4 Replies Latest reply on Mar 11, 2015 12:20 PM by Matt Coles

    Load balancer / Kerberos config

    Jeff Strauss

      Zach Yuzer

       

      I'm attempting to setup a load balancer with SSO via Kerberos.  Prior to unchecking "enable auto-login" I just get a signin failed.  After unchecking "enable auto-login" and enabling Kerberos setup, I receive a 502 "bad gateway" from nginx.

       

      the URL entry point (right now via a host file on my workstation) is insights-dev.cnvrmedia.net and it points at the active nginx test load balancer 10.110.248.20.  My machine IP is 10.28.178.166, the only reason I mention this is because it shows up in the logs.

       

      The gateway config has been established via, see the attached yml if interested:

      tabadmin set gateway.public.host "insights-dev.cnvrmedia.net"

      tabadmin set gateway.public.port "80"

      tabadmin set gateway.trusted "10.110.248.19,10.110.248.20"

      tabadmin set gateway.trusted_hosts --default

       

      the load balancer points at ord-tbldev101.corp.valueclick.com and ord-tbldev102.corp.valueclick.com, right now keep-alive is turned off and x-forwarded-for, x-forwarded-proto and x-forwarded-host are established.

       

      See attached KerberosConfig.bat, I am suspecting that the last line should point at insights-dev.cnvrmedia.net instead of insights-dev.cnvrmedia.net.corp.valueclick.com, but I am not sure.  Error within log:  [Wed Feb 25 16:46:03.135786 2015] [:error] [pid 6476:tid 8952] [client 10.110.248.20:45916] gss_acquire_cred() failed: Unspecified GSS failure.  Minor code may provide more information (, No key table entry found matching HTTP/insights-dev.cnvrmedia.net@)

       

      Also attached is the dev arch setup, the tableau httpd access log, the httpd error log, and the yml.  I don't have easy access to my nginx log, nginx config, but could get it if needed.

       

       

       

      thanks.  Jeff