Hello Sir

i have S370 WSA, i am trying to configure NTLM authentication but failed joined the domian..getting following error message while connecting..

Attempting to get TGT...

Failure: Error while fetching Kerberos Tickets from server 'dskglobal.com' :

kinit: krb5_get_init_creds: Client (ironport$@DSKGLOBAL.COM) unknown

can you please helpme to fix this

Thanks

Nilesh

Some things to check/change....

Are your DC's entered as names or IPs?

Are your time settings correct?

Does the "ironport" computer account exist in AD? Is it disabled?

Hello Sir,

Our DC entered as names but i have tried to enter by ip still it doesnt work.

Yes the device itself shows that the time variation is in between the specofied limit.

"ironport" computer account is not there in AD, you mean to say computer account needs be created manually ?

and which user i have to use to while joining to domain ? any user with Domain admin rights ?

Thanks

Nilesh

Hello Sir,

Finally Its Done!!!

now all the DC users are integrated in ironport, but i have one more issues with this..

i have crerated one access policy for single computer in which i have given a specific AD group..

whenever  i am trying to access the internet on that computer it is asking for  username passowrd..but it works with any AD user....only specified  groups member should get authenticate..but it will get auteticate with  any AD user other than specified group of users..

basically i wanted assign internet access as per the group..so only specified groups should get authenticate...not all

can you please help me in this...

Thanks

Hi Nilesh,

I might be wrong, but there has to be the way for WSA to differentiate which users should be authenticated and which not. When you are creating identities, try adding IP address of that machine and create separate policy using that identity.

Let me know if it helps.