captive portal with kerberos/Active directory

Home Page Forums Network Management ZeroShell captive portal with kerberos/Active directory

This topic contains 4 replies, has 0 voices, and was last updated by  uniquegodwin 8 years, 5 months ago.

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • #41264

    uniquegodwin
    Member

    Hello,
    Thanks so much for this amazing firewall.
    Everything works fine except for the integration of captive portal with windows 2003 server.
    I’ve tried the following….
    1.)Added a new realm under kerberos. The name of the realm is “test.serv”.
    2.) Enabled DNS discovery also.
    3.) Added a new authorized domain “test.serv” in the captive portal page as “External Kerberos 5 Realm”

    Then,I tried to open google.com on another browser window,the captive portal appears…but,when i select “test.serv” and enter “Administrator” as username and its password,it shows “Access denied”. 🙁

    Please help me…
    I’ve been working on this all day and I’m unable to find a solution..
    Thanks so much…

    P.S:
    Here is additional information…
    Active Directory is set properly in windows server… ip is 10.0.3.1
    Zeroshell’s ip is 10.0.3.2…DHCP is enabled in zeroshell…NAT is enabled.
    I’ve added a firewall rule to allow ANY TCP/UDP ..
    I’m able to authenticate perfectly through example.com on captive portal.

    #47077

    imported_fulvio
    Participant

    Please, post the result of the following shell commands:

    kinit administrator@TEST.SERV

    klist

    Regards
    Fulvio

    #47078

    uniquegodwin
    Member

    Thanks for replying..
    I reinstalled and changed the Domain Controller to “dd.serv”…
    This was my result for the first command…

    kinit administrator@dd.serv
    kinit(v5): Cannot resolve network address for KDC in requested realm while getting initial credentials

    This is the result for the 2nd command…

    root@zeroshell root> klist
    Ticket cache: FILE:/tmp/krb5cc_0_daiId10015
    Default principal: admin@DD.LOCAL

    Valid starting Expires Service principal
    11/03/08 06:21:56 11/03/08 13:01:56 krbtgt/DD.LOCAL@DD.LOCAL

    Thanks so much

    #47079

    imported_fulvio
    Participant

    Disable DNS discovery for the REALMs and the KDCs and add the IP address of your Active Directory domain controller.

    Regards
    Fulvio

    #47080

    uniquegodwin
    Member

    I think there was a problem communicating with the domain controller itself…
    Only now I got a bit more familiar to see the logs…and thanks for those commands…they really helped 🙂
    It works now….I disabled the DNS discovery too…

    But,now I have different problems like internet not working through the firewall even when NAT is enabled..

    Anyway,I’ll check this up well and then post back….
    I’m actually migrating from Kerio Winroute to Zeroshell.
    I’ve set this firewall up in 2 places ….it works well in one office…but gives problem on the other site.I’m struggling with the VPN setup too a bit…but,I’ll try my best and post back if I can’t solve it.
    Thanks again for the time…and thanks for this firewall.It’s the best I found with similar features of winroute and its better while comparing with Endian,Pfsense,monowall and smoothwall.But,just waiting for your next releases with the disabled features enabled.
    Thanks once again.

    #47081

    bozallen
    Member

    I came across this forum subject when having problems getting the captive portal to authenticate with AD through kerberos.

    I resolved it by syncing the time on my zeroshell box with my AD server and turning on DNS discovery.

    Hope this may help others having problems.

Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.