I have successfully configured a ZeroShell instance to be a captive portal within a wireless network using Radius authentication via a proxy system. I would like to add an additional Microsoft Active Directory domain using Kerberos but I cannot get authenticated on that domain. Here are the steps I followed:
(1). Under time, I ensured that the NTP settings are set to sync with the active directory domain controllers.
(2). The DNS setup has the Active Directory server listed as (ANY) for the forwarding. The Active Directiry server runs a DNS service which runs the standard DNS service for the network as well as for access to the internet.
(3). Under the REALMS section in Kerberos 5, I have the domain listed with the primary domain controller listed as the KDC. I have tried both the IP of the domain controller (with the DNS Discovery option set to no) and the FQDN of the domain controller ( with the DNSD discovery option set to yes).
(4). Under the Authentication tab for the Captive Portal section, I have the domain name, in all caps, listed in the Authorized Domains with “External Kerberos 5 Realm” checked as the domain type.
Now, after all of this, I cannot get a user authenticated to the active directory realm. The log file lists this error message: