BlackBerry Forums Support Community
              

Closed Thread
 
Thread Tools
Old 08-04-2009, 09:28 AM   #41
SEP
Thumbs Must Hurt
 
Join Date: Nov 2007
Model: 9000
Carrier: -
Posts: 152
Default

Please Login to Remove!

initially i didn't because many thought this was the cause of the problem so reinstalled everything and didnt touch it. I have since installed MR1 and it was then suggested the password be verified. nothing has changed in that respect of fixing AD authentication but only to break the monitoring service.
Offline  
Old 08-05-2009, 11:38 AM   #42
SEP
Thumbs Must Hurt
 
Join Date: Nov 2007
Model: 9000
Carrier: -
Posts: 152
Default

Unable to administer the BlackBerry Administration Service after using the BlackBerry Server Configuration tabs - KB18161

After editing the LDAP Password field on the Administration Service - LDAP tab in the BlackBerry Server Configuration tool, Administrators can no longer log into the BlackBerry Administration Service console using Windows (Microsoft® Active Directory®) Authentication


This implies you could actually log in BAS using Windows AD credentials from fresh install if you didn't mess with the config panel afterwards.....I know I haven't been able to...
Offline  
Old 08-05-2009, 12:24 PM   #43
nobody7290
BlackBerry Extraordinaire
 
Join Date: Mar 2006
Model: 9700
Carrier: t-mobile Germany
Posts: 1,381
Default

But exactly this problem is fixed in MR1 - see the release notes.
Quote:
BlackBerry Configuration Panel
SDR 299265
In BlackBerry Enterprise Server version 5.0, if you specified the LDAP password using the BlackBerry Configuration Panel, the password was entered into the BlackBerry Configuration Database in plain text. As a result, the BlackBerry Administration Server could not read the password, and you could not log into the BlackBerry Administration Service using Windows authentication.

In BlackBerry Enterprise Server version 5.0 MR1, this issue is resolved.
Offline  
Old 08-06-2009, 06:23 AM   #44
SEP
Thumbs Must Hurt
 
Join Date: Nov 2007
Model: 9000
Carrier: -
Posts: 152
Default

well I don't know what more to do...I've done a fresh install and immediately MR1, haven't touched the config panel and imported the password into sql db

one thing. Who did the copying hashed password into sql part? Could someone explain in english what that means, ######### or numbers - I got the numbers. is this correct?

Last edited by SEP; 08-06-2009 at 06:29 AM..
Offline  
Old 08-06-2009, 04:08 PM   #45
nobody7290
BlackBerry Extraordinaire
 
Join Date: Mar 2006
Model: 9700
Carrier: t-mobile Germany
Posts: 1,381
Default

When your generated text file is like:
-51e7812816142316207a6df17212de41

The command to update the sql server would be:
Code:
update BASAuthenticationCredentials set password = '--51e7812816142316207a6df17212de41' where AuthenticationType LIKE '1'
does that explain your question ?
Offline  
Old 08-21-2009, 11:52 AM   #46
SEP
Thumbs Must Hurt
 
Join Date: Nov 2007
Model: 9000
Carrier: -
Posts: 152
Default

well i've now installed MR2 - fixed a whole bunch of user pages i didnt know existed

but web desktop still no go
Offline  
Old 09-07-2009, 03:55 AM   #47
Raiden
Talking BlackBerry Encyclopedia
 
Join Date: Aug 2006
Location: South Africa
Model: 8310i
Carrier: Vodafone
Posts: 202
Default

This is my error

(09/07 10:49:57:329):{http-Servername.domain.CORP%2FI{ADDRESS119-443-6} [com.rim.bes.basplugin.activedirectory.ActiveDirect oryManagerBean] [INFO] [ADAU-1000] {u=SystemUser, t=47938} loginAsLdapUser failed to authenticate LDAP user=bbhdesk, realm=vodacom.corp, kdc=ServerNameDOMAINCONTROLLER.Domain.corp javax.security.auth.login.LoginException: KDC has no support for encryption type (14)
Offline  
Old 09-07-2009, 06:08 AM   #48
nobody7290
BlackBerry Extraordinaire
 
Join Date: Mar 2006
Model: 9700
Carrier: t-mobile Germany
Posts: 1,381
Default

Dont know, but google "knows" many things.
Did you read this ?

