I'm trying to use FME Server's Active Directory integration to authenticate users. The connection works but fails soon after (and single sign on fails).
The account has permission to log on as a service and cross-domain trust is in place.
Any ideas?
Wed-26-Nov-2014 11:38:47 AM INFORM main 405404 : Transformation Manager init OK
Wed-26-Nov-2014 11:38:47 AM WARN main 408034 : (Active Directory) Key distribution centre (KDC) was not specified in configuration; using connected server as KDC.
Wed-26-Nov-2014 11:38:47 AM INFORM main 408001 : (Active Directory) Connecting to an available server in ( PRODUCTION.DOMAIN:389 )...
Wed-26-Nov-2014 11:38:47 AM INFORM main 408002 : (Active Directory) Successfully connected to PRODUCTION.DOMAIN.
Wed-26-Nov-2014 11:38:47 AM INFORM main 408004 : (Active Directory) Found default naming context "DC=production,DC=domain".
Wed-26-Nov-2014 11:38:47 AM INFORM main 408006 : (Active Directory) Using default NT domain "PRODUCTION".
Wed-26-Nov-2014 11:38:47 AM INFORM main 408037 : (Active Directory) Using connected server "PRODUCTION.DOMAIN" as KDC.
Wed-26-Nov-2014 11:38:47 AM INFORM main 408029 : (Active Directory) Found supported SASL mechanism "GSSAPI".
Wed-26-Nov-2014 11:38:47 AM INFORM main 408029 : (Active Directory) Found supported SASL mechanism "GSS-SPNEGO".
Wed-26-Nov-2014 11:38:47 AM INFORM main 408029 : (Active Directory) Found supported SASL mechanism "EXTERNAL".
Wed-26-Nov-2014 11:38:47 AM INFORM main 408029 : (Active Directory) Found supported SASL mechanism "DIGEST-MD5".
Wed-26-Nov-2014 11:38:47 AM INFORM main 408032 : (Active Directory) Configured to use SASL mechanism "GSSAPI" for authentication.
Wed-26-Nov-2014 11:38:47 AM INFORM main 408039 : (Active Directory) Authenticating user "AnFMEAccount@DEVELOPMENT.DOMAIN" using SASL mechanism "GSSAPI" with KDC address "PRODUCTION.DOMAIN" and realm "PRODUCTION"...
Wed-26-Nov-2014 11:38:47 AM INFORM main 408060 : (Active Directory) Successfully established a new connection to PRODUCTION.DOMAIN.
Wed-26-Nov-2014 11:38:47 AM ERROR main 408010 : (Active Directory) Exception: "LDAPException(resultCode=82 (local error), errorMessage='The GSSAPI authentication attempt failed: java.security.PrivilegedActionException: LDAPException(resultCode=82 (local error), errorMessage='Unable to create the initial GSSAPI SASL request: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Fail to create credential. (63) - No service creds)] caused by GSSException: No valid credentials provided (Mechanism level: Fail to create credential. (63) - No service creds) caused by KrbException: Fail to create credential. (63) - No service creds') caused by LDAPException(resultCode=82 (local error), errorMessage='Unable to create the initial GSSAPI SASL request: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Fail to create credential. (63) - No service creds)] caused by GSSException: No valid credentials provided (Mechanism level: Fail to create credential. (63) - No service creds) caused by KrbException: Fail to create credential. (63) - No service creds')LDAPException(resultCode=82 (local error), errorMessage='Unable to create the initial GSSAPI SASL request: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Fail to create credential. (63) - No service creds)] caused by GSSException: No valid credentials provided (Mechanism level: Fail to create credential. (63) - No service creds) caused by KrbException: Fail to create credential. (63) - No service creds') caused by javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Fail to create credential. (63) - No service creds)] caused by GSSException: No valid credentials provided (Mechanism level: Fail to create credential. (63) - No service creds) caused by KrbException: Fail to create credential. (63) - No service creds')"
Wed-26-Nov-2014 11:38:47 AM ERROR main 408003 : (Active Directory) Failed to connect to an available server, or no servers were available.
Wed-26-Nov-2014 11:38:47 AM FATAL main 405405 : Security Manager init FAILED
Wed-26-Nov-2014 11:38:47 AM INFORM main 405417 : Security Requests Dispatcher init OK
Wed-26-Nov-2014 11:38:47 AM INFORM main 405411 : Log Manager init OK
Wed-26-Nov-2014 11:38:47 AM INFORM main 408301 : Initializing cluster management ...
Wed-26-Nov-2014 11:38:47 AM INFORM main 408304 : Failover is disabled.
Wed-26-Nov-2014 11:38:47 AM INFORM main 000000 :
Best Answer
FME Server (LDAP - Lightweight Directory Access Protocol) is case sensitive
Issue LDAPException(resultCode=82 (local error is username/password failure due to case sensitive username/password
Source:
http://docs.safe.com/fme/html/FME_Server_Documentation/Default.htm#AdminGuide/Authent_Failure.htm