I've updated my K1000 to 5.5 and joined our AD domain, but I don't have an "Enable Single Sign On" box to check in the Security Settings control panel. Any idea how I might enable sso?


1 Comment   [ + ] Show Comment


  • also remember that the AD Schema needs to be W2k3R2 or above!
Please log in to comment

Community Chosen Answer


Maybe try unjoining and rejoining the domain as even though it is stated as joined when I checked my box the AD username is visible and in your shot it's not...something to try.

Answered 11/29/2013 by: jegolf
Red Belt

  • Thanks. The name is there, but I blocked it out before posting. I just tried unjoining and then doing a force join, but still no luck with the missing checkbox. I tried unjoining and force joining and got these errors in the log:
    VAS_ERR_LDAP ... Problem 4003 (INSUFF_ACCESS_RIGHTS) and

    I also saw something like "keytab not found" on the join page, but it isn't in the log.

    The kbox does actually appear to be joined, and an object was created in AD. I'm not the main domain admin, but the admin account I used does have full rights for creating computer objects and I have no problems joining Windows or Linux computers to the domain.
  • I forgot to add that ldap authentication is working fine, so it's only the join process that is returning ldap errors.
    • I was thinking it could be a permissions issue. The SSO process also creates a user account in the domain so make sure the account you're using has rights to do so...
      • I think you're right. I'm an admin for our dept OU, but not the domain. I created the kbox computer object in my OU before joining it to AD, but the logs show that it is still trying to create the object in the default computer container in the OU. I have just enough rights there for objects to be created during the join (if they aren't created manually beforehand).

        I've opened a ticket and asked if there is any way to have the object created in a specific OU where I have full rights. One thing that's interesting is that the object I pre-create does get updated with OS during the join and the kbox seems to recognize that it's in AD.
Please log in to comment



Can someone post an image that shows the "Enable Single Sign On" checkbox so I can see where it should be showing up on my kbox? Thanks.

Answered 12/04/2013 by: tpr
Fifth Degree Brown Belt

Please log in to comment
Answer this question or Comment on this question for clarity