cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

Re: MWG 7.1 and Kerberos issues

Thanks for the support Jon.

I tried to follow the steps in great detail, however unsuccessfully, I heed me now a detail that had not yet noticed.

When running the command kinit-V-t k last "last_keytab_generated" (this is the keytab file I generated in AD Server) I have the following output:

[root @ Webagateway02 tmp] # kinit-V k -t iphan6.keytab

Using default cache: / tmp / krb5cc_0

kinit: Can not determine realm for host (main host / webagateway02 @)

Searching saw guidance on configuring krb5.conf, but still could not solve.

Some guidance?

McAfee Employee jscholte
McAfee Employee
Report Inappropriate Content
Message 12 of 18

Re: MWG 7.1 and Kerberos issues

Could you please try accessing the MWG using a browser?

When you do that, show us what your browser settings are set to.

Show us klist output from the keytab.

Also show ldifde output from the user account in AD.

All commands are in the aforementioned guide.

Best,

Jon

Re: MWG 7.1 and Kerberos issues

Good morning Jon,

Access the Web Gateway by the browser normally.

Here are the outputs of the commands

"[root @ Webagateway02 etc] # klist -tek /etc/krb5.mwg.keytab

Keytab name: FILE: /etc/krb5.mwg.keytab

KVNO Main Timestamp

---- ----------------- ----------------------------- --------

    9 12/31/69 21:00:00 HTTP/forteorange.*****.gov@*****.GOV

    9 12/31/69 21:00:00 HTTP/forteorange.*****.gov@*****.GOV

    9 12/31/69 21:00:00 HTTP/forteorange.*****.gov@*****.GOV

    9 12/31/69 21:00:00 HTTP/forteorange.*****.gov@*****.GOV

    9 12/31/69 21:00:00 HTTP/forteorange.*****.gov@*****.GOV

[root @ Webagateway02 etc] # "

"ldifde -f

dn: cn = Web Gateway, CN = Users, DC = *****, DC = gov

changetype: add

sAMAccountName: webgateway

userPrincipalName: HTTP/forteorange.*****.gov@*****.GOV

servicePrincipalName: HTTP / forteorange.*****.gov

servicePrincipalName: HTTP / webgateway.*****.gov

msDS-KeyVersionNumber: 9"

Many thanks for the help!

McAfee Employee jscholte
McAfee Employee
Report Inappropriate Content
Message 14 of 18

Re: MWG 7.1 and Kerberos issues

So whats the problem then if the browser is working?

Best,

Jon

Re: MWG 7.1 and Kerberos issues

Works only to access the MWG.

To access the Internet by MWG does not work. Calls popups to authenticate the user even being in the field, when entering valid credentials it does not authenticate.

McAfee Employee jscholte
McAfee Employee
Report Inappropriate Content
Message 16 of 18

Re: MWG 7.1 and Kerberos issues

What is the address you specified in the browser? It has to be forteorange.*****.gov:9090 or whatever proxy port you have set.

Best,

Jon

Re: MWG 7.1 and Kerberos issues

Yes Jon,

proxy.jpg

McAfee Employee jscholte
McAfee Employee
Report Inappropriate Content
Message 18 of 18

Re: MWG 7.1 and Kerberos issues

So what browser is this? It looks like a mobile browser. Is this on a domain where it can actually get a ticket to authenticate using kerberos? Do you have a case open with support?

Best,

Jon

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community