- This topic is empty.
September 29, 2011 at 2:25 am #43135ckoeberMember
I have successfully configured a ZeroShell instance to be a captive portal within a wireless network using Radius authentication via a proxy system. I would like to add an additional Microsoft Active Directory domain using Kerberos but I cannot get authenticated on that domain. Here are the steps I followed:
(1). Under time, I ensured that the NTP settings are set to sync with the active directory domain controllers.
(2). The DNS setup has the Active Directory server listed as (ANY) for the forwarding. The Active Directiry server runs a DNS service which runs the standard DNS service for the network as well as for access to the internet.
(3). Under the REALMS section in Kerberos 5, I have the domain listed with the primary domain controller listed as the KDC. I have tried both the IP of the domain controller (with the DNS Discovery option set to no) and the FQDN of the domain controller ( with the DNSD discovery option set to yes).
(4). Under the Authentication tab for the Captive Portal section, I have the domain name, in all caps, listed in the Authorized Domains with “External Kerberos 5 Realm” checked as the domain type.
Now, after all of this, I cannot get a user authenticated to the active directory realm. The log file lists this error message:
19:04:53 AS: trying Kerberos 5 (External KDC) authentication for user@ACTIVEDIRECTORYDOMAIN.COM (Client: xxx.xxx.xxx.xxx)
19:04:53 AS: kinit(v5): Password incorrect while getting initial credentials
Any idea of what I might need to change?
Chris K.September 29, 2011 at 9:48 pm #51969ckoeberMember
It turns out that what I did does work with the exception of a small subset of accounts I tried.
Thank you for anyone who has taken time to look at this.
- You must be logged in to reply to this topic.