Difference between revisions of "SSO authentication Fail"
en>Samidha12 |
m (1 revision imported: Importing all pages) |
Latest revision as of 15:36, 24 July 2021
Troubleshooting
If your configuration is exactly similar to How to and still your SSO authentication is failed
1.Make sureUser Name : administrator@safesquid.test (User name should be any user from AD having administrative permissions)
2.Monit service must be Up. Verify it using command :
root@sabproxy:~# pidof monit |
3.As soon as you Save policy by selecting NEGOTIATE_LDAP_AUTH
kerberos.sh* script will automatically run from path /usr/local/safesquid/ui_root/cgi-bin
3.1.Verify below files at path:/usr/local/safesquid/security
HTTP.keytab krb5.conf krb.tkt |
3.2.SafeSquid will create the stub zone for DNS resolution of your Active Directory server.
The file with stub zone will create with the name : safesquid.dns.conf
At path :/usr/local/safesquid/security/dns
Run command: cat safesquid.dns.conf
zone safesquid.test { type stub; masters {192.168.221.1;}; }; |
Also it will automatically copy at given path:/etc/bind/
Run command: cat safesquid.dns.conf
zone safesquid.test { type stub; masters {192.168.221.1;}; }; |
(Note: Monit service must be up)
If any one of above entry missing you have to repeat all the steps again.
First remove all the given files from above given path.
Start monit service and repeat all the steps and capture logs
'Command: 'tail -F /var/log/safesquid/native/safesquid.log
4.Go to Access Restriction > GLOBAL >> SSO: TRUE
5.ALLOW List : Policy with PAM: TRUE
6.Testing SSO Auth
6.1. Go to Windows machine which join in domain of AD e.g windows7.safesquid.test
6.2. Go to browser and set PROXY as : FQDN of proxy server (sabproxy.safesquid.test)
6.3. Access any website (Authentication prompt should not come)
6.4. Open extended logs
Commans : tail -F /var/log/safesquid/extended/extended.log
find <username>@<SAFESQUID.TEST>@ 192.168.221.212 ( IP addrees of Window machine which is in domain)