Unable to configure Kerberos authentication

Questions about WAPT Server / Requests and help related to the WAPT server
Forum Rules
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
Locked
florentR2
Messages: 100
Registration: February 13, 2020 - 5:23 PM

April 15, 2020 - 4:41 PM

Good morning,
* WAPT 1.8.1 Enterprise (trial license)
* Debian Buster Server
* Domain Controller Win Server 2016


We are unable to configure Kerberos authentication.
We followed the instructions here: https://www.wapt.fr/fr/doc/wapt-securit ... beros.html
But we are stuck at the step on creating an HTTP Keytab with the msktutil command.

Code: Select all

root# kinit toto
Password for toto@R2.LOCAL:
root# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: toto@R2.LOCAL

Valid starting       Expires              Service principal
04/15/2020 16:12:35  04/16/2020 02:12:35  krbtgt/R2.LOCAL@R2.LOCAL
        renew until 04/16/2020 16:12:16
root# msktutil --server monControlleurPrincipal.uhb.fr --precreate --host $(hostname) -b cn=computers --service HTTP --description "host account for WAPT Server" --enctypes 24 -N
[b]Error: ldap_sasl_interactive_bind_s failed (Local error)
        additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (Server not found in Kerberos database)
Error: ldap_connect failed
--> Is your kerberos ticket expired? You might try re-"kinit"ing.[/b]

root# telnet monControlleurPrincipal.uhb.fr 88
Trying xx.xx.xx.xx ...
Connected to monControlleurPrincipal.uhb.fr.
Escape character is '^]'
The Kerberos ticket is still valid, however.
Any ideas?
High
User avatar
sfonteneau
WAPT Expert
Messages: 2318
Registered: July 10, 2014 - 11:52 PM
Contact :
Contact Sfonteneau

April 15, 2020 - 5:57 PM

Off the top of my head, I'm not entirely sure.

It seems the server can't contact the domain controller.

Without looking into it too much, here's a possible alternative:

https://www.wapt.fr/fr/doc/wapt-securit ... -directory
High
florentR2
Messages: 100
Registration: February 13, 2020 - 5:23 PM

April 16, 2020 - 10:52 AM

Thanks, we'll try it.
I wonder how I missed that since it's right after. :?
High
Locked

Return to "WAPT Server"


  • To go further with WAPT