I am using a Windows 2022 Server running the active directory (server.local) and a Debian 10 Server running Apache.
When accessing the Site with Chrome or Internet Explorer it returns a 401 Status Code and the error.log has an
gss_accept_sec_context() failed: An unsupported mechanism was requested (, Unknown error) error in it.
Things I have already checked/done:
- As suggested here Browsermatch and regenerate Keytab File
- Check that Apache has access to the file
- Set Site as Intranet Website in Internet Explorer
I created the Config following this Tutorial
krb5.conf File
[libdefaults]
default_realm = SERVER.LOCAL
[realms]
SERVER.LOCAL = {
kdc = SERVER.LOCAL
master_kdc = SERVER.LOCAL
admin_server = SERVER.LOCAL
default_domain = SERVER.LOCAL
}
[login]
krb4_convert = true
krb4_get_tickets = false
Keytab Creation Command
ktpass -princ HTTP/debian@SERVER.LOCAL -mapuser suakerberos@SERVER.LOCAL -crypto RC4-HMAC-NT -ptype KRB5_NT_PRINCIPAL -pass "Passwort123@" -out c:\krb5.keytab -in c:\krb5.keytab
My apache2.conf
AuthType Kerberos
BrowserMatch Windows gssapi-no-negotiate
KrbAuthRealms SERVER.LOCAL
KrbServiceName HTTP
Krb5Keytab /etc/krb5.keytab
KrbMethodNegotiate on
KrbMethodK5Passwd off
require valid-user
</Directory>
Any help is appreciated
