powered by Jive Software

SSO breaks for random users.. works after AD password change?


I have a problem…

I have Openfire 3.6.3 installed on a Centos 5 linux box, setup to look to AD for it’s userbase with message archiving and IM Gateway plugins installed (although IM Gateway is not used at this point), I have a Citrix environment on W2k3 servers, with one W2k3 domain controller. I have the latest Spark installed on the Terminal Servers setup to use SSO, with the Keytab for SSO generated from the regular articles plus this one http://www.igniterealtime.org/community/docs/DOC-1522.

While SSO is working fine for most users I have rolled it out to, every few days, maybe 3 a week, a particular user will not be able to login with SSO and receives the “check principal and server settings” error mesg. They will be able (and will be forced) to login manually and apparently will only be able to login through SSO again when they have changed their Windows AD user password through their Windows session.

Any idea why this is happening please and how to prevent it? I’m not the biggest expert on Java keytabs… Can’t see anything at all in the logs regarding this, but can give a spark diagnostic when an affected user logs in…

Thanks for any help offered.


Any one got any ideas? Please?

even some pointers to go an investigate would be helpful if anyone has any?