what version of bladelogic and what version of windows domain (2003, 2000) - i don't think we support 2008 yet.
Bladelogic version 7.4.1
Windows 2003 R2 Standard Edition Service Pack 2
this shouldn't matter but in blclient_login.conf you have 'False' it should be Debug=false, i think, but i really doubt that's the issue. (but in general java is case sensitive and windows is not)
also, what's in the OM/br/authenticationProfiles.xml and when you open the CM gui, is the username populated in the login?
what os is the client system and what registry keys did you set ?
Attached the file (some names have been changed to protect the innocent
Client and server is the same.
We set the reg key as instructed in the manual.
allowtgtsessionkey = 1.
UPDATE: Based on File attachment policies, a file was removed, see FAQ for more
Chnaged the False into false. Same problem.
so the RBAC user account you created is like 'Bob.Smith@DOMAIN.COM' and the AD user is like 'Bob.Smith', in the DOMAIN.COM domain ?
the account you set the spn on, uses DES encryption?
when you pop up the cm gui login, your username is already populated when you choose the ad authentication profile ?
The user accounts are identical.
The principal account uses DES.
The username is populated in the login screen.
(that is where we got stuck)
that blclient.txt, was that the full stack dump? if not, can you post the full one ?
the AD acct you used in the keytab, that's not locked out?
in AD, is the login user account aliased to a different login domain or anything?
and...you enabled ADK in the authsvc via blasadmin ?
That is the full stack dump.
The account is not locked out
the account is not aliased
ADK is enabled
We even created a new account, conf files, etc and did the whole process again, same result.
can you send the config.xml ?
There you go
(And thanks already for taking the time to help)
I think these are wrong:
you should be able to leave them blank because those are the default names, otherwise just make them blappserv_krb5.conf and blappserv_login.conf, no paths.
do that and restart the appserver service..
Without the path or blanc the username does not polulate. The reason I put the path in is because therre was already
in the file, which also contains the whole path.