Time Settings

For the Kerberos authentication to work correctly it is a MUST to have synchronized time on proxy and your Active Directory domain controllers. Do the following to set up time sync.

Note

You can use Dashboard section in Admin UI to quickly check if Active Directory UTC time and UTC time on your proxy box are syncronized. If time difference is more than 5 minutes the lines will be highlighted in RED. You need to fix syncronization issues before going further!

Set correct Time Zone in Web Safety

The time zone on your proxy server MUST match the one your domain controllers are in. To set correct time zone from UI of Web Safety, navigate to Dashboard / Time Zone, select your timezone from drop down list and click Save Settings. You will need to reboot the proxy from console for these settings to take effect.

Enable time sync with Active Directory

Assuming you run Web Safety as virtual appliance in VMWare vSphere - it is recommended to sync the time in virtual appliance with vSphere host which in turn needs to be synced with Active Directory domain controller (how to do that is usually known to any virtual admin).

Virtual Appliance has OpenVM integration tools preinstalled which make it easy to set up time sync between the guest VA and VMWare host.

If you are running Web Safety on real hardware, it is recommended to setup NTP server on the proxy box to sync with your domain controller. Please note, NTP cannot guarantee correct time sync when run within virtual appliance so use it only on the real hardware.

To install network time synchronization daemon type $ sudo apt-get install ntp. Edit the /etc/ntp.conf file so that the list of NTP servers contain only dc1.example.lan as indicated on the following screenshot.

Run the following commands to perform initial time synchronization.

sudo service ntp stop
sudo ntpdate -b dc1.example.lan
sudo service ntp start

Active NTP server status is shown by $ ntpq -p command.