BlackBerry Forums Support Community

BlackBerry Forums Support Community (http://www.blackberryforums.com/)
-   BES Admin Corner (http://www.blackberryforums.com/bes-admin-corner/)
-   -   SSO - Kerberos - error_code: KDC_ERR_BADOPTION (http://www.blackberryforums.com/bes-admin-corner/265864-sso-kerberos-error_code-kdc_err_badoption.html)

juniorra 02-25-2014 05:33 PM

SSO - Kerberos - error_code: KDC_ERR_BADOPTION
 
Hi All,

I am trying to setup SSO Kerberos authentication on BES 5. I have read through the instructions and completed the steps required. When user tired to connect to protected site they get promoted for credentials. I checked the MDAT log and found the following error

Code:

<2014-02-25 13:50:42.803 EST>:[229]:<MDS-CS_SE100620_MDS-CS_1>:<DEBUG>:<LAYER = SCM, impersonation cannot be done on the host of this url, e=GSSException: Failure unspecified at GSS-API level (Mechanism level: com.dstc.security.kerberos.KerberosError: KDC can't fulfill requested option
KrbError:
        Error code: 13
        Error message: null
        Client name: null
        Client realm: null
        Client time: null
        Server name: HTTP/test.com
        Server realm: fake.test.com
        Server time:

I looked at this article KB23457 Browser is prompting for credentials after MDS Connection Service has been configured for Integrated Authentication[/url] Browser is still requesting credentials after MDS Connection Service has been configured for Integrated Authentication, but it did not apply to me as in I have the following option "Trust this user for delegation to any service (Kerberos only)" enabled in AD for the Delegation service account. Can anyone help with identifying what wrong here?

Thanks


All times are GMT -5. The time now is 03:11 AM.

Powered by vBulletin® Version 3.6.12
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.