Hi Experts,
Users in the Default domain (D.CHILD1.PARENT.COM) are able to login manually using Windows AD.
But users in others domains (eg : A.CHILD1.PARENT.COM) are not able to login using manual AD. They are getting the below error :
I see the below error in tomcat logs (stdout.log)
User Entered name : xyz@A.CHILD1.PARENT.COM
[Krb5LoginModule] authentication failed 111.A.CHILD1.PARENT.COM
Strange thing is : "111" kdc server belongs to PARENT.COM, but in the error it is showing "A.CHILD1.PARENT.COM"
Forest structure :
PARENT.COM
-CHILD1.PARENT.COM
-A.CHILD1.PARENT.COM (trying to make it work for user in this domain first)
-B.CHILD1.PARENT.COM
-C.CHILD1.PARENT.COM
-D.CHILD1.PARENT.COM (Default)
-CHILD2.PARENT.COM
-CHILD3.PARENT.COM
-E.CHILD3.PARENT.COM
-F.CHILD3.PARENT.COM
krb5.ini (trying to make it work for users of A.CHILD1.PARENT.COM & D.CHILD1.PARENT.COM)
So, when a user of domain D.CHILD1.PARENT.COM logs in manually, it works
When a user of domain A.CHILD1.PARENT.COM logs in, it gives above error message. Tomcat logs are also attached above.
NOTE : Service account is also from the default domain : D.CHILD1.PARENT.COM
Kindly help us in fixing this issue. Thanks.
Regards,
Monish