explicit proxy with ldap and kerberos authentication. Creating the keytab file.
Hi Good morning
We have a Fortigate 301E running V 6.2.3
I have setup explicit proxy and ldap user groups and the last thing i have to configure is the kerberos authentication scheme, i have tried to generate keytab file string as part of the config krb-keytab command but i get the error
The keytab is not valid for the principal:???. ( principal redacted )
object check operator error, -651, discard the setting
Command fail. Return code -651
I am assuming i have to get the keytab file then encode it, do i do this on the LDAP server ?
So create the keytab file on the ldap server
Base 64 encode it
download it into the fortigate
create the keytab file using the previously downloaded keytab file.
is that correct or can someone explain how i can generate this keytab file on the fortigate FW ?
Hello. Look at this guide - https://docs.fortinet.com/document/fortigate/6.0.0/handbook/926128/kerberos. Section "1.4 Generate the Kerberos keytab". You can use your domain controlled to do this operation. Then you need to do base64 encoding (using any Unix machine or some online services) and delete all line feeds from it (using a text editor). Then use text from the keytab file as an argument in the keytab command on Fortigate.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.