> Server not found in Kerberos database You should make sure that the forward and reverse DNS for your java application machine's IP address match, and that the hostname of the system is exactly the same as the reverse DNS.
So if your system's IP is 1.2.3.4, a reverse DNS lookup would resolve to java.company.com, and the system's hostname would be java.company.com, On 6/20/2013 1:01 AM, Zhutiemin wrote: > Dear MIT Kerberos Team: > > My name is Tiemin Zhu, I am a software engineer of Huawei corporation . > > I am getting following error with Kerberos Authentication. Could you help me > to resolve this error? > But the result of LDAP Authentication is OK > > Is this the configuration error in AD? > > Do you have any document I could study? > > Thanks so much! > > This is the error: > [2013-05-25 03:34:01,765]--[ERROR]--[pool-1-thread-39]--[AdServiceImpl.java > run() 920] - search fail. > javax.naming.AuthenticationException: GSSAPI [Root exception is > javax.security.sasl.SaslException: GSS initiate failed [Caused by > GSSException: No valid credentials provided (Mechanism level: Server not > found in Kerberos database (7))]] > at com.sun.jndi.ldap.sasl.LdapSasl.saslBind(Unknown Source) > at com.sun.jndi.ldap.LdapClient.authenticate(Unknown Source) > at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source) > at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source) > at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source) > at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source) > at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source) > at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source) > at javax.naming.spi.NamingManager.getInitialContext(Unknown Source) > at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source) > at javax.naming.InitialContext.init(Unknown Source) > at javax.naming.ldap.InitialLdapContext.<init>(Unknown Source) > at > com.huawei.vds.service.platform.vdesktop.service.impl.AdServiceImpl$GetSidByIpForPrivilege.run(AdServiceImpl.java:892) > at > com.huawei.vds.service.platform.vdesktop.service.impl.AdServiceImpl$GetSidByIpForPrivilege.run(AdServiceImpl.java:854) > at java.security.AccessController.doPrivileged(Native Method) > at javax.security.auth.Subject.doAs(Unknown Source) > at > com.huawei.vds.service.platform.vdesktop.service.impl.AdServiceImpl.getSidByIp(AdServiceImpl.java:824) > at > com.huawei.vds.service.platform.vdesktop.service.impl.AdServiceImpl.getSidByDomain(AdServiceImpl.java:787) > at > com.huawei.vds.service.platform.vdesktop.service.impl.AdServiceImpl.getSidByMachineName(AdServiceImpl.java:734) > at > com.huawei.vds.service.platform.vdesktop.task.CombineCreateInstanceTask.createInstance(CombineCreateInstanceTask.java:740) > at > com.huawei.vds.service.platform.vdesktop.task.CombineCreateInstanceTask.createVm(CombineCreateInstanceTask.java:655) > at > com.huawei.vds.service.platform.vdesktop.task.CombineCreateInstanceTask.combineCreateInstance(CombineCreateInstanceTask.java:503) > at > com.huawei.vds.service.platform.vdesktop.task.CombineCreateInstanceTask.run(CombineCreateInstanceTask.java:317) > at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source) > at java.util.concurrent.FutureTask$Sync.innerRun(Unknown Source) > at java.util.concurrent.FutureTask.run(Unknown Source) > at > java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(Unknown > Source) > at > java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(Unknown > Source) > at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown > Source) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) > at > com.huawei.vds.common.utils.threadpool.VDSThreadFactory$Task.run(VDSThreadFactory.java:92) > at java.lang.Thread.run(Unknown Source) > Caused by: javax.security.sasl.SaslException: GSS initiate failed [Caused by > GSSException: No valid credentials provided (Mechanism level: Server not > found in Kerberos database (7))] > at > com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(Unknown Source) > ... 32 more > Caused by: GSSException: No valid credentials provided (Mechanism level: > Server not found in Kerberos database (7)) > at sun.security.jgss.krb5.Krb5Context.initSecContext(Unknown Source) > at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source) > at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source) > ... 33 more > Caused by: KrbException: Server not found in Kerberos database (7) > at sun.security.krb5.KrbTgsRep.<init>(Unknown Source) > at sun.security.krb5.KrbTgsReq.getReply(Unknown Source) > at sun.security.krb5.internal.CredentialsUtil.serviceCreds(Unknown > Source) > at > sun.security.krb5.internal.CredentialsUtil.acquireServiceCreds(Unknown Source) > at sun.security.krb5.Credentials.acquireServiceCreds(Unknown Source) > ... 36 more > Caused by: KrbException: Identifier doesn't match expected value (906) > at sun.security.krb5.internal.KDCRep.init(Unknown Source) > at sun.security.krb5.internal.TGSRep.init(Unknown Source) > at sun.security.krb5.internal.TGSRep.<init>(Unknown Source) > > > Best regards! > > phone. +86 02989184490 > mobile. +86 15249061480 > [email protected]<mailto:[email protected]> > Tiemin Zhu > > > > > ________________________________________________ > Kerberos mailing list [email protected] > https://mailman.mit.edu/mailman/listinfo/kerberos ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
