Environment
Novell ZENworks Configuration Management 2017
Situation
With Kerberos authentication, SLED satellite fails to authenticate users.
ERROR (from ats.log):
[WARN] [04/14/2017 14:48:49.511] [4842] [ATS] [143] [root] [CASAServer] [] [(ClientAddr=192.168.0.8)Krb5Token Constructor()- GSS Exception caught: Failure unspecified at GSS-API level (Mechanism level: Invalid argument (400) - Cannot find key of appropriate type to decrypt AP REP - RC4 with HMAC)] [authtoksvc.Krb5Authenticate$Krb5Token] [] [] [CASA]
[WARN] [04/14/2017 14:48:49.512] [4842] [ATS] [143] [root] [CASAServer] [] [(ClientAddr=192.168.0.8)invoke()- Exception: java.lang.Exception: Authentication Failure] [authtoksvc.Krb5Authenticate] [] [] [CASA]
Resolution
This is fixed in ZENworks 2017 Update 1 and later.
- On the authentication satellite make a backup of this file:
/etc/CASA/authtoken/svc/casa-jaas.conf - Edit the above file manually replace this:
keyTab="KEYTAB_FILE"
with this
keyTab="/etc/CASA/authtoken/svc/kerberos.keytab" - Restart the ZENworks Agent Service on the satellite:
/etc/init.d/novell-zenworks-xplatzmd restart