- Guardian must be running on the Smoothwall system.
- External access rules must permit access to the Kerberos Login service on port 814.
- Windows 8.1 and above have a default delay of five minutes before running any logon script. This can be changed through group policy.
- The normal restrictions on Kerberos apply:
- The hostname must resolve correctly and the domain controller must return the correct ticket.
- The client cannot be multi-homed or dual stack, where two or more addresses would need to be authenticated by logging in. This restriction also applies to all other transparent authentication methods currently supported by Smoothwall.
- The scripts provided are examples only. They should be amended to contain the correct host and domain names. Errors are not currently handled; the background script will ignore any error.
- Clustered Smoothwall systems will need to be more carefully configured. If you plan to use a cluster, talk to a Smoothwall Engineer first.