At Wit's End - AD Integration w/Kerberos

Uninstalled CRS2008 v0 and installed CRS2008 v1 (an upgrade sure would have been nice instead of an uninstall/new install). Now, trying to configure AD Integration, which worked with v0. No SPs have been applied.

Can log in with AD credentials on client tools, but InfoView on Tomcat is consistently returning "Account Information is not recognized" error.

I've done pretty much everything I can find/think of:

• I run KINIT and get a "ticket"

• However, stdout.log returns "[Krb5LoginModule] authentication failed Cannot get kdc for realm OFFICE"

krb5.ini

[libdefaults]

default_realm = domain.COM

dns_lookup_kdc = true

dns_lookup_realm = true

udp_preference_limit = 1

[realms]

domain.COM = {

kdc = SG-OPS.domain.COM

default_domain = domain.COM

}

(domain replacing the customer's name)

I replaced the SG-OPS PDC with the machine returned in the SET LOGONSERVER variable. I can ping both. No help.

The only thing that looks slightly funny to me here is that the message in stdout.log refers to the default OFFICE domain that all this stuff is using, even though the OFFICE domain isn't referenced anywhere in krb5.ini.

I'm out of ideas. What little hair I had before is now pulled out.

- George Peck -