Skip to Content
avatar image
Former Member

BO Manual Windows AD: krb5.ini [capaths]

Hi, in our BO 4.1 SP06 patch 6 platform

We have problems with manual authentication for users from remote domains. This error arises:

Account information not recognized: The Active Directory Authentication plugin could not authenticate at this time. Please try again. If the problem persists, please contact your technical support department. (FWM 00005)

We have this scenario:

Tree1...

PARENT.COM

A.PARENT.COM

Tree2...

PARENT.NET

A.PARENT.NET

There is also a 2-way bidirectional trust between PARENT.COM and PARENT.NET

Our CMS is running on a machine in domain A.PARENT.COM

Users from domain A.PARENT.COM can authenticate without problems but

users from A.PARENT.NET can't

We have solved in the past similar problems configurating properly [capaths] section in krb5.ini. But because we can't find enough information to understood how to set this section we don't find now the correct [capaths] syntax.

Does anyone, that have solved a similar problem, know How must we change our [capaths] section in our scenario?.

Thanks in advance.

Carlos

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

1 Answer

  • Dec 18, 2018 at 07:33 PM

    use this KBA https://apps.support.sap.com/sap/support/knowledge/preview/en/1245178 and more specifically https://apps.support.sap.com/sap/support/knowledge/preview/en/1406795 .

    Are the trusts forest trusts or external, to verify if it's a trust issue login to the CCM on the BI server console with a user from the remote forest. If that works then you should be able to fix the issue with capaths, if that fails then you probably need a forest trust in place of the external one.

    -Tim

    Add comment
    10|10000 characters needed characters exceeded