Why am I getting "Kerberos: Keytab unable to authenticate user"?

Article #: Product: Version:
KB-11 All All


Receiving the error in the logs ""Kerberos: Keytab unable to authenticate user".


You've changed the hostname for a domain-joined Smoothwall appliance, re-joined the Smoothwall to the domain and removed any computer accounts that were tied to the old hostname. But your users are being rejected when trying to authenticate, and you are seeing the above error in your Smoothwall logs.


It is recommended you check the following:

  • The Smoothwall hostname must be no larger than 15 characters (not including the DNS suffix)
  • Ensure the correct DNS servers are configured on the Smoothwall (Network > Configuration > DNS
  • “A” record has been created
  • PTR record has been created
  • Ensure the Smoothwall time has been synchronized with your domain controllers
    • There should be no more than 5 minutes difference
  • Ensure the devices requesting authentication are using the Smoothwall's fully qualified domain name (FQDN) in their proxy settings
  • Within Active Directory, ensure your users are in a global domain security group
    • Or a universal security group if they exist on a trusted sub-domain
  • Ensure the devices that proxy through the Smoothwall have been rebooted since the Smoothwall re-joined the domain
  • Add the Smoothwall Active Domain user to the domain's administrators
    • It may be that the template used to create the user account does not give permission to add or delete computer accounts
  • Remove the auto-generated computer account from your Active Directory
  • Remove any duplicated computer accounts — you may find duplicates for smoothwall:sid_number
  • Ensure the user who is receiving the failed Kerberos authentication error does not have a space in their username
  • Recreate the client Kerberos ticket klist purge
  • In your devices, ensure Enable Integrated Windows Authentication is selected in Advanced tab of Internet Properties


Last updated: Author: Contributions by:
28th April 2017 Samantha Nair