Thread Info
  • State Suggested Answer
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 38 subscribers
  • Views 910 views
  • Users 0 members are here
Options
Suggested

Unidentified Network - Kerberus Auth Problem only with SSL and without NETBIOS

Steve Reschke

Hello

we are disbled NETBIOS / WINS for our Domain Network on client side. Since we did this we have problems to authentificate on our domaincontroller through VPN SSL. With VPN IPSsec all is fine. Also in LAN all is fine. Both, SSL and IPSec using the same firewall rules. With NETBIOS enable authentification with SSL works fine. Domaincontroller gets Kerberos ticket also with SSL. We tried with several machines with same result.

Sophos TAP adapter has lowest interface metrik from all adapters (2) .

Any ideas why this happens?

Please see also attached pictures.

Thanks a lot for helping

IPSec:

SSL:





Added TAGs
[edited by: Raphael Alganes at 11:17 PM (GMT -7) on 24 Mar 2024]
Parents
  • 0

    Could be related to the DNS implications in SSLVPN? You have DNS request routes in SFOS, thats not part of IPsec. Which means, if the Windows cannot figure out the domain after disable netbios, it could be the cause of your issue. Check the dns captures here. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Hi LuCar, thank you for fast answer. I don't see any DNS request routes. Could it have something to do I did because of the issue in this thread?

    iptables -t mangle -I POSTROUTING -s 172.20.10.0/24 -d 10.10.0.0/16 -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1300;

    iptables -t mangle -I POSTROUTING -s 10.10.0.0/16 -d 172.20.10.0/24 -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1300;



Reply Children
Unfiltered HTML