i'm deploying a new NAM 4.2 installation in our prod environment, and i
have somes troubles with Kerberos.

When a user with a big Kerberos Ticket login, i have an HTTP 400 error
page. (We have a lot of groups, a fresh new user without any groups
don't have this error.)

i found this Cool Solution (http://tinyurl.com/h3fjqut) but the solution
didn't work, or i have misunderstund some things...

We have the following installation
> 1 IDS Server, Windows 2012 R2, named EV-W2012-03, ip 10.xx.yy.80
> 1 AG Server, Windows 2012 R2, named EV-W2012-05, ip 10.xx.yy.82
> No firewall between the 2 servers
>The NIDP ressources is protected through the AG, and with other

authentication method works well

On the IDS Server, i modify the server.xml like this :

<Connector NIDP_Name="connector" SSLEnabled="true" URIEncoding="utf-8" acceptCount="100" address="10.xx.yy.80" clientAuth="false" disableUploadTimeout="true" enableLookups="false" keystoreFile="C:\Program Files (x86)\Novell\devman\jcc/certs/idp/connector.keystore" keystorePass="xxxxxxxxxxxxxxxxxxxx" maxThreads="600" minSpareThreads=" 5 " port="443" scheme="https" sslImplementationName="com.novell.nidp.common.util .net.server.NIDPSSLImplementation" sslProtocol="tls" useBodyEncodingURI="false" ciphers="SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_KRB5_WITH_3DES_EDE_CBC_SHA, TLS_KRB5_WITH_RC4_128_SHA" maxHttpHeaderSize="32768"/>

Is this right? Did i need to do something on the AG server?

Thanks in advance for your support.

it_contrats_at_evam_ch's Profile: https://forums.netiq.com/member.php?userid=9850
View this thread: https://forums.netiq.com/showthread.php?t=56420