I am trying to create SSO for an Application running on AIX 7.1 to be authenticated by WIndows AD 2008.I have done below steps. ( Just need to use Windows for authentication only , user administration can be done at AIX server)
1) Installed KRB5 filesets in AIX server.
2) Created AD user in WIndows AD server -
3) Created keytab file using below command
C:\>ktpass -princ host/AIXserver.mycompany.com@MYCOMPANY.COM -mapuser host_ai-ker
r-pr -pass xxxxxxx -out host_AIXserver.keytab
Targeting domain controller: server1.mycompany.com
Using legacy password setting method
Successfully mapped host/AIXserver.mycompany.com to host_AIXserver.
WARNING: pType and account type do not match. This might cause problems.
Key created.
Output keytab to host_AIXserver.keytab:
Keytab version: 0x502
keysize 76 host/AIXserver.mycompany.com@MYCOMPANY.COM ptype 0 (KRB5_NT_UNKNOWN) v
no 3 etype 0x17 (RC4-HMAC) keylength 16 (0x0229a7a4cd52062d9480fb4dbe41d41a)
C:\>setspn -L host_AIXserver
Registered ServicePrincipalNames for CN=host_AIXserver,CN=Users,DC=mycompany,DC=
com:
host/AIXserver.mycompany.com
4) FTP'ed Keytab to AIX server and created keytab using ktutil:
rkt /home/root/host_AIXserver.keytab
ktutil: list
slot KVNO Principal
------
1 3 host/AIXserver.mycompany.com@MYCOMPANY.COM
ktutil: wkt /etc/krb5/krb5.keytab
ktutil: quit
5) But I am not able to proceed further due to below error.
root@AIXserver[/home/root]# /usr/krb5/bin/kinit -kt /etc/krb5/krb5.keytab
Unable to obtain initial credentials.Status 0x96c73a06 - Client not found in Network Authentication Service database or client locked out.
root@AIXserver[/home/root]# /usr/krb5/bin/kinit -kt host_AIXserver@MYCOMPANY.COM
Unable to obtain initial credentials.
Status 0x96c73a06 - Client not found in Network Authentication Service database or client locked out.
Pls suggest a fix for this error. Pls let me know for more clarifications. Any suggestion is appreciated
1) Installed KRB5 filesets in AIX server.
2) Created AD user in WIndows AD server -
3) Created keytab file using below command
C:\>ktpass -princ host/AIXserver.mycompany.com@MYCOMPANY.COM -mapuser host_ai-ker
r-pr -pass xxxxxxx -out host_AIXserver.keytab
Targeting domain controller: server1.mycompany.com
Using legacy password setting method
Successfully mapped host/AIXserver.mycompany.com to host_AIXserver.
WARNING: pType and account type do not match. This might cause problems.
Key created.
Output keytab to host_AIXserver.keytab:
Keytab version: 0x502
keysize 76 host/AIXserver.mycompany.com@MYCOMPANY.COM ptype 0 (KRB5_NT_UNKNOWN) v
no 3 etype 0x17 (RC4-HMAC) keylength 16 (0x0229a7a4cd52062d9480fb4dbe41d41a)
C:\>setspn -L host_AIXserver
Registered ServicePrincipalNames for CN=host_AIXserver,CN=Users,DC=mycompany,DC=
com:
host/AIXserver.mycompany.com
4) FTP'ed Keytab to AIX server and created keytab using ktutil:
rkt /home/root/host_AIXserver.keytab
ktutil: list
slot KVNO Principal
------
1 3 host/AIXserver.mycompany.com@MYCOMPANY.COM
ktutil: wkt /etc/krb5/krb5.keytab
ktutil: quit
5) But I am not able to proceed further due to below error.
root@AIXserver[/home/root]# /usr/krb5/bin/kinit -kt /etc/krb5/krb5.keytab
Unable to obtain initial credentials.Status 0x96c73a06 - Client not found in Network Authentication Service database or client locked out.
root@AIXserver[/home/root]# /usr/krb5/bin/kinit -kt host_AIXserver@MYCOMPANY.COM
Unable to obtain initial credentials.
Status 0x96c73a06 - Client not found in Network Authentication Service database or client locked out.
Pls suggest a fix for this error. Pls let me know for more clarifications. Any suggestion is appreciated