/build/static/layout/Breadcrumb_cap_w.png

Browser user/pass popup when accessing K1000 box

We recently updated our K1000 machine, and afterwards errors appeared when logging in with the browser. When using user or admin interface it failes and prompts with the following security question (in edge, chrome and firefox). 

wD09AYpYw7VZQAAAABJRU5ErkJggg==

The url has sso/index.php in it. When cancelling this box, the default kace login prompt is asked and when entering credentials we can login.

When testing the ldap settings, it is ok. 


When checking the logs i see in the server error logs:

[auth_vas4:error] [pid 97206:tid 34382624000] [client *******5:57486] initialize_user: Failed to initialize user for user@upn: No error message available


and in the user authenticated log:

[2020-05-04 12:03:31 +0200] AUTH [info] user - ******* - adminui - Default - LDAP - success

[2020-05-04 12:03:31 +0200] AUTH [info] user - ******* - adminui - Default - systemui Local Authentication - failed

I do not know if these messages has anything to do with it, but it shows the ldap authentication is working.


When i enter credentials in the popup of the browser, the page is not shown (This page can’t be displayed), when refreshing the page, the login page of the appliance is shown and we can login with ldap credentials.


Can you help to troubleshoot. 


Thanks in advance.


0 Comments   [ + ] Show comments

Answers (4)

Answer Summary:
Posted by: KevinG 3 years ago
Red Belt
0

It appears that you may have SSO enabled in  Settings › Control Panel › Security Settings.

Have you verified the SSO settings or disabled SSO to see if the issue goes away?



Comments:
  • Thanks, but when i disable the settings here, i need to use local accounts. I do want to use Active directory accounts, so shouldn't i keep the single sign on enabled here? - bleeuwen 3 years ago
  • SSO is now disabled and the errors is not there anymore. Only issue is that we do need to login now (better then a login popup or error) - bleeuwen 3 years ago
Posted by: bleeuwen 3 years ago
White Belt
0

We are trying to unjoin/join the domain again. But we are running into issues. The unjoin does not work and gives the following error: KRB5_KDC_UNREACH (-1765328228): Cannot contact any KDC for requested realm. Reason: unable to reach any KDC in realm ****


Network settings have been setup right and the server should be able to connect to the DC's (otherwise we can't use LDAP i guess). I can't find the machine in the domain. Is this because the machine unjoined but isn't aware of it?

Posted by: KevinG 3 years ago
Red Belt
0

KRB5_KDC_UNREACH  May be a DNS issue.

You may want to verify that you are using the correct DNS server in your network setting in the appliance and that it is reachable from the SMA.


Comments:
  • They should be reachable, but how can i check this within the K1000? LDAP authorizations and other functions are working fine, therefore i recon the network should not be a problem. - bleeuwen 3 years ago
Posted by: bleeuwen 3 years ago
White Belt
0

Top Answer

With the help of support we figured it out. We ended up in rejoining the machine into the AD, and adding a second serverprincipalname to the supportdesk-http account. After that the SSO was working. 

Thanks for your help! 

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login

Share

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