paloaltonetworks:configuration:kerberos
Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision | ||
| paloaltonetworks:configuration:kerberos [2020/05/19 06:08] – created bstafford | paloaltonetworks:configuration:kerberos [2025/03/31 19:42] (current) – bstafford | ||
|---|---|---|---|
| Line 2: | Line 2: | ||
| ===== Knowledgebase Articles ===== | ===== Knowledgebase Articles ===== | ||
| Two good articles on setting up Kerberos SSO for User ID / Access to the Internet are | Two good articles on setting up Kerberos SSO for User ID / Access to the Internet are | ||
| - | * [https:// | + | * [[https:// |
| - | * [https:// | + | * [[https:// |
| ===== KeyTab File ===== | ===== KeyTab File ===== | ||
| You will need to create a service account on the active directory domain. You need a service account for each gateway you are using (e.g. if you are using a redirect FQDN for Captive Portal and a couple of GlobalProtect gateways, you will need that number of service accounts. This is because a service account is required for each SPN (server Principle Name). | You will need to create a service account on the active directory domain. You need a service account for each gateway you are using (e.g. if you are using a redirect FQDN for Captive Portal and a couple of GlobalProtect gateways, you will need that number of service accounts. This is because a service account is required for each SPN (server Principle Name). | ||
| Line 20: | Line 20: | ||
| http/ | http/ | ||
| Updated object</ | Updated object</ | ||
| + | Windows 2022 keytab file generation | ||
| + | < | ||
| + | older example | ||
| < | < | ||
| - | <code>>ktpass -princ http/ | + | < |
| Targeting domain controller: server1.EXAMPLE.LOCAL | Targeting domain controller: server1.EXAMPLE.LOCAL | ||
| Successfully mapped http/ | Successfully mapped http/ | ||
paloaltonetworks/configuration/kerberos.1589868524.txt.gz · Last modified: (external edit)