Kerberos authetication without ip-based

Forum|Forum|8 years ago
August 25, 2017
1 reply
2976 views

I would like to ask somebody, is it possible in fortigate 5.6.x setting explicit proxy with kerberos on AD authentication , when is disabled ip-based authentication? I need have in a log written which user which web site open. Kerberos i need because i do not want use ntlm.

xsilver_FTNT

Staff

It is supposed to work. However I hope you are aware that the actual authentication method is Negotiate and therefore it might fall-back to NTLM. Because when FortiGate response back with the proxy-authentication:Negotiate header to client. The client can send back Kerberos token or NTLM token to begin with Negotiate. Both OK. Hints: - NTLM token is much shorter - NTLM token is Base64 encoded and always start with "TlR" while Kerberos starts with "YII"

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded