Authentication Issue - Maybe Kerberos

Question

I think we are having problems with Kerberos authentication.&nbsp;
&nbsp;Here is the scenario:&nbsp;
&nbsp;1. An AD authenticated user accesses a website hosted in Tier 1.&nbsp;
&nbsp;2. Tier 1 makes a request to the VS address of Tier 2.&nbsp;
&nbsp;3. When the node in Tier 2 receive the request the request is from an anonymous user.&nbsp;
&nbsp;4. Tier 2 needs to see the request from the AD authenticated user who accessed the web site on Tier 1 otherwise the request fails.&nbsp;
&nbsp;5. The authentication on Tier 2 works fine if Tier 1 goes directly to one of the nodes in Tier 2 (bypassing the F5).&nbsp;
&nbsp;The VS is set up using one-arm out-of-path with SNAT automapping so the Tier 2 servers will see the request coming from the IP of the F5.&nbsp;
&nbsp;Is there anyway to get the F5 to forward the request with the authentication details to Tier 2?&nbsp;
&nbsp;Thanks
&nbsp;Sam&nbsp;&nbsp;

chris_miller · Answer

Are you running into SPN issues? 
&nbsp;  
&nbsp; http://technet.microsoft.com/en-us/library/bb633031.aspx

sams_81032 · Answer

It turned out to be SPN related. The problem has been fixed now. 
&nbsp;  
&nbsp; Cheers 
&nbsp; Sam

Forum Discussion

Authentication Issue - Maybe Kerberos

2 Replies

Recent Discussions

BIG-IP DNS: Check Status Of Multiple Monitors Against Pool Member

Open Redirection Mitigation

F5Access | MacOS Sonoma

enable tls1.2 on management interface on F5 ltm running version 10.x

[ASM] - what is "Browser Challenge file" ?

Related Content

Transparent Kerberos Authentication and APM fallback authentication

F5 BIG-IP Access Policy Manager (APM) - Google Authenticator and Microsoft Authenticator

Doing mTLS Authentication per URL

Lightboard Lessons: Basic Kerberos Authentication

Troubleshooting Kerberos Constrained Delegation: Strong Encryption Types Allowed for Kerberos