Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
mdraevich
New Contributor

explicit proxy + kerberos + captive portal

Hi,

I had worked on this for a week, however no result :c

Does anybody have tested a scenario, when we have explicit proxy with kerberos and captive portal as a fallback?

The result I expect: the workstation inside domain needs to use kerberos. the workstation outside domain needs to use captive portal.

Actually, I have tested two auth rules : {basic, negotiate}, {form-based}. The priority is descending. Kerberos works well in contrast form-based. Instead of captive portal I see "proxy is refusing connection", but html page of form comes to workstation (have checked using wireshark).

1 REPLY 1
Fishbone_FTNT

Hi mdraevich, this is quite old post, but anyway. It's difficult to guess what you want to achieve without any config snippet at all, but let me give it a try.

 

First I noticed in your post is "priority" in auth-rules. There are no priorities. Either rule matches or not. It's matching based *typically* on src address.

I think your non-domain users simply match the same auth-rule, but not having any credentials to provide, proxy is refusing them. Maybe.

 

If it's still actual, please try to uncover more about your (seemingly interesting) setup.

 

Fishbone)(

smithproxy hacker - www.smithproxy.org

Top Kudoed Authors