Data Loss Prevention

 View Only

  • 1.  KRB5.ini File and Active Directory Authentication

    Posted Apr 17, 2013 11:18 AM

    Ran around in circles attempting to log in to the Enforce console with Active Directory credentials. Everything appeared to be set correctly, but no success.

    * Make sure you follow the guide and CAPITALIZE names.

    What ended up working for me is renaming C:\Windows\krb5.ini to C:\Windows\KRB5.ini . Make the change is reflected in the Enforce console, restart Vontu services (or reboot the server), logon with AD credentials using account(s) you created under Users in the console.



  • 2.  RE: KRB5.ini File and Active Directory Authentication

    Posted Apr 17, 2013 02:07 PM

    I've found the capitalization of the krb5.ini file itself is not required however case dOeS matter.  Most of the time it is matching exactly what I have setup in the krb5.ini file to match exactly the same item in the Enforce UI.

    AD authenication usually takes the most time at the customers I work w/ as they need to involve mulitple groups at times to understand how thier AD is setup and what I need to use.



  • 3.  RE: KRB5.ini File and Active Directory Authentication

    Posted Apr 17, 2013 02:45 PM

    Hi Ethan,

    Please  refer below this will help you to resolve the issue

    https://www-secure.symantec.com/connect/forums/active-directory-authentication-whole-group#comment-6757081

    https://www-secure.symantec.com/connect/forums/ad-user-authentication-dlp-reporting-and-updating-api

    https://www-secure.symantec.com/connect/forums/symantec-vontu-dlp-login-problem-after-enabling-ad-authentication



  • 4.  RE: KRB5.ini File and Active Directory Authentication

    Posted Apr 17, 2013 08:39 PM

    Hi,

    Just to clarify he wasn't looking for help with this, just posting some help for others to find more information about.

     



  • 5.  RE: KRB5.ini File and Active Directory Authentication

    Posted Apr 17, 2013 09:32 PM

    I agree. Changing the letters in the filename to caps came after checking and rechecking multiple settings and working with team members from other groups. The difference in the filename was noticed while I compared settings from another environment where AD authentication was working.



  • 6.  RE: KRB5.ini File and Active Directory Authentication

    Trusted Advisor
    Posted Apr 23, 2013 01:33 AM

    Also to provide more info...

    You may need to configure the KRB5.ini file to use encrypted connections to the Active directory servers..

     

    [libdefaults]
               default_realm = DOMAIN.COM
               default_tkt_enctypes = RC4-HMAC, DES-CBC-CRC, DES3-CBC-SHA1,DES-CBC-MD5
               default_tgs_enctypes = RC4-HMAC, DES-CBC-CRC, DES3-CBC-SHA1, DES-CBC-MD5
               
    [realms]
           DDPV.COM = {
                        kdc = DC01.DOMAIN.COM
                               kdc = DC02.DOMAIN.COM
                        }