Need some help. We are having issues using AD Authentication.
The environment includes: Crystal Reports 2008 and TomCat.
Here is what we have doen so far:
- Ran SETSPN and verified svcacct has associated SPN
- Setup CMC AD Authentication tab
- Created krb5 and bsclogin files with debug=true
- Ran kinit with no errors
- Tried to log into both CMC and InfoView
- Had AD Admin verify that there are not duplicate SPN’s
- Are logging in with the service account
- Have tried the user name with/without FQDN as suggested
Results:
- No entries in stdout or jce_verbose.log from the login attempts
- From CMC and InfoView, we get the following message when we try to login: Account Information Not Recognized: Active Directory Authentication failed to log you on. Please contact your system administrator to make sure you are a member of a valid mapped group and try again. If you are not a member of the default domain, enter your user name as UserName@DNS)DomainName, and then try again.
Here are the krb5 and bsclogin files:
Krb5.ini
[libdefaults]
default_realm = DEV.XXX.COM
dns_lookup_kdc = true
dns_lookup_realm = true
[realms]
DEV.XXX.COM = {
default_domain = DEV.XXX.COM
kdc = dcname.DEV.XXX.COM
}
bsclogin.conf
com.businessobjects.security.jgss.initiate {
com.sun.security.auth.module.Krb5LoginModule required debug=true;
};
ranger124 (BOB member since 2010-06-11)
