0

We have transfered our site (httpd+nginx+php) from simple host with 3 containers to kuber cluster. And after that for some reason SSO has stopped working. Kerberos and samba configs are the same, AD domain is the same. Simple kerberos login with login/password still working. Httpd container's logs say:

Warning: received token seems to be NTLM, which isn't supported by the Kerberos module. Check your IE configuration
[auth_kerb:error] gss_accept_sec_context() failed: An unsupported mechanism was requested (, Unknown error)

I've already registered site as an "intranet website" in IE settings. But while trying to access it from my computer (user is connected to domain) the client is still sending an NTLM token.

If not solution could you at least suggest what can be the difference in authentication on the same site between host and kuber clusters? So that I at least know which way to look

Greg Askew
  • 35,880
  • 5
  • 54
  • 82
Rumotameru
  • 1
  • Are you saying that if you put your site on a single host, and target that host with your browser, it sends a Kerberos token, and the same site/url but on a different platform the client sends an NTLM token? That really seems unlikely, and needs to be cleared up first. – Greg Askew Sep 28 '22 at 11:54
  • @GregAskew, well. URL is not the same, because old website still functioning. Old one is ```mytkb.ad.transcapital.com```, new one ```mytkb.prod.payk8s.transcapital.com``` kinit command:```kinit ${AD_USER}@AD.TRANSCAPITAL.COM <<<${AD_PASSWORD}``` – Rumotameru Sep 30 '22 at 06:24
  • 1
    That may be so, but it doesn't explain why *the client* is sending an NTLM token...that likely has nothing to do with the server. – Greg Askew Sep 30 '22 at 08:32

0 Answers0