Windows AD/SSO not working in BI 4.1 SP 06, kinit works!!

Hello to everybody,

I am trying to make the configuration AD/SSO for a BI 4.1 SP06, I did not have any problem genereting the ticket, kinit works. However, once I added the options in TOMCAT, the manual authentification does not  work, when i try the manual authentification ()

I receive the next message from the BI launch Pad:

Informations de compte non reconnues : L'authentification Active Directory n'a pas pu vous connecter. Veuillez contacter votre administrateur système pour vous assurer que vous êtes membre d'un groupe mappé correct et essayez de nouveau. Si vous n'êtes pas membre du domaine par défaut, saisissez votre nom d'utilisateur sous la forme NomUtilisateur@NomDomaine_DNS et réessayez. (FWM 00006)

From file stdout:

Debug is  true storeKey false useTicketCache false useKeyTab false doNotPrompt false ticketCache is null isInitiator true KeyTab is null refreshKrb5Config is false principal is null tryFirstPass is false useFirstPass is false storePass is false clearPass is false

        [Krb5LoginModule] user entered username: beaubreuil@france.cfpb.intra

Acquire TGT using AS Exchange

        [Krb5LoginModule] authentication failed

Cannot get kdc for realm france.cfpb.intra

Here is what i've configured:

My Java settings

-Djava.security.auth.login.config=C:\Windows\bscLogin.conf

-Djava.security.krb5.conf=C:\Windows\krb5.ini

My bscLogin.con

com.businessobjects.security.jgss.initiate{

com.sun.security.auth.module.Krb5LoginModule required debug=true;

};

My krb5.ini

[libdefaults]

default_realm = FRANCE.CFPB.INTRA

dns_lookup_kdc = true

dns_lookup_realm = true

default_tgs_enctypes = rc4-hmac

default_tkt_enctypes = rc4-hmac

udp_preference_limit = 1

[domain_realm]

.france.cfpb.intra = FRANCE.CFPB.INTRA

france.cfpb.intra = FRANCE.CFPB.INTRA
[realms]

FRANCE.CFPB.INTRA={

kdc = frcfpargdcdns13.FRANCE.CFPB.INTRA

default_domain = FRANCE.CFPB.INTRA

}

My BIlanchpad.properties

authentication.visible=true

authentication.default=secWinAD

My SPn

HTTP/frcfparboxi02.france.cfpb.intra

    HTTP/frcfparboxi02

    BICMS/frcfparboxi02

    BICMS/frcfparboxi02.france.cfpb.intra

    BICMS/cpt.bo.france.cfpb.intra

Any ideas, i am really open to try any kind of suggestions.

btw... the client told me about the protocol NTLM (they are not quite happy with kerberos) and they don't work with this protocol. I have to questions, there is a procedure to make the configfuration AD/SSO with NTLM instead of kerberos?, and there is a ppossibility that the client dones not have the right kdc configuration?

Thanks in adavnce!!!!!