Skip to Content
author's profile photo Former Member
Former Member

Authentication Windows AD with Kerberos

We're having issues with Windows AD Authentication using Kerberos.

I checked several times, and the config seems all right to me, the only
point is that the AD Authentication is not working.

When I set the group on CMC, it doesn't return the users on it.

We did some tests, tried to login, but obviously it didn't worked,
because it's not reaching AD.

we have reached a stage where I can confirm the following:

SPN is set up

My kbr5.ini and bscLogin.conf seems ok and is in both C:\WINNT and C:\Windows just in case...

Inserts configuration on the tab Java

-Djava.security.auth.login.config=C:\WINNT\bscLogin.conf

-Djava.security.krb5.conf=C:\WINNT\krb5.ini

The AD configuration on CMC ok with Kerberos.

I also made web.xml changes to make it as authentication.default secWinAD

But, when I try login on CMC or Infoview shows the following errors:

Account Information Not Recognized: Active Directory Authentication failed to log you on. Please contact your system administrator to make sure you are a member of a valid mapped group and try again. If you are not a member of the default domain, enter your user name as UserName@DNS_DomainName, and then try again. (FWM 00006)


What are we missing here. ? Could you please help ?

Thanks,

Juliana

Add a comment
10|10000 characters needed characters exceeded

Related questions

4 Answers

  • Posted on Aug 08, 2012 at 02:07 PM
    Add a comment
    10|10000 characters needed characters exceeded

  • Posted on Aug 16, 2012 at 06:34 PM

    make sure you have the following optin set on the bsclogin.conf, restart the web/app and look for the errors.

    com.businessobjects.security.jgss.initiate {

    com.sun.security.auth.module.Krb5LoginModule required debug=true;

    };

    regards,

    Tim

    Add a comment
    10|10000 characters needed characters exceeded

  • author's profile photo Former Member
    Former Member
    Posted on Aug 17, 2012 at 06:40 AM

    Hi Alessandro,

    Did you test the win ad login for client tools first ? Also in CMC-->Authentication-->Win AD page make sure that the default AD domain is mentioned in FQDN format and in UPPER Case (ex: BOBJ.COM)

    Regards,

    Rohit Vamsi

    Add a comment
    10|10000 characters needed characters exceeded

  • author's profile photo Former Member
    Former Member
    Posted on Jan 02, 2014 at 04:17 AM

    Hi Juliana,

    We are facing the same issue.

    Is this issue resolved for you.

    Thanks,

    Kumar

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.