Active Directory Authentication Fails. Kinit test gives error krb_error 6 Client not found in Kerberos database (6)
search cancel

Active Directory Authentication Fails. Kinit test gives error krb_error 6 Client not found in Kerberos database (6)

book

Article ID: 160412

calendar_today

Updated On:

Products

Data Loss Prevention Enforce Data Loss Prevention VMware vCenter Server VMware vCenter Server 8.0

Issue/Introduction

User receives error, "Invalid Username/Password, Disabled Account" when trying to access the Enforce console using AD authentication.

Kinit test gives error krb_error 6 Client not found in Kerberos database (6)

\Program Files\Symantec\DataLossPrevention\Server JRE\<version>\bin>kinit.exe username password
Exception: krb_error 6 Client not found in Kerberos database (6) Client not found in Kerberos database.
KrbException: Client not found in Kerberos database (6)
        at sun.security.krb5.KrbAsRep.(init)(KrbAsRep.java:66)

Environment

VMware vCenter Server
VMware vCenter Server 8.x

DLP

Resolution

This error code is seen when Active Directory replication is broken between the domain controllers . In this case, The user that is authenticating against the Domain controller has not been replicated to the DC that is the authenticator (KDC) of the User in that site. We found that the replication was broken and when the AD replication was fixed, we were able to authentication and tested using KINIT with same user against the same Domain controller.

NOTE: If krb5.ini file has more than one domain controller (KDC) entries then you can also check authentication with other domain controller using following command to verify which KDC is able to authenticate the user.


\Program Files\AdoptOpenJRE\<java version>\bin\kinit.exe [email protected] password
\Program Files\AdoptOpenJRE\<java version>\bin\kinit.exe [email protected] password

 

Powered by Wolken Software