Jamf Connect - Kerberos Tickets not generating

zekgrafic
New Contributor

Hi all,

New to this sub so I thought I would make a start with an interesting one.

I've got jamf pro and jamf connect setup with Azure AD and working for the most part.

Apart from the actual connect dialogue box closes instantly and doesn't actually log in. After some digging, I found that it's failing with the error...

Kerberos Authentication Failed with error: KerbError

Helpful and awfully generic, I know.

I can confirm that not ticket is present after logging in by running "klist".

If I run "kinit" it'll prompt me for passwords and then everything works as expected, firewall auth, smbs connect without prompting for credentials (When the account in use has permissions).

I've got a ticket open with Jamf, they've not been too helpful as the ticket has been open for 8 days without a response from them! They've even tried closing the ticket.

I'm at a loss, I want to get this project wrapped up by August and this is the final step, getting kerberos working and auto mapping of user drives...

Thanks for any suggestions in advance!

6 REPLIES 6

rqomsiya
Contributor III

Hi @zekgrafic : Did you ever find resolution for this issue? 

red_beard
New Contributor III

I'm having this same issue when testing our new Jamf Connect setup. Everything else works as expected, but no Kerberos tickets are being created. 

 

Jamf Connect version 2.30.0 (same behavior on previous release as well)

M2 Macbook air, Ventura 13.6.1

red_beard
New Contributor III

As a follow-up, my issue was resolved after identifying a difference in Azure/Entra Cloud information and AD on-prem settings related to the Azure/Entra shortname.

We were using first initial last name with our on-prem AD but our Entra cloud is using our email address as the username. After we pointed the shortname field to the correct field for our cloud instance then we started to get Kerberos tickets.

Hello,

or Entra ID we are using e-mail address as login name. For shortname I am able to resolve correct information (using Extension Attribute). Still, I am not getting Kerberos ticket automatically. Can you send me a copy of shortname key configuration for Jamf Connect menu bar?

red_beard
New Contributor III

We are still on Jamf Connect 2.29 because the more current versions of Jamf Connect haven't allowed us to automatically get a ticket or have them be more persistent after a reboot, etc... I haven't tested the last couple of releases yet but from their release notes I don't know if they'll improve the situation. 

TexasITAdmin
New Contributor III

Did you ever find any solutions to this issue?  
It doesn't occur in version 2.22 and below but anything after that I am having the issue were the kerberos tickets are not automatically generating. 

However, the one workaround I have found is if I open up terminal and enter in 

open jamfconnect://kick
or
open jamfconnect://login

The kerberos tickets then are generated normally.

So If I create a login script to always run one of those commands it should resolve it for the short term.