Staff

Technical Tip: How to use krb_test tool on FortiADC

Forum|Forum|1 year ago
December 12, 2024
0 replies
844 views

Description

This article describes how to use the krb_test tool for Kerberos authentication testing and troubleshooting purposes on FortiADC using the CLI.

Scope

FortiADC.

Solution

Enter the command below to clear credential cache and keytab:

diagnose system krb_test -d

Cleared!

Modify the command below using the required data before testing:

diagnose system krb_test s <SPN> -u <UPN> -n <delegator principal name> -p <delegator password>

For example: the command output below indicates an incorrect delegator account password has been used.

diagnose system krb_test -s http/www218.example.test@EXAMPLE.TEST -u adclocal2@EXAMPLE.TEST -n host/proxyadmin@EXAMPLE.TEST -p fortinet
== Initialize Kerberos context ==
== TKT status 0 ==
line: 837 errcode(-1765328360) Preauthentication failed
== KRB AS Failed ==

See the FortiADC administration guide for more information.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded