Kerberos unknown code krb 147, failed to verify krb5 credentials with LikeWise Open

Question

I've followed this guide to get Apache Single-Sign-On to work, but so far all I get is strange kerberos errors.

http://www.likewise.com/resources/documentation_library/manuals/open/likewise-open-guide.html#apachesso

This is my current configuration

[root@server httpd]# uname -a
Linux server 2.6.18-274.3.1.el5xen #1 SMP Tue Sep 6 20:57:11 EDT 2011 x86_64 x86_64 x86_64 GNU/Linux

[root@server httpd]# httpd -v
Server version: Apache/2.2.3
Server built:   Oct 20 2011 17:00:12

[root@server httpd]# ls -al http.ktb
-rw------- 1 apache apache 144 Dec  6 08:56 http.ktb

[root@server httpd]# /opt/likewise/bin/klist -k http.ktb

Keytab name: WRFILE:http.ktb
KVNO Principal

4 HTTP/server.company.local@company.local

5 HTTP/server@company.local

And these are the errors I keep getting, and I haven't found a proper list explaining the error messages either so I'm in the dark here.

[Tue Dec 06 08:58:07 2011] [error] [client 192.168.1.140] failed to verify krb5 credentials: Unknown code krb5 147

Anyone have a clue? I've reread the guide multiple times.

Best Regards Lars

Answer 1

I managed to sort this out with help from Beyond Trust's help, here's how: http://forum.beyondtrust.com/viewthread/31591/

Answer 2

I'm very sorry, I'll fix it. To make things clearer for future visitors, this is what I did:

I recreated the keytabs file with capital letters on the COMPANY.LOCAL part using the same command as stated in the guide before

(ktpass /out keytabfile /princ HTTP/rhel5d.likewisedemo.com@LIKEWISEDEMO.COM /pass SkiAlta2008 /mapuser likewisedemo\httpUser /ptype KRB5_NT_PRINCIPAL)

I later changed the KrbAuthRealms statement in /etc/httpd/conf/httpd.conf to also have capital letters and voilá.

Regards