web Proxy sso

Started by HughJazz84, April 30, 2019, 12:53:48 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
April 30, 2019, 12:53:48 AM
hey all,

so i have the webproxy sso plugin installer, configured and it passes all chks and seems to work, when I test the kerberos login i get

Password for hxxxx@INTERNAL.EXAMPLE.CA:
AF oRQwEqADCgEAoQsasdfSqGSIb3EgECAg== hxxx@INTERNAL.EXAMPLE.CA
BH quit command

so it seems to be working.... but when I try to use the web browser, it downloads the wpad.dat file and then asks for authentication.

cache.log has many examples of
ERROR: Negotiate Authentication validating user. Result: {result=BH, notes={message: received type 1 NTLM token; }}

how can I debug the kerberos authentication and ensure that kerberos auth and not ntlm are being processed.

I think im close, but i cant for the life of me get this last step...

Thanks in advance

Hugh
April 30, 2019, 05:34:05 AM #1
The proxy server address must be specified as FQDN. You cannot specify an IP address.
April 30, 2019, 08:28:44 AM #2
Quote from: HughJazz84 on April 30, 2019, 12:53:48 AM
hey all,

so i have the webproxy sso plugin installer, configured and it passes all chks and seems to work, when I test the kerberos login i get

Password for hxxxx@INTERNAL.EXAMPLE.CA:
AF oRQwEqADCgEAoQsasdfSqGSIb3EgECAg== hxxx@INTERNAL.EXAMPLE.CA
BH quit command

so it seems to be working.... but when I try to use the web browser, it downloads the wpad.dat file and then asks for authentication.

cache.log has many examples of
ERROR: Negotiate Authentication validating user. Result: {result=BH, notes={message: received type 1 NTLM token; }}

how can I debug the kerberos authentication and ensure that kerberos auth and not ntlm are being processed.

I think im close, but i cant for the life of me get this last step...

Thanks in advance

Hugh


Hello friend, can u please help me with ldap integration with kerberos plugin?
April 30, 2019, 02:04:45 PM #3
i am using FQDN in the wpad file, i also tried manually configuring it with the FQDN and got the same result.

What is the best way to debug the KERB auth exchange?

Hugh
April 30, 2019, 02:29:06 PM #4
christian:  once i get it working, i would be happy to.  right now, I dont have it working so I need to focus on my system.

Hugh
February 21, 2020, 02:52:48 PM #5
Hello
i cant find any intel about how to configure the sso.
You said that all look like ok for you
could you tell me how do you do that
thank
Plusieurs Opnsense virtualisé en services et quelque pfsense non encore migré
Print
Go Up Pages1
User actions