Hi All,
have an issue setting up Kerberos with NAM 4.0.1-88 with Windows
Server 2008R2.

Getting Error:
Error processing SPNEGO/Kerberos : Received NTLM Token which currently
is Not supported.

During IDP Start up I see "Commit Succeeded" in catalina.out

Client is Windows 7 / IE10.
The NAM IDP and LAG domains are both showing in the client as Local
Intranet and Intergrated Windows Authentication is enabled.
"klist tickets" does not show any tickets for the IDP.

Found TID saying I needed to enable Network security: Configure
encryption types allowed for kerberos on the Windows Domain Servers.
However no policy is set in GPO so I assume all are allowed.
A packet trace between the IDP and AD shows a ticket is provided to the
IDP on start up.


Code:
--------------------
1064 3:52:00 PM 23/10/2015 39.7012490 10.50.32.21 172.20.19.15 KerberosV5 KerberosV5:AS Request Cname: HTTP/nidpdev.vic.gov.au Realm: MELB.DEVAD Sname: krbtgt/MELB.DEVAD
1065 3:52:00 PM 23/10/2015 39.7034800 172.20.19.15 10.50.32.21 KerberosV5 KerberosV5:KRB_ERROR - KDC_ERR_PREAUTH_REQUIRED (25)
1066 3:52:00 PM 23/10/2015 39.7107740 10.50.32.21 172.20.19.15 KerberosV5 KerberosV5:AS Request Cname: HTTP/nidpdev.vic.gov.au Realm: MELB.DEVAD Sname: krbtgt/MELB.DEVAD
1067 3:52:00 PM 23/10/2015 39.7122160 172.20.19.15 10.50.32.21 KerberosV5 KerberosV5:AS Response Ticket[Realm: MELB.DEVAD, Sname: krbtgt/MELB.DEVAD]
--------------------


Any help would be greatly appreciated.


--
aaronsayer
------------------------------------------------------------------------
aaronsayer's Profile: https://forums.netiq.com/member.php?userid=500
View this thread: https://forums.netiq.com/showthread.php?t=54526