Client not found in Kerberos database with Time and Attendance
Trying to login to Time and Attendance with Kerberos authentication returns Client not found in Kerberos Database
Kerberos
Time and Attendance
ExecuTime
ET
Active Directory account not able to successfully communicate with ExecuTime
Verify Active Directory user account
Check if username in AD and ExecuTime match exactly
Check if AD account is locked
Check if AD account password is about to expire or has expired
Both of these will trigger a bad login. Reset the password.
Kerberos (Unix) is not the same as Microsoft's LDAP.Â
Kerberos uses port 88 while LDAP uses ports 339 and 636.
Application Logic for authentication:
  1. User enters in a User/Pw pair of values
  2. The app looks up the provided user name in the DB
    a. Doesn’t find a match – Fail
    b. Finds a match
      i. It then examines the flag for Kerberos authentication
        1) Not set – compares provided Pw with what is in the DB – Go or No go depending on the result
        2) Set to Kerberos Authentication
          a) Pre-pends the REALM to the user, and then passes the pair to the DC for validation. Either Go or no Go. Technically the call will receive back a ‘0’ for ‘good’, or some goofy message (like ‘Client not found in Kerberos database (6)’ ) where the DC gives some incredibly terse value as to why this isn’t valid. Note: the User/Pw pair that is passed is the one entered. This process doesn’t use any ‘stored’ values here (other than referencing the username from the DB)
Â