Kerbereos authentication on microsoft direct access and forticlient

Author
judit
Bronze Member
  • Total Posts : 23
  • Scores: 2
  • Reward points: 0
  • Joined: 2011/03/22 07:07:45
  • Status: offline
2019/05/16 05:19:23 (permalink)
0

Kerbereos authentication on microsoft direct access and forticlient

Hello, for a customer I have configured kerberos authentication over explicit proxy.
When the customer is in the LAN kerberos authentication works fine, the user and the AD-group membership is recognized by the fortigate. When the user is working over microsoft direct access server, the user on the direct access server is recognized but not the AD group membership of the user. It is the same behaviour, when the user is connected over forticlient ipsec-vpn. The user and the client ip address is recognized but not the AD-group membership. 
Does anybody has an idea? Is there some config missing? Thanks Judit
 
#1

1 Reply Related Threads

    judit
    Bronze Member
    • Total Posts : 23
    • Scores: 2
    • Reward points: 0
    • Joined: 2011/03/22 07:07:45
    • Status: offline
    Re: Kerbereos authentication on microsoft direct access and forticlient 2019/05/20 01:36:16 (permalink)
    5 (1)
    I have found the solution on google:
     
    Turns out that this was a problem with Windows Kerberos using UDP. There was a registery hack we had to make on all systems that forced kerberos to use TCP. This corrected the issue.
    Please check MS tech note Q244474 entitled " How to force Kerberos to use TCP instead of UDP" .
    https://support.microsoft...tead-of-udp-in-windows
    #2
    Jump to:
    © 2019 APG vNext Commercial Version 5.5