Forum Discussion
kracti
Nimbostratus
NimbostratusAuthentication Failed with NTLMv2
Hello everyone, I am trying to activate a MFA with SAML for authentication in an external domain and then through NTLMv2 and SSO I want to authenticate against a web application but it ends up givi...
whisperer
MVP
MVPPlease take a look at the following for starters:
Make sure DNS is properly configure on F5 in addition to NTP for things to work properly.
Please provide some output of /var/log/apm while testing this configuration for tshoot assistance. Need help with this? Check out the following:
https://f5-agility-labs-iam.readthedocs.io/en/latest/class8/module5/module5.html
kractiNimbostratus
NimbostratusThank you a lot, whisperer!
Kevin's article on NTLM was already known to me and I have read it but the second F5 article is very interesting and extensive; i'll keep an eye on it, of course. Currently We already have an SSO working in production, both the NTP and DNS parts are correctly configured. On the other hand, this is the message that is constantly repeated when you try to finish the NTLM+Kerberos authentication with SSO against the final web application (the username, hostname and domain information has been modified for security & privacy reasons, obviously). Also comment that a small code is executed in TCL (from the Access Policy) to delete the external domain and automatically add the SSO to the configured internal domain against which you really have to authenticate. Also, the 1st authentication with SAML works correctly:
Jun 22 23:17:30 bigip1.domain.external.com warning apmd[6039]: 01490106:4: /Common/SAML_Proof:Common:8a5b93e6: AD module: authentication with 'username' failed: Preauthentication failed, principal name: username@domain.internal.com. Invalid user credentials. (-1765328360)
Thanks!