Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
1
Installation and Upgrades / Re: http-proxy SSO (single sign on) zentyal 3.0 - problem
« on: July 21, 2013, 05:15:25 am »
Hello guys.
I'm new in this world, in fact, i'm new in the open sourse world. I work in a healthcare center in Venezuela. We used to have a Fortinet device to do all the firewall, UTM jobs. Because of the bad economic situation in my country, the Fortinet license was too expensive and then we took the desition to migrate to a less expensive solution, so we choosed Zentyal. We get there after knowing a Linux expert who helped us to install a VoIP solution (Asterisk + Elastic). He heard about our Firewall problem, and he proposed us the Zentyal solution. When we started the installation process, everything were good, but we got this SSO problem. This problem affected us through 3 days, we were surfing the internet looking for solution but we didn't found any.
Today, i'm glad to tell you that this problem was solved, now i'm going to put the translation of the post that our Linux expert wrote in the Zentyal spanish forum:
"Here's the solution that i found for this problem, it seems that it only happens with Windows Server 2008 R2, i hope that this solves somebody else's problem and that the Zentyal development team take it for future versions, what i did was modify the /etc/kr5bs.conf file, the original Zentyal file is this:
[libdefaults]
default_realm = [DOMAIN NAME]
dns_lookup_kdc = true
dns_lookup_realm = true
default_tgs_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5
default_tkt_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5
permitted_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5
[kadmin]
default_keys = des-cbc-crc:pw-salt des-cbc-md5:pw-salt arcfour-hmac-md5:pw-salt aes256-cts-hmac-sha1-96:pw-salt aes128-cts-hmac-sha1-96:pw-salt
I modified it in this way:
[libdefaults]
default_realm = [DOMAIN NAME]
dns_lookup_kdc = no
dns_lookup_realm = no
ticket_lifetime = 24h
default_keytab_name = /etc/squid3/HTTP.keytab
default_tgs_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5
default_tkt_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5
permitted_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5
[realms]
[DOMAIN NAME] = {
kdc = [windows_dc_name.domain_name]
kdc = [zentyal_server_name]
admin_server = [windows_dc_name.domain_name]
default_domain = [domain_name]
}
[domain_realm]
.example.local = [DOMAIN NAME]
example.local = [DOMAIN NAME]
Hope this works for you."
If this works for you, please replied it through all the forum posts related to this problem. Our Linux expert who helped us to install Zentyal and who found this problem solution is known as hgeorge123 in the spanish Zentyal community, his name is George. The original spanish post is this: http://forum.zentyal.org/index.php/topic,16813.0.html?PHPSESSID=enn40hnnuurksaf04066ma2ch7
Thanks.
I'm new in this world, in fact, i'm new in the open sourse world. I work in a healthcare center in Venezuela. We used to have a Fortinet device to do all the firewall, UTM jobs. Because of the bad economic situation in my country, the Fortinet license was too expensive and then we took the desition to migrate to a less expensive solution, so we choosed Zentyal. We get there after knowing a Linux expert who helped us to install a VoIP solution (Asterisk + Elastic). He heard about our Firewall problem, and he proposed us the Zentyal solution. When we started the installation process, everything were good, but we got this SSO problem. This problem affected us through 3 days, we were surfing the internet looking for solution but we didn't found any.
Today, i'm glad to tell you that this problem was solved, now i'm going to put the translation of the post that our Linux expert wrote in the Zentyal spanish forum:
"Here's the solution that i found for this problem, it seems that it only happens with Windows Server 2008 R2, i hope that this solves somebody else's problem and that the Zentyal development team take it for future versions, what i did was modify the /etc/kr5bs.conf file, the original Zentyal file is this:
[libdefaults]
default_realm = [DOMAIN NAME]
dns_lookup_kdc = true
dns_lookup_realm = true
default_tgs_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5
default_tkt_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5
permitted_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5
[kadmin]
default_keys = des-cbc-crc:pw-salt des-cbc-md5:pw-salt arcfour-hmac-md5:pw-salt aes256-cts-hmac-sha1-96:pw-salt aes128-cts-hmac-sha1-96:pw-salt
I modified it in this way:
[libdefaults]
default_realm = [DOMAIN NAME]
dns_lookup_kdc = no
dns_lookup_realm = no
ticket_lifetime = 24h
default_keytab_name = /etc/squid3/HTTP.keytab
default_tgs_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5
default_tkt_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5
permitted_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5
[realms]
[DOMAIN NAME] = {
kdc = [windows_dc_name.domain_name]
kdc = [zentyal_server_name]
admin_server = [windows_dc_name.domain_name]
default_domain = [domain_name]
}
[domain_realm]
.example.local = [DOMAIN NAME]
example.local = [DOMAIN NAME]
Hope this works for you."
If this works for you, please replied it through all the forum posts related to this problem. Our Linux expert who helped us to install Zentyal and who found this problem solution is known as hgeorge123 in the spanish Zentyal community, his name is George. The original spanish post is this: http://forum.zentyal.org/index.php/topic,16813.0.html?PHPSESSID=enn40hnnuurksaf04066ma2ch7
Thanks.
Pages: [1]