Authentication Issue - Maybe Kerberos

Question

I think we are having problems with Kerberos authentication.&nbsp;
&nbsp;Here is the scenario:&nbsp;
&nbsp;1. An AD authenticated user accesses a website hosted in Tier 1.&nbsp;
&nbsp;2. Tier 1 makes a request to the VS address of Tier 2.&nbsp;
&nbsp;3. When the node in Tier 2 receive the request the request is from an anonymous user.&nbsp;
&nbsp;4. Tier 2 needs to see the request from the AD authenticated user who accessed the web site on Tier 1 otherwise the request fails.&nbsp;
&nbsp;5. The authentication on Tier 2 works fine if Tier 1 goes directly to one of the nodes in Tier 2 (bypassing the F5).&nbsp;
&nbsp;The VS is set up using one-arm out-of-path with SNAT automapping so the Tier 2 servers will see the request coming from the IP of the F5.&nbsp;
&nbsp;Is there anyway to get the F5 to forward the request with the authentication details to Tier 2?&nbsp;
&nbsp;Thanks
&nbsp;Sam&nbsp;&nbsp;

chris_miller · Answer

Are you running into SPN issues? 
&nbsp;  
&nbsp; http://technet.microsoft.com/en-us/library/bb633031.aspx

sams_81032 · Answer

It turned out to be SPN related. The problem has been fixed now. 
&nbsp;  
&nbsp; Cheers 
&nbsp; Sam

Forum Discussion

Authentication Issue - Maybe Kerberos

Recent Discussions

ppp TunnelStats: LCP_UNKNOWN_OPTIONS 1,LCP_PROTO_REJ 1,FSM_UNEXPECTED_DOWN 1,

How to Renew F5 Device Certificate

F5 ASM CEF Sending Logs in Specific TimeZone

F5 looses the token for the first call

feature request: container egress service

Related Content

Transparent Kerberos Authentication and APM fallback authentication

Troubleshooting Kerberos Constrained Delegation: Strong Encryption Types Allowed for Kerberos

Lightboard Lessons: Basic Kerberos Authentication

APM Kerberos Auth or fallback to another authentication method

Configuring Smart Card Authentication and Kerberos Constrained Delegation in F5 Access Policy Manager (APM)

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS