Jamf Nation Community

tomt · ‎05-14-2013

Our network admins are transitioning us from the Bluecoat Web Filter to the Symantec Client Site Proxy (v1.00.024). In testing I am able to point my test machines at the proxy and am asked to authenticate. The issue I am having is that it continually asks me to reauthenticate every few seconds.

We are an AD shop and user accounts are Managed, Mobile. Test machines are 10.7 and 10.8. Symantec has been very little help so far. Their current suggestion is to set up Authoxy as a "bridge" proxy on each Mac. Not exactly a great solution.

Thanks for any input or info,
Tom

bentoms · ‎05-14-2013

It may be set to try NTLM then Kerberos.

See if you can change that order around..

Our kerberized web sense proxy works fine with nothing extra needed client side.

So I guess Symantec or the system owner will need to have a nose @ the config.

View solution in original post

bentoms · ‎05-14-2013

Sounds like the proxy is using NTLM authentication.

Does it support Kerberos?

Alternatively, look @ using a Squid Proxy for the macs & see if that will pass though the valid details.

tomt · ‎05-14-2013

According to Symantec it should have Kerberos active by default. However, when I use kinit in terminal to go to the url of the filter I get:

fhr-lttubbiol:~ ttubbiola$ kinit frwebproxy.lux-oo.net
frwebproxy.lux-oo.net@LUX-OO.NET's Password: kinit: krb5_get_init_creds: Client (frwebproxy.lux-oo.net@LUX-OO.NET) unknown

bentoms · ‎05-14-2013

It may be set to try NTLM then Kerberos.

See if you can change that order around..

Our kerberized web sense proxy works fine with nothing extra needed client side.

So I guess Symantec or the system owner will need to have a nose @ the config.

tomt · ‎05-29-2013

Putting Kerberos first seems to have resolved the issue.

Thank you!

Jamf Nation Community

(OT) Anyone successfully using the Symantec Client Site Proxy (CSP)?