Hi guys,

 I have a good old problem with accessing kerberized web http url from my browser, bumping into an error:

HTTP Status 403 - GSSException: Defective token detected (Mechanism level: GSSHeader did not find the right tag)

My environment is a lab, so I have a non-domain computer (not joined to the Active Directory), I have Kerberos KDC running in one linux server, and then several linux servers running Hadoop. The cluster is kerberized, inside the cluster everything works with tickets (hdfs, impala-shell) but from outside I cant access the secured Solr site (and also I assume other sites, as namenode, resource manager web ui, it those would be secured as well).

I tried to google around this problem, read all posts here about spnego, tried everything so far:

1. adding the server running of the Solr into the trusted zones.

2. Downloaded Kerberos client for Windows, and sucessfully acquired a ticket

3. Under Run as Admin cmd: ksetup /addkdc MYREALM.LOCAL <kdchostip>

                                               ksetup /addhosttorealmmap <solrhost> MYREALM.LOCAL

4. Tried Chrome, IE, FireFox

But nothing helped. I guess the error is obvious, because the browser don't know WHERE  to contact the hadoop KDC server, even if I did the ksetup, it didnt helped. 

Running curl from any of the hadoop nodes:

 1. kinit hdpuser

 2. curl --negotiate -u : http://192.168.20.41:8983/solr/

works fine so the problem is around my browser, my OS or DNS or I dont know.

Any hints?