Support Questions

rohit_khose · ‎03-07-2018

KrbException: Server not found in Kerberos database (7) - LOOKING_UP_SERVER at sun.security.krb5.KrbTgsRep.<init>(KrbTgsRep.java:73) at sun.security.krb5.KrbTgsReq.getReply(KrbTgsReq.java:251) at sun.security.krb5.KrbTgsReq.sendAndGetCreds(KrbTgsReq.java:262) at sun.security.krb5.internal.CredentialsUtil.serviceCreds(CredentialsUtil.java:308) at sun.security.krb5.internal.CredentialsUtil.acquireServiceCreds(CredentialsUtil.java:126) at sun.security.krb5.Credentials.acquireServiceCreds(Credentials.java:458) at sun.security.jgss.krb5.Krb5Context.initSecContext(Krb5Context.java:693) at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:248) at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:179) at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:192) at org.apache.zookeeper.client.ZooKeeperSaslClient$2.run(ZooKeeperSaslClient.java:366) at org.apache.zookeeper.client.ZooKeeperSaslClient$2.run(ZooKeeperSaslClient.java:363) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAs(Subject.java:422) at org.apache.zookeeper.client.ZooKeeperSaslClient.createSaslToken(ZooKeeperSaslClient.java:362) at org.apache.zookeeper.client.ZooKeeperSaslClient.createSaslToken(ZooKeeperSaslClient.java:348) at org.apache.zookeeper.client.ZooKeeperSaslClient.sendSaslPacket(ZooKeeperSaslClient.java:420) at org.apache.zookeeper.client.ZooKeeperSaslClient.initialize(ZooKeeperSaslClient.java:458) at org.apache.zookeeper.ClientCnxn$SendThread.run(ClientCnxn.java:1013) Caused by: KrbException: Identifier doesn't match expected value (906) at sun.security.krb5.internal.KDCRep.init(KDCRep.java:140) at sun.security.krb5.internal.TGSRep.init(TGSRep.java:65) at sun.security.krb5.internal.TGSRep.<init>(TGSRep.java:60) at sun.security.krb5.KrbTgsRep.<init>(KrbTgsRep.java:55)

matt_andruff · ‎05-02-2018

Did you ever figure it out. i"m facing the same issue.

kbkreddy · ‎10-03-2018

Am seeing the same issue? Did you find a way to workaround this issue?

svasi · ‎04-27-2020

Hi.

Has your client machine a valid kerberos client setup?
Is it's krb5.ini, or krb5.conf for windows machines, coherent with underlying kerberos server setup?

Stefano

xsgao · ‎03-21-2022

Make sure username is in lower case and domain name is in upper case when generating keytab using ktpass command.

This is right: ktpass .... -mapUser user@EXAMPLE.COM

This is wrong: ktpass .... -mapUser USER@EXAMPLE.COM or user@example.com

quanlong · ‎12-17-2023

Saw the same issue and debug it by adding Java option

-Dsun.security.krb5.debug=true

In the logs, I found the IP address of KDC is shown instead of the hostname. That's suspicious. So I tried adding the IP -> hostname mapping of the KDC server in /etc/hosts. It resolved the issue.

There could be other causes for your issue. The debug logs can show you more clues.