I have created a Kerberos Keytab after running the setspn and Ktpass cmd.
The Keytab is imported into the Gateway but failing with Kerberos Authentication error.
I captured the network traffic and found the Kerberos flow is going half way through.
DNS lookup is happening then AS-REQ & AS REP is also going through fine.
But the Client (Gateway) is not able to initiate TGS-REQ for Kerberos ticket.
Did anyone face similar problem?
Please make sure domain controllers are discoverable using DNS resolution. Alternatively you can use gateway cluster properties or krb5.conf file to specify domains and domain controller IPs. Following cluster properties might help discovering domain controllers.
krb5.kdc // Configure IP address
krb5.realm // Configure fully qualified domain name.
Dear Rudra_Singh ,
It seems we have a support ticket for this issue. The root cause is realm in lowercase. It was resolved after using uppercase.
Please confirm and mark this discussion as answered.
Yes,, the problem was fixed after setting the principal with REALM in uppercase.