Greetings!
Starting this week we experience issues with Kerberos authorization: users from specific subnets of our internal network (VPN specific) started to receive auth errors. Auth trace shows next errors:
[2022-01-19 21:22:28.842 +03:00] debug logging has changed configuration for this file to: 'file:out=mwg-core__Auth.debug.log;options:file=append,multiline=yes,colored=no;threadids:ALL=yes;threadtypes:ALL=yes;plugins:ALL=0,Auth=8-9;classes:ALL=yes;fields:datetime=yes,binary=no,threadid=yes,threadtype=no,plugin=no,level=no,class=no,method=no,message=yes,source=no'.
[2022-01-19 21:23:21.814 +03:00] [1227] Kerberos (1, 10.40.48.18) URL:
https://www.googleapis.com
[2022-01-19 21:23:21.814 +03:00] [1227] Kerberos (1, 10.40.48.18) Configuration: Kerberos Connection: 0x7f75d00ea5a0 RR: 0x7f7a4976acb0
[2022-01-19 21:23:21.814 +03:00] [1227] Kerberos (1, 10.40.48.18) Added authentication method: Negotiate
[2022-01-19 21:23:21.814 +03:00] [1227] Kerberos (1, 10.40.48.18) Authentication didn't return values, failure ID: 4, authentication failed: 0
[2022-01-19 21:23:21.877 +03:00] [1230] Kerberos (2, 10.40.48.18) URL:
https://www.googleapis.com
[2022-01-19 21:23:21.877 +03:00] [1230] Kerberos (2, 10.40.48.18) Configuration: Kerberos Connection: 0x7f75d00ea5a0 RR: 0x7f7a49779db0
[2022-01-19 21:23:21.878 +03:00] [1230] Kerberos (2, 10.40.48.18) Incoming credentials: Negotiate TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAKAGFKAAAADw==
[2022-01-19 21:23:21.878 +03:00] [1230] Kerberos (2, 10.40.48.18) Added authentication method: Negotiate
[2022-01-19 21:23:21.878 +03:00] [1230] Kerberos (2, 10.40.48.18) Authentication didn't return values, failure ID: 0, authentication failed: 1
We have NTLM port listner also configured and it is working fine.