5 Replies Latest reply on Apr 18, 2012 5:33 PM by 931587

    WNA - kinit fails

    468628
      I'm attempting to configure windows native authentication for portal. I've confirmed that the synch and external authentication to Active Directory works. I've now run ktpass and copied my keytab file. However, I'm getting this error:

      E:\OraHome_1\jdk\bin>kinit -k -t e:\orahome_1/j2ee/OC4J_SECURITY/config/orclportaltest.keytab HTTP/orclportaltest.MyPortalDomain.net

      Exception: krb_error 14 KDC has no support for encryption type (14) KDC has no support for encryption type
      KrbException: KDC has no support for encryption type (14)
      at sun.security.krb5.internal.crypto.p.a(DashoA12275:63)
      at sun.security.krb5.EncryptedData.<init>(DashoA12275:89)
      at sun.security.krb5.KrbAsReq.a(DashoA12275:234)
      at sun.security.krb5.KrbAsReq.<init>(DashoA12275:156)
      at sun.security.krb5.internal.tools.Kinit.<init>(DashoA12275:242)
      at sun.security.krb5.internal.tools.Kinit.main(DashoA12275:109)

      From the looks of this, my ktpass command was incorrect. I've added the user "orclportaltest" to AD and ran:

      ktpass -princ HTTP/orclportaltest.myPortalDomain.net@MYADDOMAIN -pass mypassword -mapuser orclportaltest@MYADDOMAIN -out orclportaltest.keytab

      It generated the keytab but warned that the pType and account type don't match.

      In addition, I've noticed that my AD user's login has changed from orclportaltest to HTTP/orclportaltest.MyPortalDomain.net

      Any help would be greatly appreciated.

      Thanks,
      Mike