Open main menu

Intranet/Intranet Client Configuration

< Intranet

MediaWiki is accessed via a web browser and clients may need some configuration changes to work properly with the Intranet as documented here. Assuming that the wiki is using a TLS certificate that is signed by the corporate CA then the client system must also trust that CA. IE, Chrome and Chromium will use the Windows trust store which should include the Enterprise CA. Firefox on Windows does not yet but has support for it which is disabled by default. All clients must be "domain joined". You can check that you have valid Kerberos tickets on both Windows and Linux with the klist command.

Contents

IEEdit

Configuring Internet Explorer for Automatic Logon [1]

FirefoxEdit

Manual configurationEdit

On both Windows and Linux, about:config (note leading dot in the domain name) and search for and set these options:

security.enterprise_roots.enabled = true
network.negotiate-auth.trusted-uris = .example.co.uk

Group PolicyEdit

Create two files [2] Be careful with the extension - .js or .cfg. Both files must have a // comment in the first line. The obscure_value option can be used to obscure the settings applied, setting it to 0 means that you can read the settings in about:config.

enable_local_policy.js:

// Enable site local Firefox policy
pref("general.config.filename", "local_policy.cfg");
pref("general.config.obscure_value", 0);

local_policy.cfg:

// Site local Firefox policy
pref("security.enterprise_roots.enabled", true);
pref("network.negotiate-auth.trusted-uris", ".example.co.uk");

Copy the two files to a central location that is accessible to all client PCs. One possibility is \\example.co.uk\SYSVOL\example.co.uk\firefox , that is use the SYSVOL share on your domain controllers. These files are tiny so there should be no problems.

Create a Group Policy object or edit an existing one and create two File items:

Group Policy: Computer Configuration -> Preferences -> Windows Settings - Files
Name Order Action Source Target
enable_local_policy.js 1 Update \\example.co.uk\sysvol\example.co.uk\Firefox\enable_local_policy.js C:\Program Files (x86)\Mozilla Firefox\defaults\pref\enable_local_policy.js
local_policy.cfg 2 Update \\example.co.uk\sysvol\example.co.uk\Firefox\local_policy.cfg C:\Program Files (x86)\Mozilla Firefox\local_policy.cfg

Chrome and ChromiumEdit

Group PolicyEdit

Linux [3]Edit

Create a directory to hold settings. The first one is for Chrome and the second one is for Chromium.

# mkdir -p /etc/opt/chrome/policies/managed
# mkdir -p /etc/chromium/policies/managed

Create a file such as /etc/opt/chrome/policies/managed/local_policy.json:

 {
  "AuthServerWhitelist": ".example.co.uk",
  "AuthNegotiateDelegateWhitelist": ".example.co.uk"
 }

ReferencesEdit

  1. https://technet.microsoft.com/en-us/library/dd572939(v=office.13).aspx - MS Technet: Configuring IE for automatic logon
  2. https://developer.mozilla.org/en-US/Firefox/Enterprise_deployment - Mozilla Enterprise Deployment documentation
  3. https://www.chromium.org/administrators/linux-quick-start Chromium - Linux Quick Start documentation