Quote google search for "KDC has no support for encryption type (14)":

Code:
javax.security.auth.login.LoginException: KrbException: KDC has no support for encryption type (14) - KDC has no support for encryption type
Cause 1: Your KDC does not support the encryption type requested.

Solution 1: Sun's implementation of Kerberos supports the following encryption types: des-cbc-md5, des-cbc-crc and des3-cbc-sha1.

Applications can select the desired encryption type by specifying following tags in the Kerberos Configuration file krb5.conf:

[libdefaults]
default_tkt_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1
default_tgs_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1
permitted_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1
  
If not specified, the default value is:
des-cbc-md5 des-cbc-crc des3-cbc-sha1
  
Cause 2: This exception is thrown when using native ticket cache on some Windows platforms. Microsoft has added a new feature in which they no longer export the session keys for Ticket-Granting Tickets (TGTs). As a result, the native TGT obtained on Windows has an "empty" session key and null EType. The effected platforms include: Windows Server 2003, Windows 2000 Server Service Pack 4 (SP4) and Windows XP SP2.

Solution 2: You need to update the Windows registry to disable this new feature. The registry key allowtgtsessionkey should be added--and set correctly--to allow session keys to be sent in the Kerberos Ticket-Granting Ticket.

On the Windows Server 2003 and Windows 2000 SP4, here is the required registry setting:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters
Value Name: allowtgtsessionkey
Value Type: REG_DWORD
Value: 0x01  ( default is 0 )
By default, the value is 0; setting it to "0x01" allows a session key to be included in the TGT.
Here is the location of the registry setting on Windows XP SP2:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\
Value Name: allowtgtsessionkey
Value Type: REG_DWORD
Value: 0x01
Did you try that change in the registry ?

Last edited by nobody7290; 09-07-2009 at 06:10 AM..
Offline  
Old 09-07-2009, 07:12 AM   #49
Raiden
Talking BlackBerry Encyclopedia
 
Join Date: Aug 2006
Location: South Africa
Model: 8310i
Carrier: Vodafone
Posts: 202
Default

I have moved this role to a Windows 2008 server..
DC and Webdesktop Server are 2008 servers..."Googling to find out more"
Offline  
Old 09-07-2009, 07:16 AM   #50
Raiden
Talking BlackBerry Encyclopedia
 
Join Date: Aug 2006
Location: South Africa
Model: 8310i
Carrier: Vodafone
Posts: 202
Default

Some notes....Trying this as well
KDC has no support for encryption type (14)
Offline  
Closed Thread


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


Genuine Dell OEM G Series G7 7790 CPU and Graphics Heatsink Assembly XRF05 picture

Genuine Dell OEM G Series G7 7790 CPU and Graphics Heatsink Assembly XRF05

$20.30



OEM Dell latitude E7250 CPU Cooling Fan with Heatsink DP/N 04T1K3 0J3M4Y picture

OEM Dell latitude E7250 CPU Cooling Fan with Heatsink DP/N 04T1K3 0J3M4Y

$13.90



OEM Dell XPS 8910 8920 8930 Alienware Aurora R5 R6 R7 Front Cooling Fan 7M0F5 picture

OEM Dell XPS 8910 8920 8930 Alienware Aurora R5 R6 R7 Front Cooling Fan 7M0F5

$12.11



Genuine OEM Dell 2375 B2375dnf B2375dfw 110V Fuser fixing N41P2 sku 724-BBCI picture

Genuine OEM Dell 2375 B2375dnf B2375dfw 110V Fuser fixing N41P2 sku 724-BBCI

$94.99



1PCS NEW FIT FOR OEM Dell AC Adapter Dell Alienware DA330PM190 LA330PM190 330W picture

1PCS NEW FIT FOR OEM Dell AC Adapter Dell Alienware DA330PM190 LA330PM190 330W

$117.97



OEM Dell XPS 8910 8920 8930 Alienware Aurora R5 R6 R7 Front Cooling Fan NF-A12 picture

OEM Dell XPS 8910 8920 8930 Alienware Aurora R5 R6 R7 Front Cooling Fan NF-A12

$30.60







Copyright © 2004-2016 BlackBerryForums.com.
The names RIM © and BlackBerry © are registered Trademarks of BlackBerry Inc.