help me with ldap integration with kerberos plugin?
