Data Loss Prevention

Hi all, 

I have configured as below in krb5.ini and also copied the files to springSecurityContext-KERBEROS.xml and rename springSecurityContext.xml. 

[libdefaults]
default_realm = domain1.com

[realms]
domain1.com = {
kdc = AD.domain1.com
}
domain2.com = {
kdc = AD.domain2.com
}

However, after restarted the services. There is only 1 domain show in the domain list in enforce login which is domain1.com.

May i know how do i enable for users to choose between domain1.com and domain2.com?

Hi,

Anyone has any idea of this?
Original Message:
Sent: 02-17-2021 09:21 PM
From: Chong
Subject: krb5.ini AD integration for DLP Enforce 15.7

Hi all,

I have configured as below in krb5.ini and also copied the files to springSecurityContext-KERBEROS.xml and rename springSecurityContext.xml. 

[libdefaults]
default_realm = domain1.com

[realms]
domain1.com = {
kdc = AD.domain1.com
}
domain2.com = {
kdc = AD.domain2.com
}

However, after restarted the services. There is only 1 domain show in the domain list in enforce login which is domain1.com.

May i know how do i enable for users to choose between domain1.com and domain2.com?

Hello,
I had the same problem and I found a resolution. So try this:
- in krb5.ini/conf comment default realms (I tried to enter one or both, but it didn't work, so I commented both of them)
- in Enforce Console go to - System - Settings- General - Configure , and in DLP User Authentication section I entered both of my domains (comma separated).
- after restart I have two domains in Enforce login screen.

Please let me know if you menage it.

Regards,
Jolanta
Original Message:
Sent: 02-17-2021 09:21 PM
From: Chong
Subject: krb5.ini AD integration for DLP Enforce 15.7

Hi all,

I have configured as below in krb5.ini and also copied the files to springSecurityContext-KERBEROS.xml and rename springSecurityContext.xml. 

[libdefaults]
default_realm = domain1.com

[realms]
domain1.com = {
kdc = AD.domain1.com
}
domain2.com = {
kdc = AD.domain2.com
}

However, after restarted the services. There is only 1 domain show in the domain list in enforce login which is domain1.com.

May i know how do i enable for users to choose between domain1.com and domain2.com?

Hi Jolanta,

I get the answer from Broadcom Support directly and resolved the issue. The method are the same as yours. 

Thank you for your sharing as well.
Original Message:
Sent: 03-08-2021 04:53 AM
From: Jolanta S
Subject: krb5.ini AD integration for DLP Enforce 15.7

Hello,
I had the same problem and I found a resolution. So try this:
- in krb5.ini/conf comment default realms (I tried to enter one or both, but it didn't work, so I commented both of them)
- in Enforce Console go to - System - Settings- General - Configure , and in DLP User Authentication section I entered both of my domains (comma separated).
- after restart I have two domains in Enforce login screen.

Please let me know if you menage it.

Regards,
Jolanta
Original Message:
Sent: 02-17-2021 09:21 PM
From: Chong
Subject: krb5.ini AD integration for DLP Enforce 15.7

Hi all,

I have configured as below in krb5.ini and also copied the files to springSecurityContext-KERBEROS.xml and rename springSecurityContext.xml. 

[libdefaults]
default_realm = domain1.com

[realms]
domain1.com = {
kdc = AD.domain1.com
}
domain2.com = {
kdc = AD.domain2.com
}

However, after restarted the services. There is only 1 domain show in the domain list in enforce login which is domain1.com.

May i know how do i enable for users to choose between domain1.com and domain2.com?