Kerberos authenitcation is not working even though it is configured.
search cancel

Kerberos authenitcation is not working even though it is configured.

book

Article ID: 187740

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

We have configured a KDC server, and verified that the firewall is open to the KDC.  We configured both a device group and the individual device with the KDC per documentation page https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-privileged-access-management/privileged-access-manager/3-3-2/integrating/configure-kerberos-piv-cac-authentication-for-windows-targets.html.  When we attempt to RDP to that device, we get an error "Cannot perform Kerberos authentication; a KDC Server is not configured for the Device that you're attempting to access.".

 



Environment

Release : 3.3

Component : PRIVILEGED ACCESS MANAGEMENT

Cause

The device was configured with an IP as device address. As of March 2020, supported PAM releases, 3.3.2 being the latest one, only allow Kerberos authentication if the target device address is a Fully Qualified Domain Name (FQDN). IPs or short names are not accepted in the device address field and will cause the observed error.

Resolution

Change the device configuration in PAM to use the device FQDN as address.

Attachments

Powered by Wolken Software