Synology Kerberos Authentication from Macs

Hi all,
Pretty obscure one here…

I have a Synology joined to a Windows domain with IWA (integrated windows authentication) enabled. Windows devices can authenticate without an issue.

My issue is that from what I am reading from the Synology documentation is that Kerberos authentication is supported for the web interface.

I have the AD SSO client provisioned on the Mac devices as per Apples profile configuration docs. I have also configured Chrome with the AuthNegotiateDelegateAllowlist and AuthServerAllowlist policies to use the kerberos tickets.

can’t figure out what else I’m missing for this to work. I’ve checked ticket viewer and see the kerberos tickets are valid. I have spun up a windows server with IIS and configured kerberos authentication there as a test and that works just fine. I can see in the IIS logs which users are authenticating.

Thanks for the help folks

– Alex