Hi Good morning
We have a Fortigate 301E running V 6.2.3
I have setup explicit proxy and ldap user groups and the last thing i have to configure is the kerberos authentication scheme, i have tried to generate keytab file string as part of the config krb-keytab command but i get the error
The keytab is not valid for the principal:???. ( principal redacted ) object check operator error, -651, discard the setting Command fail. Return code -651
I am assuming i have to get the keytab file then encode it, do i do this on the LDAP server ?
So create the keytab file on the ldap server
Base 64 encode it
download it into the fortigate
create the keytab file using the previously downloaded keytab file.
is that correct or can someone explain how i can generate this keytab file on the fortigate FW ?
Thanks for all your valud help
kind regards
mac
Hello. Look at this guide - https://docs.fortinet.com/document/fortigate/6.0.0/handbook/926128/kerberos. Section "1.4 Generate the Kerberos keytab". You can use your domain controlled to do this operation. Then you need to do base64 encoding (using any Unix machine or some online services) and delete all line feeds from it (using a text editor). Then use text from the keytab file as an argument in the keytab command on Fortigate.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.