0 Replies Latest reply: Feb 27, 2012 6:56 PM by Lori Peterson RSS

CMC and INFOVIEW logon error - timeout - Window AD Kerberos authentication

Lori Peterson
Currently Being Moderated

Hello -

I thought I had AD authentication with kerberos working - a couple of months ago - got busy - tried to logon now and get this error "Account not recognized...(FWM 0000006).  I have the debug = true in bcslogon.conf

 

com.businessobjects.security.jgss.initiate {

com.sun.security.auth.module.Krb5LoginModule required debug=true;

};

 

so looked in the \tomcat\log file folder -- stdout and see a timeout error :

Acquire TGT using AS Exchange

          [Krb5LoginModule] authentication failed

Receive timed out

Debug is  true storeKey false useTicketCache false useKeyTab false doNotPrompt false ticketCache is null isInitiator true KeyTab is null refreshKrb5Config is false principal is null tryFirstPass is false useFirstPass is false storePass is false clearPass is false

          [Krb5LoginModule] user entered username: mylogon-at-mydomain.edu

 

Acquire TGT using AS Exchange

          [Krb5LoginModule] authentication failed

Receive timed out

 

-


HERE IS THE krb5.ini file:

[libdefaults]

default_realm = MYDOMAIN.EDU

dns_lookup_kdc = true

dns_lookup_realm = true

upd_preference_limit = 1

default_tgs_enctypes = rc4-hmac

default_tkt_enctypes = rc4-hmac

[realms]

MYDOMAIN.EDU = {

kdc = AZD1.MYDOMAIN.EDU

kdc = AZD2.MYDOMAIN.EDU

default_domain=MYDOMAIN.EDU

}

 

-


please help - ?

Actions