Symptom
When using SASL authentication (Kerberos V5), the following error appears in the log file:
(Active Directory) Exception: "LDAPException(resultCode=82 (local error), errorMessage='An error occurred while attempting to initialize the JAAS login context for GSSAPI authentication: javax.security.auth.login.LoginException: Pre-authentication information was invalid (24) caused by KrbException: Pre-authentication information was invalid (24) caused by KrbException: Identifier doesn't match expected value (906)')"
Or
(Active Directory) Exception: "LDAPException(resultCode=82 (local error), errorMessage='An error occurred while attempting to initialize the JAAS login context for GSSAPI authentication: javax.security.auth.login.LoginException: Client not found in Kerberos database (6) caused by KrbException: Client not found in Kerberos database (6) caused by KrbException: Identifier doesn't match expected value (906)')"
Cause
The username and/or password was incorrectly entered.
Resolution
Ensure that the username and password is correctly entered. Note that when using SASL authentication (Kerberos V5), the username is case-sensitive, and must match exactly the 'sAMAccountName' value for the account.
To get the user account name:
- From AD Explorer, connect to the Active Directory.
- Browse for and select the entry representing the user account.
- The user account name appears under the 'sAMAccountName' attribute.