Active Directory Authentication Fails. Kinit test gives error krb_error 6 Client not found in Kerberos database (6)

book

Article ID: 160412

calendar_today

Updated On:

Products

Data Loss Prevention Enforce

Issue/Introduction

User receives Invalid Username/Password is Disabled Account error when trying to access DLP console using AD authentication. Kinit test gives error krb_error 6 Client not found in Kerberos database (6)

 

D:\Vontu\jre\bin>kinit.exe username password
Exception: krb_error 6 Client not found in Kerberos database (6) Client not found in Kerberos database.
KrbException: Client not found in Kerberos database (6)
        at sun.security.krb5.KrbAsRep.(init)(KrbAsRep.java:66)

Resolution

This error code is seen when Active Directory replication is broken between the domain controllers . In this case, The user that is authenticating against the Domain controller has not been replicated to the DC that is the authenticator (KDC) of the User in that site. We found that the replication was broken and when the AD replication was fixed, we were able to authentication and tested using KINIT with same user against the same Domain controller.

NOTE: If krb5.ini file has more than one domain controller (KDC) entries then you can also check authentication with other domain controller using following command to verify which KDC is able to authenticate the user.

 

DLP 14.6 and earlier

\Vontu\jre\bin>kinit.exe [email protected] password

\Vontu\jre\bin>kinit.exe [email protected] password

DLP 15.0:

\SymantecDLP\jre\bin>kinit.exe [email protected] password

\SymantecDLP\jre\bin>kinit.exe [email protected] password

DLP 15.1

\Program Files\Symantec\Data Loss Prevention\Server JRE\1.89.0_162\bin>kinit.exe [email protected] password

\Program Files\Symantec\Data Loss Prevention\Server JRE\1.89.0_162\bin>kinit.exe [email protected] password

DLP 15.5

\Program Files\Symantec\DataLossPrevention\Server JRE\1.89.0_181\bin>kinit.exe [email protected] password

\Program Files\Symantec\DataLossPrevention\Server JRE\1.89.0_181\bin>kinit.exe [email protected] password