Knowledge Base

The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides
 
Search the VMware Knowledge Base (KB)   View by Article ID
 

ESX Server 2.5.x Preauthentication Issue

Details

SSH authentication against Windows 2003 Active Directory does not work until the Active Directory account option Do not require Kerberos preauthentication is activated.
 
You might see entries similar to the following in /var/log/messages :

devvm01 vmware-authd(pam_unix)[28580]: authentication failure; l
ogname= uid=99 euid=0 tty= ruser= rhost=  user=jcool
devvm01 vmware-authd[28580]: pam_krb5: authenticate error: KRB5
error code 52 (-1765328332)
devvm01 vmware-authd[28580]: pam_krb5: authentication fails for
`jcool'
 

Solution

From a Microsoft Tech Note on preauthentication: "...preauthentication can be disabled for individual accounts when this is necessary for compatibility with other implementations of the protocol."
 
To disable preauthentication in Active Directory:
  1. Right-click the User object in Active Directory Users and Computers.
  2. Click Properties.
  3. Click the Account tab.
  4. In the Account options list, check Do not require Kerberos preauthentication.

Keywords

win23K AD alertz

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.
What can we do to improve this information? (4000 or fewer characters)
Actions
KB: