BlackBerry Forums Support Community               

Closed Thread
 
LinkBack Thread Tools
Old 08-04-2009, 10:28 AM   #41 (permalink)
SEP
Thumbs Must Hurt
 
Join Date: Nov 2007
Model: 9000
Carrier: -
Posts: 152
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Please Login to Remove!

initially i didn't because many thought this was the cause of the problem so reinstalled everything and didnt touch it. I have since installed MR1 and it was then suggested the password be verified. nothing has changed in that respect of fixing AD authentication but only to break the monitoring service.
Offline  
Old 08-05-2009, 12:38 PM   #42 (permalink)
SEP
Thumbs Must Hurt
 
Join Date: Nov 2007
Model: 9000
Carrier: -
Posts: 152
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Unable to administer the BlackBerry Administration Service after using the BlackBerry Server Configuration tabs - KB18161

After editing the LDAP Password field on the Administration Service - LDAP tab in the BlackBerry Server Configuration tool, Administrators can no longer log into the BlackBerry Administration Service console using Windows (Microsoft® Active Directory®) Authentication


This implies you could actually log in BAS using Windows AD credentials from fresh install if you didn't mess with the config panel afterwards.....I know I haven't been able to...
Offline  
Old 08-05-2009, 01:24 PM   #43 (permalink)
BlackBerry Extraordinaire
 
Join Date: Mar 2006
Model: 9700
Carrier: t-mobile Germany
Posts: 1,366
Post Thanks: 11
Thanked 69 Times in 66 Posts
Default

But exactly this problem is fixed in MR1 - see the release notes.
Quote:
BlackBerry Configuration Panel
SDR 299265
In BlackBerry Enterprise Server version 5.0, if you specified the LDAP password using the BlackBerry Configuration Panel, the password was entered into the BlackBerry Configuration Database in plain text. As a result, the BlackBerry Administration Server could not read the password, and you could not log into the BlackBerry Administration Service using Windows authentication.

In BlackBerry Enterprise Server version 5.0 MR1, this issue is resolved.
Offline  
Old 08-06-2009, 07:23 AM   #44 (permalink)
SEP
Thumbs Must Hurt
 
Join Date: Nov 2007
Model: 9000
Carrier: -
Posts: 152
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

well I don't know what more to do...I've done a fresh install and immediately MR1, haven't touched the config panel and imported the password into sql db

one thing. Who did the copying hashed password into sql part? Could someone explain in english what that means, ######### or numbers - I got the numbers. is this correct?

Last edited by SEP : 08-06-2009 at 07:29 AM.
Offline  
Old 08-06-2009, 05:08 PM   #45 (permalink)
BlackBerry Extraordinaire
 
Join Date: Mar 2006
Model: 9700
Carrier: t-mobile Germany
Posts: 1,366
Post Thanks: 11
Thanked 69 Times in 66 Posts
Default

When your generated text file is like:
-51e7812816142316207a6df17212de41

The command to update the sql server would be:
Code:
update BASAuthenticationCredentials set password = '--51e7812816142316207a6df17212de41' where AuthenticationType LIKE '1'
does that explain your question ?
Offline  
Old 08-21-2009, 12:52 PM   #46 (permalink)
SEP
Thumbs Must Hurt
 
Join Date: Nov 2007
Model: 9000
Carrier: -
Posts: 152
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

well i've now installed MR2 - fixed a whole bunch of user pages i didnt know existed

but web desktop still no go
Offline  
Old 09-07-2009, 04:55 AM   #47 (permalink)
Talking BlackBerry Encyclopedia
 
Join Date: Aug 2006
Location: South Africa
Model: 8310i
Carrier: Vodafone
Posts: 202
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

This is my error

(09/07 10:49:57:329):{http-Servername.domain.CORP%2FI{ADDRESS119-443-6} [com.rim.bes.basplugin.activedirectory.ActiveDirect oryManagerBean] [INFO] [ADAU-1000] {u=SystemUser, t=47938} loginAsLdapUser failed to authenticate LDAP user=bbhdesk, realm=vodacom.corp, kdc=ServerNameDOMAINCONTROLLER.Domain.corp javax.security.auth.login.LoginException: KDC has no support for encryption type (14)
Offline  
Old 09-07-2009, 07:08 AM   #48 (permalink)
BlackBerry Extraordinaire
 
Join Date: Mar 2006
Model: 9700
Carrier: t-mobile Germany
Posts: 1,366
Post Thanks: 11
Thanked 69 Times in 66 Posts
Default

Dont know, but google "knows" many things.
Did you read this ?

Quote google search for "KDC has no support for encryption type (14)":

Code:
javax.security.auth.login.LoginException: KrbException: KDC has no support for encryption type (14) - KDC has no support for encryption type
Cause 1: Your KDC does not support the encryption type requested.

Solution 1: Sun's implementation of Kerberos supports the following encryption types: des-cbc-md5, des-cbc-crc and des3-cbc-sha1.

Applications can select the desired encryption type by specifying following tags in the Kerberos Configuration file krb5.conf:

[libdefaults]
default_tkt_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1
default_tgs_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1
permitted_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1
  
If not specified, the default value is:
des-cbc-md5 des-cbc-crc des3-cbc-sha1
  
Cause 2: This exception is thrown when using native ticket cache on some Windows platforms. Microsoft has added a new feature in which they no longer export the session keys for Ticket-Granting Tickets (TGTs). As a result, the native TGT obtained on Windows has an "empty" session key and null EType. The effected platforms include: Windows Server 2003, Windows 2000 Server Service Pack 4 (SP4) and Windows XP SP2.

Solution 2: You need to update the Windows registry to disable this new feature. The registry key allowtgtsessionkey should be added--and set correctly--to allow session keys to be sent in the Kerberos Ticket-Granting Ticket.

On the Windows Server 2003 and Windows 2000 SP4, here is the required registry setting:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters
Value Name: allowtgtsessionkey
Value Type: REG_DWORD
Value: 0x01  ( default is 0 )
By default, the value is 0; setting it to "0x01" allows a session key to be included in the TGT.
Here is the location of the registry setting on Windows XP SP2:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\
Value Name: allowtgtsessionkey
Value Type: REG_DWORD
Value: 0x01
Did you try that change in the registry ?

Last edited by nobody7290 : 09-07-2009 at 07:10 AM.
Offline  
Old 09-07-2009, 08:12 AM   #49 (permalink)
Talking BlackBerry Encyclopedia
 
Join Date: Aug 2006
Location: South Africa
Model: 8310i
Carrier: Vodafone
Posts: 202
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

I have moved this role to a Windows 2008 server..
DC and Webdesktop Server are 2008 servers..."Googling to find out more"
Offline  
Old 09-07-2009, 08:16 AM   #50 (permalink)
Talking BlackBerry Encyclopedia
 
Join Date: Aug 2006
Location: South Africa
Model: 8310i
Carrier: Vodafone
Posts: 202
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Some notes....Trying this as well
KDC has no support for encryption type (14)
Offline  
Closed Thread


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On





Copyright © 2004-2014 BlackBerryForums.com.
The names RIM © and BlackBerry © are registered Trademarks of BlackBerry Inc.