November 1, 2008 at 7:47 pm #41264
Thanks so much for this amazing firewall.
Everything works fine except for the integration of captive portal with windows 2003 server.
I’ve tried the following….
1.)Added a new realm under kerberos. The name of the realm is “test.serv”.
2.) Enabled DNS discovery also.
3.) Added a new authorized domain “test.serv” in the captive portal page as “External Kerberos 5 Realm”
Then,I tried to open google.com on another browser window,the captive portal appears…but,when i select “test.serv” and enter “Administrator” as username and its password,it shows “Access denied”. 🙁
Please help me…
I’ve been working on this all day and I’m unable to find a solution..
Thanks so much…
Here is additional information…
Active Directory is set properly in windows server… ip is 10.0.3.1
Zeroshell’s ip is 10.0.3.2…DHCP is enabled in zeroshell…NAT is enabled.
I’ve added a firewall rule to allow ANY TCP/UDP ..
I’m able to authenticate perfectly through example.com on captive portal.November 2, 2008 at 2:47 pm #47077
Please, post the result of the following shell commands:
FulvioNovember 3, 2008 at 5:24 am #47078
Thanks for replying..
I reinstalled and changed the Domain Controller to “dd.serv”…
This was my result for the first command…
kinit(v5): Cannot resolve network address for KDC in requested realm while getting initial credentials
This is the result for the 2nd command…
root@zeroshell root> klist
Ticket cache: FILE:/tmp/krb5cc_0_daiId10015
Default principal: admin@DD.LOCAL
Valid starting Expires Service principal
11/03/08 06:21:56 11/03/08 13:01:56 krbtgt/DD.LOCAL@DD.LOCAL
Thanks so muchNovember 3, 2008 at 6:20 pm #47079
Disable DNS discovery for the REALMs and the KDCs and add the IP address of your Active Directory domain controller.
FulvioNovember 4, 2008 at 1:35 am #47080
I think there was a problem communicating with the domain controller itself…
Only now I got a bit more familiar to see the logs…and thanks for those commands…they really helped 🙂
It works now….I disabled the DNS discovery too…
But,now I have different problems like internet not working through the firewall even when NAT is enabled..
Anyway,I’ll check this up well and then post back….
I’m actually migrating from Kerio Winroute to Zeroshell.
I’ve set this firewall up in 2 places ….it works well in one office…but gives problem on the other site.I’m struggling with the VPN setup too a bit…but,I’ll try my best and post back if I can’t solve it.
Thanks again for the time…and thanks for this firewall.It’s the best I found with similar features of winroute and its better while comparing with Endian,Pfsense,monowall and smoothwall.But,just waiting for your next releases with the disabled features enabled.
Thanks once again.November 6, 2010 at 8:13 pm #47081
I came across this forum subject when having problems getting the captive portal to authenticate with AD through kerberos.
I resolved it by syncing the time on my zeroshell box with my AD server and turning on DNS discovery.
Hope this may help others having problems.
You must be logged in to reply to this topic.