I am working to setup Kerberos authentication in a Proxy HA configuration. I set the hostname in the SPN to be the hostname of the VIP of the Proxy HA. In the authentication debug logs I get the 'Wrong Principal in Request' error for Kerberos. Do I need to add SPNs for each individual proxy device?
Solved! Go to Solution.
Did you modify the keytab or the user to add the SPN (you should only need to modify the user)? In either case you shouldnt need to regenerate the keytab.
Also what was the command you used to generate the initial keytab? I had another customer generating the keytab with the -setupn flag, and it gave the same error.
The issue was resolved. Our AD guy changed the crypto parameter and Kerberos now authenticates. Not sure what command he used, but I think he followed the procedure on the community guide for Kerberos.
Thanks all for the help!
McAfee Service Portal customers please use your existing username and password to log into the community.