• Register
0 votes

Problem :

I am working on the configuring SSO in obiee, where in which I am facing a issue in the step while configuring my krb5.conf and executing a kinit command.

Few notes regarding a Active Directory

· We have more than the one domain controller and to balance a request we are maintaing a load balancer with a port 3269.

· And a integration between obiee and a MSAD is successfully done with a load balancer name as host and a port as 3269.

· And few certificates have also been added in a demotrust.jks and to a ovd store and SSL is enabled in a new provider.

· Keytab file generated and also placed in obiee domain home, the krb5.conf and krb5Login.conf file also modified accordingly.

I have created my keytab file and placed it in my obiee domain home, then modified my krb5.conf by keeping a kdc as a one of the ip address of a domain controller and admin-server as a name of a domain controller. And while executing a

kinit -V -k -t /location/keytabfile.keytab HTTP/obiee_host_name

I have encountered the error as "kinit(v5): Client not found in Kerberos database while getting initial credentials" . Kindly share your ideas or suggestions to solve above issue.

7 5 2
3,870 points

1 Answer

0 votes

Solution :

 First of all, this is the serverfault.

  1. 3269 is not a Kerberos, this is a SSL-backed global catalog. Pure LDAP not a Kerberos. Not a interesting here.
  1. Do not put a KDC IP addresses in a krb5.conf but rather rely on a DNS SRV records just like a Windows does.
  1. You cannot kinit with the SPN. kinit expects the UPN (from AD) from a keytab. Something like accountname$@EXAMPLE.COM if this is the machine account. Always remember, the SPN is always bound to some account, whether it is a machine or functional.
9 7 4
38,600 points

Related questions

1 vote
1 answer 422 views
Problem: I am very new to Kerberos and Hadoop. I tried to create the "user.keytab" file by "ktutil" to try to renew a krb ticket without the use of the password as it was recommended in some online tutorial. Please find below the procedure I ... credentials Please find below my environment details for your reference: My OS: Centos Linux, My Cluster: Cloudera Hadoop Distribution, My Tool: Kerberos
asked May 27 Martin K 6.6k points
0 votes
1 answer 504 views
Problem : I am implementing kerberos Authentication in my existing java spring application.My unix team has provided me SPN, krb5.conf and keytab file. I am trying hard but getting unable to obtain password from user exception
asked Oct 22, 2019 peterlaw 6.9k points
0 votes
1 answer 572 views
Problem : I have recently installed krb5-1.2.3 on my Linux machine.I want to utilize this install as the client and the KDC is installed on another machine. But while I tried to do the initial kinit I got the following error; # ./kinit kinit(v5): Configuration ... /krb5.conf path and it also defines my default realm.Is there anybody who have faced this message before and have any solution on it ?
asked Dec 2, 2019 alecxe 7.5k points
0 votes
1 answer 9 views
Problem: Each time a user logs on locally, which database is used to verify sign-in credentials?
asked Jul 22 HenryL 620 points
0 votes
1 answer 7 views
I am starting with the C ++ language, and I would like to know why the screen output of this line of code is not displayed cout << "invalid value" << "\ n" ;. I know it is something very simple but I cannot understand why the output is not shown, if when ... I read in a book that these lines allow me to optimize the input of the program. If someone can give me more information it would be great.
asked Aug 10 game 4.6k points