13 Replies Latest reply on Nov 7, 2008 11:08 AM by Jim Collins

    Authentication does not work anymore after migration of Active Directory

    Antonio Caputo

      Hi all,


      my Customer has version 7.4.1.

      Since last week they used Kerberos authentication with Active Directory on a Win 2000.


      Last week they moved their AD on a Win 2008 platform and after this they are not able to authenticate via Kerberos anymore.


      If I try to use the Configuration Manager I get this message:


      AD/Kerberos authentication failure


      I reviewd all (I think) settings related to the the configuration steps described in our docs but the problem still happen.


      I also reset the secadmin and the blcred but at the moment when I try to use blcred via nsh we got this message:


      1. blcred cred -acquire -profile BLXFE01

      WARN : AuthSvc responded with an ADK Service Reject Msg

      Authentication failure: AD/Kerberos authentication failure



      In the same time the appserver log says:


      No valid credentials provided (Mechanism level: Attempt to obtain new ACCEPT credentials failed!)

      user authentication failed: Pgrosso@WIND.ROOT.IT

      Connection closed


      If it can be useful: I also noticed that the Authentication Service principal name used in the Configuration Manager is: blappsvc/blxfe01@WIND.ROOT.IT


      andwhat I got with klist is:


      1. ./klist -t -k /usr/nsh/br/blappsvc.keytab

      Key tab: /usr/nsh/br/blappsvc.keytab, 1 entry found.

      Service principal: blappsvc/blxfe01.wind.root.it@WIND.ROOT.IT

      KVNO: 1

      Time stamp: Jan 01, 1970 01:00


      Thanks for any suggestion