10 Replies Latest reply on Aug 22, 2012 3:15 AM by Robbert Elzenaar

    BSA 8.2 sp 1 AD/Kerberos SSO implemtation troubles.

      Hi All,

       

      I'm trying to implement AD/Kerberos SSO in to BSA 8.2 sp 1.

      I followed this instruction but it keeps failing.

      http://docs.bmc.com/docs/display/public/bsa82/Configuring+an+Authentication+Service+for+AD+Kerberos+authentication

       

      When i turn on the ADKerberos Authentication in Application Server Administrator

      We are unable to setup any connection to the BSA Application server.

      The error in the console is (Cannot connect to "service:authsvc.bladelogic:blauth://nlsmtms073:10840"- Connection refused: Connect").

       

      The config_deployment_nlsmtms073.log provides the following information.

       

      [08 Aug 2012 14:58:42,223] [main] [INFO] [::] [] Cleaning up file server temp directory: //NLSMTMS076/D/Program Files/BMC Software/Bladelogic/storage/tmp/config_deployment_nlsmtms073

      [08 Aug 2012 14:58:42,239] [main] [INFO] [::] [] Cleaning up temp zip files in: D:\Program Files\BMC Software\BladeLogic\8.1\Operations Manager\NSH\br

      [08 Aug 2012 14:58:42,239] [main] [INFO] [::] [] File Manager Service started.

      [08 Aug 2012 14:58:42,333] [main] [INFO] [::] [] Starting Cleanup Service...

      [08 Aug 2012 14:59:07,658] [main] [INFO] [::] [] Cleanup Service started.

      [08 Aug 2012 14:59:07,674] [main] [INFO] [::] [] Starting Authentication Service...

      [08 Aug 2012 14:59:07,830] [main] [WARN] [::] [] Authentication method in use is Active Directory/Kerberos.

      [08 Aug 2012 14:59:07,830] [main] [WARN] [::] [] Possible configuration issue during login.

      [08 Aug 2012 14:59:07,830] [main] [WARN] [::] [] Check configuration of: D:\Program Files\BMC Software\BladeLogic\8.1\Operations Manager\NSH\br\blappserv_login.conf

      [08 Aug 2012 14:59:07,830] [main] [WARN] [::] []                    and: D:\Program Files\BMC Software\BladeLogic\8.1\Operations Manager\NSH\br\blappserv_krb5.conf

      [08 Aug 2012 14:59:07,830] [main] [WARN] [::] [] Actual error returned: Message stream modified (41)

      [08 Aug 2012 14:59:07,830] [main] [ERROR] [::] [] ADKerberos authentication is enabled but it is not configured correctly. If you are not using kerberos authentication, please turn it off in blasadmin by running the blasadmin command "set authserver isadkauthenabled false". If you are using it, please check the configuration files to ensure it is configured correctly

      [08 Aug 2012 14:59:07,846] [main] [ERROR] [::] [] Error installing to Start: name=bladelogic.service.AuthenticationService state=Create

      com.bladelogic.om.infra.app.service.ServiceInitializationException: com.bladelogic.om.infra.mfw.util.BlException: com.bladelogic.om.infra.mfw.util.BlException: Error creating credentials: No valid credentials provided (Mechanism level: Attempt to obtain new ACCEPT credentials failed!)

       

      The configuration files:

       

      blappserv_krb5.conf:

       

      [libdefaults]

      ticket_lifetime = 6000

      default_realm = smt.ao-srv.com

      [realms]

      smt.ao-srv.com = {

      kdc = nlsmtdc001.smt.ao-srv.com:88

      }

      [domain_realm]

      .smt.ao-srv.com = smt.ao-srv.com

       

      blappserv_login.conf:

       

      com.sun.security.jgss.accept {

      com.sun.security.auth.module.Krb5LoginModule required

      useKeyTab=true

      keyTab="D:\\Program Files\\BMC Software\\BladeLogic\\8.1\\Operations Manager\\NSH\\br\\blauthsvc.keytab"

      storeKey=true

      principal="blauthsvc/config_deployment_nlsmtms073@smt.ao-srv.com"

      doNotPrompt=true

      debug=false;

      };

       

      Can any one tell me what is wrong in this setup?