Explicit Proxy with Kerberos auth not working
Hello good people!
Since few days i'm trying to configure Proxy on Fortigate 500E with FortiOS 6.0.3 and no luck so far.
I have straight forward configuration:
config authentication scheme
set method negotiate
set negotiate-ntlm disable
config authentication rule
set srcaddr "all"
set ip-based disable
set active-auth-method "Kerberos"
set web-auth-cookie enable
user krb-keytab is with principal, ldap-server and keytab.
For proxy rule I have a source entire 192.168.0.0/16 network, corresponding AD group from the LDAP server and all services.
Once I test the connection, all browsers immediately pops up asking for user and pass and if I run diagnose debug application fnbamd -1 I don't see any LDAP query attempts nor into the logs I see any failed authentications. Once I check with Wireshark I see only NTLMSSP_NEGOTIATE packets flowing. I'm wondering what may be wrong here and how to troubleshoot it on the Fortigate like debug commands or log view to see why this is failing.
Any suggestions will be much appreciated.