Hi folks!
We have a bothersome problem with Kerberos Authentication to the ASG HTTP/S Proxy in Active Directory SSO Mode. All clients are always falling back to NTLM but are automatically authenticated. We can prove that NTLM is still used only in network sniffer and because there's no Kerberos ticket in Windows client cache. Our ASG works with Firmware v 8.003 and is joined to a AD domain with Windows Server 2003 R2 domain controllers (joining was no problem). We use only Windows 7 clients with IE 8 at the moment to test that Proxy Authentication. All clients get the FQDN of ASG as proxy address via wpad script which resides on ASG itself. For testing purposes we have also disabled the "Automatically detect..." setting and manually entered the FQDN in IE proxy connection but unfortunately that had not the desired effect.
All's working fine so far but the failing Kerberos Authentication get on my nerves, you know?
I have tried to get Kerberos ticket via kinit from ASG shell which works like a charm and the key table is looking well. I have followed the troubleshooting hints from this link AD Troubleshooting Guide but that could not solve the problem or rather give me a hint what's the cause for above mentioned.
I have opened a ticket for this case but Astaro says that this is a client problem and can't be affected by the Proxy.
Do you have any suggestion for me what I can try else? Perhaps there is some Windows or IE setting which prevents Kerberos authentication to proxy servers?
Many thanks in advance!
This thread was automatically locked due to age.
