0

I have working for a long time to get Drupal 7 to perform SSO authentication to a Windows Server 2003 environment.

What I have done so far:

Create a user account for the linux server in Active Directory. Had the Active Directory administrator execute the ktpass command to create a keytab file with the proper authentication types and SPN. Configure Kerberos in krb5.conf on the Linux server to reflect the specifics of our Active Directory environment. I am able to issue the kinit command against my own AD account and it authenticates. When I issue kvno to the SPN for the server account I just created I get the following: kvno: Ticket expired while getting credentials for HTTP/server_name.domain.com@DOMAIN.COM

I also have the keytab uploaded to the server. I just cannot get the KDC to issue a ticket for the SPN I created. Can anyone assist?

Regards,

Andy Scott

Andy Scott
  • 1
  • 1

1 Answers1

0

I got the "ticked expired" message when my time was not syncing correctly between linux and AD. I assume your time server is also the domain controller (usually it is set up that way), so you could check the time settings with ntpdate.

run:

ntpdate IP_of_your_AD_server

And then try kvno again.

Nebojsa Zivkovic
  • 75
  • 2
  • 6