Explanation: You do not have enough privileges to install the Kerberos Login Method for NMAS.
Possible Cause: You are either not an administrator or a user with administrator-equivalent rights to install the Kerberos Login Method for NMAS.
Action: Make sure that you log in as administrator or a user with administrator-equivalent rights and install the Kerberos Login Method for NMAS.
There are a number of possible causes for this error.
Possible Cause: The system time between the hosts are not synchronized.
Action: Synchronize the time between the NMAS Client host, the NMAS Server host, and the KDC host.
Possible Cause: The Realm object or the KDC object has not been configured properly.
Action: Configure all the mandatory attributes of the Realm object and the KDC Object with correct values.
Possible Cause: The User object does not contain the Principal name attribute.
Action: Extend the User object with ForeignPrincipalAux class and specify the krbForeignPrincipalName attribute.
Possible Cause: The hostname or address of the KDC Server has changed in Novell® eDirectoryTM and has not been updated in the krb.con file. (This file will be present in the Client Installed folder.)
Action: Update the krb.con file or delete it, so that the client can re-create this file with the updated values.
Possible Cause: The key of the service principal has not been extracted with the correct encryption type.
Action: Check the NMAS server log. If the encryption type does not match, extract the service principal's key with "encryption type":"salt" combination "des-cbc-crc":"normal" value.
Possible Cause: The KDC Server's host entry might not be present in DNS.
Action: Update the host entry of the KDC Server in DNS.
Action: Contact your Kerberos administrator to enable the user principal
Action: Contact your Kerberos administrator to enable the eDirectory service principal
Action: The specified ticket lifetime must be more than the minimum value set by the Kerberos policy. Contact you Kerberos administrator for the minimum ticket lifetime value.
Action: For this release, the Kerberos Login Method for NMAS supports only DES-CBC-CRC, DES-CBC-MD5, and DES3-CBC-MD5 encryption types. Contact your Kerberos administrator.
Action: Contact your Kerberos administrator for creating this principal or find out the correct principal name. Principal names are case-sensitive. Ensure that you specify the principal names with the proper case.
Possible Cause: The specified eDirectory service principal was not found in the Kerberos database.
Action: Contact your Kerberos administrator for creating this principal or find out the correct principal name. Principal names are case-sensitive. Ensure that you specify the principal names with the proper case.
Possible Cause: The Kerberos administrator has not yet enabled the user principal.
Action: Contact your Kerberos administrator for enabling this principal.
Possible Cause: The Kerberos administrator has not yet enabled the eDirectory service principal.
Action: Contact your Kerberos administrator for enabling this principal.
Possible Cause: The user principal password in the Kerberos database has expired.
Action: Contact your Kerberos administrator to enable the Kerberos password.
Possible Cause: An invalid password has been specified or the specified encryption type is not supported.
Action: You must have either specified a wrong password or the specified encryption type is not supported by the Kerberos Login Method for NMAS. For this release, only the DES-CBC-CRC, DES-CBC-MD5, and DES3-CBC-MD5 encryption types are supported. Contact your Kerberos administrator.
Possible Cause: The clock skew is more than 5 minutes between the eDirectory server being contacted, the client machine, and the KDC.
Action: Synchronize the time between the eDirectory server, the client machine, and the KDC used for obtaining tickets.
Possible Cause: The format of the hostname that is specified is invalid.
Action: Check whether the KDC hostname format specified in the krbHostServer attribute of the KDC object in eDirectory is correct.
Possible Cause: The KDC could not be contacted for the requested realm.
Action: The Kerberos Login Method for NMAS is unable to contact KDC because the KDC server might be down. Contact your Kerberos administrator.
Action: Check whether the KDC hostname/address specified in the krbHostServer attribute of the KDC object in eDirectory is correct.
There are a few possible causes for this error:
Possible Cause: The system might be running low in memory.
Action: Make sufficient free memory available on the system.
Possible Cause: The krb.con file is in Read-only mode and the required KDC information is not present.
Action: Update the KDC information in the krb.con file or delete it, so that the client can create it with the appropriate entries.