Affects product
- Airlock Gateway
Although everything seems to be configured correctly, Back-side Kerberos SSO does not work. A deeper analysis of the network is required to see which packets are sent and received by Airlock Gateway.
88
) from and to the Active Directory domain controllers.The article Network traffic tracing using tcpdump and TShark/Wireshark describes how to record a tcpdump on Airlock Gateway.
Ensure that Airlock Gateway is configured to record the SSL keys as well, in order to decrypt the SSL/TLS traffic later on. Otherwise, an analysis might be impossible.
WR-SG-CONNTRACE
log message to the corresponding packets in the tcpdump.KRB5KRB_ERR_GENERIC
are in the tcpdump could indicate a timing synchronization.In case of outdated links or bad content, please let us know by sending an email with a short description of your findings. Thank you very much!