Here is a step that may help You to debug the error above.
Today I was setting up SSO on a Drupal page against MS AD. Something went wrong and I found the following message in site’s error_log:
gss_accept_sec_context() failed: An unsupported mechanism was requested (, Unknown error)
Let’s modify a little bit apache’s config, and add this to appropriate place (global or vhost level):
Restart apache and check the log again:
kerb_authenticate_user entered with user (NULL) and auth_type Kerberos Acquiring creds for HTTP/intranet.kesz.hu@KESZ.HU Verifying client data using KRB5 GSS-API Client didn't delegate us their credential Warning: received token seems to be NTLM, which isn't supported by the Kerberos module. Check your IE configuration. GSS-API major_status:00010000, minor_status:00000000 gss_accept_sec_context() failed: An unsupported mechanism was requested (, Unknown error)
So the real problem was: Warning: received token seems to be NTLM, which isn’t supported by the Kerberos module. That is much more informative than the unknown error we had before!
Dont forget to set back LogLevel after You finished because the log file fast becomes really large…