Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Kerberos Ticket

cgalla_
Occasional Contributor
‎01-07-2009 11:55:AM
‎01-07-2009 11:55:AM

Kerberos Ticket

I am running an SA4000 with version 6.3R1. Using the Defender as a primary authentication server and LDAP as a secondary auth server. Users are successfully authenticating. However, they are not picking up the Kerberos ticket. Even after starting Network Connect. When they try to go to a resource which uses Kerberos they get an error message saying that the resource is secured by Kerberos. I also have a utility called Kerbtray loaded and it shows that the user is not getting a ticket.

I have also tried in QA configuring an NT/AD server instead of LDAP which is set to use Kerberos only. The NT/AD server test fines - users are authenticating, but again no kerberos ticket. Even after starting Network Connect. I have done a policy trace on this and find that all looks OK. Winbind is successful. Authentication is working.

The only way I have gotten users to pick up a ticket is by using Logoff on Connect option for Network Connect. But this only works on our corporate laptop users whose laptops are part of our domain. We have about 25 to 30 users that use NC that are not on our domain. This does not work for them.

Does anyone have any idea what I may check? Thanks.

0 Kudos
2 REPLIES 2
cgalla_
Occasional Contributor
‎01-07-2009 11:58:AM
‎01-07-2009 11:58:AM

Re: Kerberos Ticket

By the way, I opened a case with Juniper TAC. They are supposed to give me documentation on using GINA with the AD/NT setup. But from what I understand this can have problems. Is there anyway to do it without GINA and use my LDAP server configuration.
0 Kudos
dcvers_
Regular Contributor
‎01-08-2009 09:06:AM
‎01-08-2009 09:06:AM

Re: Kerberos Ticket

Kerberos does work with Network Connect. Make sure you include a policy that allows: 88 udp/tcp, 53 udp/tcp and I think you also need LDAP 389 udp.

If this doesn't work try forcing Kerberos to use TCP as described here

http://support.microsoft.com/kb/244474

0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.