Dean, No, not trying to do this across domains. Solaris does have a 'domainname' command, however, which in this case returns empty -- maybe that's a problem? Also, the 'hostname' command just returns an unqualified hostname -- also maybe an issue? Still trying to wrap my head around how all the pieces fit together... :-)
When you test your keytab, what command do you use specifically? The user manual seems to indicate that any domain user would be acceptable: kinit a_user_in_the_re...@your.realm.here klist Like I said, I tried a couple different variations that involved the SPN and the linked principal listed in the keytab; do you have a recommendation for testing with kinit? As far as tracking down exactly what's going wrong when I get that "client not found" error, I'm having the AD admins look to see what's getting logged on their side. Thanks! - Bill On Thu, Apr 29, 2010 at 2:37 PM, Dean Heisey <deanh...@noa.nintendo.com>wrote: > > Bill, > > When you get this error: "kinit(v5): Client not found in Kerberos database > while getting initial credentials". for your SPN, your KDC is trying to > tell you that it couldnt find your SPN in the Kerberos Database, in this > case AD. That tells me that there is something wrong with the AD user/SPN > mapping. Unfortunately, it doesn't tell me EXACTLY whats wrong. > > You arent attempting to go across domains when running this are you? > > -- > View this message in context: > http://jasig.275507.n4.nabble.com/Problem-with-SPNEGO-Getting-NTLM-token-instead-of-Kerberos-tp1598650p2076017.html > Sent from the CAS Users mailing list archive at Nabble.com. > > -- > You are currently subscribed to cas-user@lists.jasig.org as: > b...@counterpointconsulting.com > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- Bill Markmann Counterpoint Consulting, Inc. (p) 571-338-2455 (f) 202-403-3425 (e) b...@counterpointconsulting.com (w) http://www.counterpointconsulting.com/ -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user