Hi Guys,
I am struggling with this problem for almost 2 weeks now and still have no clue what could be wrong.
Here's the problem :
1. We have multiple domains. And we have successfully setup SSO using Vintela for both IIS .Net and .java.
2. I have done all the steps as mentioned by Tim and other places.
3. It works but now we have a problem with the AD Authentication for 2 domain accounts. We have in total 4 domains in our forest and 2 of them are working with AD Authentication but the rest 2 are NOT working.
4. Getting error --
u2022Account information not recognized: The Active Directory Authentication plugin could not authenticate at this time. Please try again. If the problem persists, please contact your technical support department. (FWM 00005)
Enter your user information and click Log On.
5. This works with other 2 domain accounts.
6. In the tomcat logs I do get commit succeeded for the 2 domain accounts that's not working.
here's a sample of the krb5.ini file (changed the names of domain for confidentiality reasons) :
[libdefaults]
default_realm=MYDOMAIN.CA
dns_lookup_kdc=true
dns_lookup_realm=true
default_tkt_enctypes = rc4-hmac
default_tgs_enctypes = rc4-hmac
forwardable = true
udp_preference_limit = 1
[domain_realm]
[realms]
MYDOMAIN.CA= {
kdc = TOR-AUTH-01.MYDOMAIN.CA
default_domain = MYDOMAIN.CA
}
FLORIDA.MYDOMAIN.CORP= {
kdc = FLA-AUTH-02.FLORIDA.MYDOMAIN.CORP
default_domain = FLORIDA.MYDOMAIN.CORP
}
kdc = BANG-AUTH-01.MYDOMAIN.COM.IN
default_domain = MYDOMAIN.COM.IN
}
123XYZ.NET= {
kdc = XYZ-FILE-02.123XYZ.NET
default_domain = 123XYZ.NET
}
checked with the AD experts and everything looks good.
I am still scratching my head as to why is it not working.
Any help would be much appreciated.
Thanks,
Peter
Edited by: Petr Sedlacek on Apr 1, 2010 6:01 PM
I want to mention that the IIS .net works with AD on all the 4 domains. It's just the java that's creating problems.
Edited by: Petr Sedlacek on Apr 1, 2010 6:02 PM