Skip to Main Content
Forums

Infrastructure Software

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

VDI 3.1 and SSGD authentication Issues

807578Jan 3 2010 — edited Jan 8 2010
Hi all, I have two servers with brand new VDI 3.1 installation plus SSGD.

Everything is configured, and working ok only for SOME users, awesome L

My krb5.conf file looks like the following:

[libdefaults]
default_realm = DOMAIN.COM
default_checksum = rsa-md5
[realms]
DOMAIN.COM = {
kdc = server1
kdc = server2
admin_server = server1
kpasswd_server = server1
kpasswd_protocol = SET_CHANGE
}
[domain_realm]
domain.com = DOMAIN.COM
.domain.com = DOMAIN.COM
[logging]
default = FILE:/var/krb5/kdc.log
kdc = FILE:/var/krb5/kdc.log
kdc_rotate = {

# How often to rotate kdc.log. Logs will get rotated no more
# often than the period, and less often if the KDC is not used
# frequently.
period = 1d
# how many versions of kdc.log to keep around (kdc.log.0, kdc.log.1, ...)
versions = 10
}
[appdefaults]
kinit = {
renewable = true
forwardable= true
}
gkadmin = {
help_url =
http://docs.sun.com:80/ab2/coll.384.1/SEAM/@AB2PageView/1195
}


Kinit authentication works for ALL users, but only some users will
authenticate SSGD (configured for AD) and Sun Ray.

Even trying /opt/SUNWvda/lib/vda-client –u USER will work only for some
users, and other not.

If I create a test user in AD, it will not work.

Restarting servers, cacaoadm, etc... does not solve the issue...

If enabling debug on cacaoadm, here is the result:

03/01/2010 15:04:39 com.sun.vda.service.client.ClientRequestWorker run
FINEST: thr#19 Received request from vda-client (127.0.0.1): start(user=USER)
03/01/2010 15:04:39 com.sun.vda.service.ldap.UserDirConnection searchForUser
FINEST: thr#19 start searchForUser authenticate=true changePwd=false
03/01/2010 15:04:39 com.sun.vda.service.ldap.UserDirConnection searchForUser
FINEST: thr#19 start loginHelper.authenticate for username=USER
03/01/2010 15:04:39 com.sun.sgd.directoryservices.core.DirectoryServiceContext authenticate
FINE: thr#19 Authenticating USER to com.sun.sgd.directoryservices.core.service.ADForestService#ad://DOMAIN.COM/dc=DOMAIN,dc=COM
03/01/2010 15:04:39 com.sun.sgd.directoryservices.core.error.ErrorHandler handleError
FINE: thr#19 Processing javax.security.auth.login.LoginException: KDC has no support for encryption type (14)
03/01/2010 15:04:39 com.sun.sgd.directoryservices.core.error.ErrorHandler handleError
FINEST: thr#19 Handling error:
javax.security.auth.login.LoginException: KDC has no support for encryption type (14)

Working users give "completed kerberos auth for WORKINGUSER"

Checked working users against non working users with ldp.exe on windows domains, and are identical.

Any ideas? I can test at nights, as this is in production with old version
(using Virtual Machines)

Thanks a lot!

Edited by: viktu_Pons on Jan 3, 2010 6:10 AM
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Feb 5 2010
Added on Jan 3 2010
#oracle-virtualization, #virtual-desktop-infrastructure-and-sunray-clients
4 comments
147 views