Help

Jamf Connect - Kerberos Tickets not generating

zekgrafic
New Contributor

Posted on ‎07-22-2022 11:39 PM

Hi all,

New to this sub so I thought I would make a start with an interesting one.

I've got jamf pro and jamf connect setup with Azure AD and working for the most part.

Apart from the actual connect dialogue box closes instantly and doesn't actually log in. After some digging, I found that it's failing with the error...

Kerberos Authentication Failed with error: KerbError

Helpful and awfully generic, I know.

I can confirm that not ticket is present after logging in by running "klist".

If I run "kinit" it'll prompt me for passwords and then everything works as expected, firewall auth, smbs connect without prompting for credentials (When the account in use has permissions).

I've got a ticket open with Jamf, they've not been too helpful as the ticket has been open for 8 days without a response from them! They've even tried closing the ticket.

I'm at a loss, I want to get this project wrapped up by August and this is the final step, getting kerberos working and auto mapping of user drives...

Thanks for any suggestions in advance!

https://9apps.ooo/
0 Kudos
Reply
6 REPLIES 6

rqomsiya
Contributor III

Posted on ‎03-14-2023 05:53 PM

Hi @zekgrafic : Did you ever find resolution for this issue? 

0 Kudos
Reply

red_beard
Contributor

Posted on ‎12-15-2023 01:47 PM

I'm having this same issue when testing our new Jamf Connect setup. Everything else works as expected, but no Kerberos tickets are being created. 

 

Jamf Connect version 2.30.0 (same behavior on previous release as well)

M2 Macbook air, Ventura 13.6.1

0 Kudos
Reply

red_beard
Contributor
In response to red_beard

Posted on ‎12-18-2023 09:07 AM

As a follow-up, my issue was resolved after identifying a difference in Azure/Entra Cloud information and AD on-prem settings related to the Azure/Entra shortname.

We were using first initial last name with our on-prem AD but our Entra cloud is using our email address as the username. After we pointed the shortname field to the correct field for our cloud instance then we started to get Kerberos tickets.

Reply

RodriguezF
New Contributor
In response to red_beard

Posted on ‎06-24-2024 11:31 PM

Hello,

or Entra ID we are using e-mail address as login name. For shortname I am able to resolve correct information (using Extension Attribute). Still, I am not getting Kerberos ticket automatically. Can you send me a copy of shortname key configuration for Jamf Connect menu bar?

0 Kudos
Reply

red_beard
Contributor
In response to RodriguezF

Posted on ‎06-26-2024 07:01 AM

We are still on Jamf Connect 2.29 because the more current versions of Jamf Connect haven't allowed us to automatically get a ticket or have them be more persistent after a reboot, etc... I haven't tested the last couple of releases yet but from their release notes I don't know if they'll improve the situation. 

0 Kudos
Reply

TexasITAdmin
New Contributor III

Posted on ‎02-28-2024 08:38 AM

Did you ever find any solutions to this issue?  
It doesn't occur in version 2.22 and below but anything after that I am having the issue were the kerberos tickets are not automatically generating. 

However, the one workaround I have found is if I open up terminal and enter in 

open jamfconnect://kick
or
open jamfconnect://login

The kerberos tickets then are generated normally.

So If I create a login script to always run one of those commands it should resolve it for the short term.

Reply