F5 SWG NTLM failback

We currently utilize SWG forward proxy with primary authentication of Kerberos. We are having an issue where sporadically the client sends a Authorization header of Negotiate YIII... and the F5 throws the below error and we do not have multiple keytabs, I know there is a article in relation to this in previous versions but they don't seem to apply to us.

"GSS-API error gss_accept_sec_context: 70000 : No credentials were supplied, or the credentials were unavailable or inaccessible

GSS-API error gss_accept_sec_context: 0 : Unknown error"

We have a support ticket open for this. However it's not my primary reason for posting unless someone has had this issue. What I'm asking for help for is I'm trying to find a way to detect when this happens and if it does fallback to ntlm. I haven't had any ideas on how to do this next to possibly handling the 401 in irule, go to clientless mode and then track if the user intial request failed, if it respond back with another 401 for NTLM and then enable ECA. But I'm still unsure this would work without removing the ACCESS::session and recreating because of APM flow.

Anyways any ideas would be great. Also probably good to note that we are using captive portal because this is a transparent proxy deployment.

APM

iRules

security

Forum Discussion

F5 SWG NTLM failback

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5 Rseries HA

Need advise to setup a policy on F5

F5 Rseries R2600 Tenant sizing

Can iRule mask the payload content on event logs of security

Related Content

NTLM

Configuring APM Client Side NTLM Authentication

Persist connection based on NTLM username

SWG, Kerberos Auth and identify users by credentials

NTLM Authenticated Proxy External Monitor