captive portal with kerberos/Active directory

Forums Network Management ZeroShell captive portal with kerberos/Active directory

  • This topic is empty.
Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
  • #41264

    Thanks so much for this amazing firewall.
    Everything works fine except for the integration of captive portal with windows 2003 server.
    I’ve tried the following….
    1.)Added a new realm under kerberos. The name of the realm is “test.serv”.
    2.) Enabled DNS discovery also.
    3.) Added a new authorized domain “test.serv” in the captive portal page as “External Kerberos 5 Realm”

    Then,I tried to open on another browser window,the captive portal appears…but,when i select “test.serv” and enter “Administrator” as username and its password,it shows “Access denied”. ๐Ÿ™

    Please help me…
    I’ve been working on this all day and I’m unable to find a solution..
    Thanks so much…

    Here is additional information…
    Active Directory is set properly in windows server… ip is
    Zeroshell’s ip is…DHCP is enabled in zeroshell…NAT is enabled.
    I’ve added a firewall rule to allow ANY TCP/UDP ..
    I’m able to authenticate perfectly through on captive portal.


    Please, post the result of the following shell commands:

    kinit administrator@TEST.SERV




    Thanks for replying..
    I reinstalled and changed the Domain Controller to “dd.serv”…
    This was my result for the first command…

    kinit administrator@dd.serv
    kinit(v5): Cannot resolve network address for KDC in requested realm while getting initial credentials

    This is the result for the 2nd command…

    root@zeroshell root> klist
    Ticket cache: FILE:/tmp/krb5cc_0_daiId10015
    Default principal: admin@DD.LOCAL

    Valid starting Expires Service principal
    11/03/08 06:21:56 11/03/08 13:01:56 krbtgt/DD.LOCAL@DD.LOCAL

    Thanks so much


    Disable DNS discovery for the REALMs and the KDCs and add the IP address of your Active Directory domain controller.



    I think there was a problem communicating with the domain controller itself…
    Only now I got a bit more familiar to see the logs…and thanks for those commands…they really helped ๐Ÿ™‚
    It works now….I disabled the DNS discovery too…

    But,now I have different problems like internet not working through the firewall even when NAT is enabled..

    Anyway,I’ll check this up well and then post back….
    I’m actually migrating from Kerio Winroute to Zeroshell.
    I’ve set this firewall up in 2 places ….it works well in one office…but gives problem on the other site.I’m struggling with the VPN setup too a bit…but,I’ll try my best and post back if I can’t solve it.
    Thanks again for the time…and thanks for this firewall.It’s the best I found with similar features of winroute and its better while comparing with Endian,Pfsense,monowall and smoothwall.But,just waiting for your next releases with the disabled features enabled.
    Thanks once again.


    I came across this forum subject when having problems getting the captive portal to authenticate with AD through kerberos.

    I resolved it by syncing the time on my zeroshell box with my AD server and turning on DNS discovery.

    Hope this may help others having problems.

Viewing 6 posts - 1 through 6 (of 6 total)
  • You must be logged in to reply to this topic.