Kerbereos authentication on microsoft direct access and forticlient
Hello, for a customer I have configured kerberos authentication over explicit proxy.
When the customer is in the LAN kerberos authentication works fine, the user and the AD-group membership is recognized by the fortigate. When the user is working over microsoft direct access server, the user on the direct access server is recognized but not the AD group membership of the user. It is the same behaviour, when the user is connected over forticlient ipsec-vpn. The user and the client ip address is recognized but not the AD-group membership.
Does anybody has an idea? Is there some config missing? Thanks Judit