This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

After updating to 9.501-5 SSO for HTTP authentication failed and domain join not working.

UTM 9.501-5

Windows server 2012 domain controller.

I installed the 9.5 update on June 2, did not see any issues with this for the client, updated to 9.501-5 on June 12 midnight, and Internet access is failing on multiple sites.

Can get to Google.ca

Cannot get to canada411.com - Too many http redirects message.

Turned off web filtering and the websites were available - but the client requires filtering.

Re-enabled and turned off AD SSO authentication and websites are available again with correct content being blocked.

Attempted to remove from and rejoin domain, but domain join failed.

 

Currently, I have the client functioning, but, I need to rejoin AD and resume SSO authentication.

 



This thread was automatically locked due to age.
Parents
  • Hi fellows,

    all our 5 UTMs are hit by this SSO bug. I am waiting urgently for a fix for that because from time to time I have to rejoin the UTM even with  the workaround below....

     

    All at your own risk, of course.

     

    I was directed to use the following permanent workaround :

    -------------------------------------------------------------------------------------------------

    Edit /etc/krb5.conf and add 'case_sensitive = 0' in [libdefaults] group 
    The whole file should look like:
    [libdefaults]
    default_realm = 
    case_sensitive = 0

    cp /etc/krb5.conf /var/chroot-http/etc/krb5.conf
    chown httpproxy:root /var/chroot-http/etc/krb5.conf
    /var/mdw/scripts/httpproxy restart

    -------------------------------------------------------------------------------------------------

    In some cases I had to remove the computer account and rejoin the UTM and do not forget to replicate the whole forrest ;)

    It seems to help, at least a longer time.

    Cheers,

    Thorsten

Reply
  • Hi fellows,

    all our 5 UTMs are hit by this SSO bug. I am waiting urgently for a fix for that because from time to time I have to rejoin the UTM even with  the workaround below....

     

    All at your own risk, of course.

     

    I was directed to use the following permanent workaround :

    -------------------------------------------------------------------------------------------------

    Edit /etc/krb5.conf and add 'case_sensitive = 0' in [libdefaults] group 
    The whole file should look like:
    [libdefaults]
    default_realm = 
    case_sensitive = 0

    cp /etc/krb5.conf /var/chroot-http/etc/krb5.conf
    chown httpproxy:root /var/chroot-http/etc/krb5.conf
    /var/mdw/scripts/httpproxy restart

    -------------------------------------------------------------------------------------------------

    In some cases I had to remove the computer account and rejoin the UTM and do not forget to replicate the whole forrest ;)

    It seems to help, at least a longer time.

    Cheers,

    Thorsten

Children