I'm wondering if anyone can provide me a bit of help in which logs to look into to help me resolve this error:

May 07 19:16:00 dsfw1 krb5kdc[11173](info): AS_REQ (7 etypes {23 -133 -128 3 1 24 -135}) ISSUE: authtime 1336443360, etypes {rep=23 tkt=23 ses=23}, testuser@dsfw.test.ad for krbtgt/dsfw.test.ad@dsfw.test.ad
May 07 19:16:00 dsfw1 krb5kdc[11173](info): DISPATCH: repeated (retransmitted?) request from, resending previous response
May 07 19:16:01 dsfw1 krb5kdc[11173](info): TGS_REQ (5 etypes {23 3 1 24 -135}) ISSUE: authtime 1336443360, etypes {rep=23 tkt=3 ses=3}, testuser@DSFW.TEST.AD for EDVR/ad-test.dsfw.test.ad@DSFW.TEST.AD

What happens is the user is able to authenticate correctly to the DSFW domain if the application is installed on a Windows server (2003 or 2008 doesn't seem to mater). However the same software package, this time in ubuntu flavor results in the above error. The odd thing is in the application I can see the users when it queries LDAP. I can even add them to the application as admins, or power users, etc. Not that it will mean much here, but the client software gives an error of Login failed - Server-side Kerberos failure. Retrying. Request system secure token, over and over and over again.

I am able to issue a Kerberos ticket to the Linux box using kinit and look at that ticket with klist and see that it is valid so I *think* I have everything correct on the Linux side.

I'd like to be able to give the vendor a bit of useful information in the way of logs but all I've ever looked at was the kdc.log (as seen above).

Any hints where to look for more detailed logs, or why the app would work authenticating against the same DSFW server if Windows but fails from Linux?

Thanks in advance