Using the Windows Authentication, there are a number of pitfall's, which need to pay attention. Those are due to Kerberos authentication, which is not as low-maintenance as it should be.
There is a
screencast for version 2.1.
The steps you should take care of are:
- Both, the Active Directory Server and the Endian Firewall need to have exactly the same time.
Sync the AD from Endian Firewall using NTP or contrarywise.
- Endian Firewall need to be able to resolve SRV records from the AD. Therefore with versions
- prior to version 2.2 it is necessary to configure the PDC as nameserver for the Endian Firewall.
You do this by configuring it with the Network Wizard.
Remember to setup the ISP's nameservers on the AD!
- starting with version 2.2 you need to configure the PDC as nameserver for your Active Directory domain using "Proxy > DNS > Custom nameserver".
- The PDC hostname, which you configure within "Common domain settings" in "Proxy > HTTP > Authentication" must be known by the Endian Firewall.
If it is not resolvable anyway through DNS, you need to configure it within "Network > Edit Hosts" and make it point to the PDC's ip address.
- The "Authentication Realm Prompt", which you can configure within "Proxy > HTTP > Authentication" need to be the Fully Qualified Domain Name used by the AD.
