Squid Proxy - SSO with Kerberos does not work

Started by dng, November 10, 2024, 07:51:04 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
November 10, 2024, 07:51:04 PM
Hello everyone,

I have configured the Squid Proxy on OPNsense (latest version) and successfully connected OPNsense to the AD. When I access a website from a client, the login prompt appears, and I can successfully authenticate with the AD user.

After that, I installed the Kerberos plugin and enabled SSO for the proxy. When I enter the username and password of an AD user on the SSO page for testing, a token is generated, and it seems to be OK. At least when I deliberately enter incorrect data, I get a different message.

However, when I then try to access a website from the client, the login prompt still appears. But even when I enter the AD user's credentials, I can't get any further.
November 10, 2024, 10:19:20 PM #1
I am not entirely sure if this is supposed to work at all or in a broken state, but ...

For Kerberos to work the OPNsense MUST use the AD DCs as its recursive name servers and no other one.
Also time synchronisation is critical.

Is that the case?
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
Print
Go Up Pages1
User actions