5 Replies Latest reply: Apr 18, 2012 12:33 PM by 931587 RSS

    WNA - kinit fails

      I'm attempting to configure windows native authentication for portal. I've confirmed that the synch and external authentication to Active Directory works. I've now run ktpass and copied my keytab file. However, I'm getting this error:

      E:\OraHome_1\jdk\bin>kinit -k -t e:\orahome_1/j2ee/OC4J_SECURITY/config/orclportaltest.keytab HTTP/orclportaltest.MyPortalDomain.net

      Exception: krb_error 14 KDC has no support for encryption type (14) KDC has no support for encryption type
      KrbException: KDC has no support for encryption type (14)
      at sun.security.krb5.internal.crypto.p.a(DashoA12275:63)
      at sun.security.krb5.EncryptedData.<init>(DashoA12275:89)
      at sun.security.krb5.KrbAsReq.a(DashoA12275:234)
      at sun.security.krb5.KrbAsReq.<init>(DashoA12275:156)
      at sun.security.krb5.internal.tools.Kinit.<init>(DashoA12275:242)
      at sun.security.krb5.internal.tools.Kinit.main(DashoA12275:109)

      From the looks of this, my ktpass command was incorrect. I've added the user "orclportaltest" to AD and ran:

      ktpass -princ HTTP/orclportaltest.myPortalDomain.net@MYADDOMAIN -pass mypassword -mapuser orclportaltest@MYADDOMAIN -out orclportaltest.keytab

      It generated the keytab but warned that the pType and account type don't match.

      In addition, I've noticed that my AD user's login has changed from orclportaltest to HTTP/orclportaltest.MyPortalDomain.net

      Any help would be greatly appreciated.