I' trying to configure kerberos so clients can use this to authenticate to the explicit web proxy. The release notes talk about this very briefly, but cannot find any info on what steps need to be taken to configure this. The first is pretty self-explanatory and can also be configured from GUI. But the second, where we need to configure the account in the AD which is mapped to the SPN is not.
- Where do I for example get the base64 encoded keytab?
- Is the LDAP server the profile name that can be configured in the GUI, or do I need to specify a host name?
I guess as this feature is quite new Fortinet hasn't gotten around to describe it in more detail yet. Can someone provide the steps to do this?
FortiGate now recognizes the client's authentication method from the token and selects the correct authentication scheme to authenticate successfully.
The following web proxy Kerberos authentication CLI syntax has been added:
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello,
i want to use the same Configuration.
is there any Update for this topic?
thanks
I think I have some notes on this setup process that we received from our Fortinet account team during our eval/poc phase. I'll check in the office and post back.
Hi Good morning
I appreciate this is an old post but did you ever find out where to get the keytab base64 file from, do we generate it on the ldap server then import it into the FG ? I have tried to generate a random string as part of the generation but it wants a file name.
many thanks
mac
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.