directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ahmet Çağrı Şimşek <acsim...@gmail.com>
Subject Apache DS on Windows Server 2008 with Kerberos
Date Wed, 04 Jan 2012 16:28:26 GMT
Hello there,

I installed Apache DS 1.5.7 on Windows Server 2008 R2 with Kerberos enabled.
I followed the instructions here
http://directory.apache.org/apacheds/1.5/543-kerberos-in-apacheds-155.html.
I added the my users like the example ldif file of the official
instructions. Users got their krb keys.

But when i try to authenticate with Apache Directory Studio using Kerberos
authentication as told in the instructions.
I get ERROR 35 "Ticket isn't for us".

I tried googling this issuebut i couldnt solve it on my own.
Any help will be greatly appreciated.

Here is the server log

STATUS | wrapper  | 2012/01/04 18:03:07 | --> Wrapper Started as Service
STATUS | wrapper  | 2012/01/04 18:03:07 | Launching a JVM...
INFO   | jvm 1    | 2012/01/04 18:03:09 | Wrapper (Version 3.2.3)
http://wrapper.tanukisoftware.org
INFO   | jvm 1    | 2012/01/04 18:03:09 |   Copyright 1999-2006 Tanuki
Software, Inc.  All Rights Reserved.
INFO   | jvm 1    | 2012/01/04 18:03:09 |
INFO   | jvm 1    | 2012/01/04 18:03:09 |            _
_          ____  ____
INFO   | jvm 1    | 2012/01/04 18:03:09 |           / \   _ __    ___  ___|
|__   ___|  _ \/ ___|
INFO   | jvm 1    | 2012/01/04 18:03:09 |          / _ \ | '_ \ / _` |/ __|
'_ \ / _ \ | | \___ \
INFO   | jvm 1    | 2012/01/04 18:03:09 |         / ___ \| |_) | (_| | (__|
| | |  __/ |_| |___) |
INFO   | jvm 1    | 2012/01/04 18:03:09 |        /_/   \_\ .__/
\__,_|\___|_| |_|\___|____/|____/
INFO   | jvm 1    | 2012/01/04 18:03:09 |                |_|

INFO   | jvm 1    | 2012/01/04 18:03:09 |
INFO   | jvm 1    | 2012/01/04 18:03:13 | [18:03:13] WARN
[org.apache.directory.shared.ldap.ldif.LdifReader] - No version information
: assuming version: 1
INFO   | jvm 1    | 2012/01/04 18:03:16 | [18:03:16] WARN
[org.apache.directory.shared.ldap.ldif.LdifReader] - No version information
: assuming version: 1
INFO   | jvm 1    | 2012/01/04 18:03:16 | [18:03:16] WARN
[org.apache.directory.shared.ldap.ldif.LdifReader] - No version information
: assuming version: 1
INFO   | jvm 1    | 2012/01/04 18:03:16 | [18:03:16] WARN
[org.apache.directory.shared.ldap.ldif.LdifReader] - No version information
: assuming version: 1
INFO   | jvm 1    | 2012/01/04 18:03:25 | [18:03:25] WARN
[org.apache.directory.shared.ldap.ldif.LdifReader] - No version information
: assuming version: 1
INFO   | jvm 1    | 2012/01/04 18:03:25 | [18:03:25] WARN
[org.apache.directory.shared.ldap.ldif.LdifReader] - No version information
: assuming version: 1
INFO   | jvm 1    | 2012/01/04 18:03:25 | [18:03:25] WARN
[org.apache.directory.shared.ldap.ldif.LdifReader] - No version information
: assuming version: 1
INFO   | jvm 1    | 2012/01/04 18:03:25 | [18:03:25] WARN
[org.apache.directory.shared.ldap.ldif.LdifReader] - No version information
: assuming version: 1
INFO   | jvm 1    | 2012/01/04 18:03:25 | [18:03:25] WARN
[org.apache.directory.shared.ldap.ldif.LdifReader] - No version information
: assuming version: 1
INFO   | jvm 1    | 2012/01/04 18:03:25 | [18:03:25] WARN
[org.apache.directory.shared.ldap.ldif.LdifReader] - No version information
: assuming version: 1
INFO   | jvm 1    | 2012/01/04 18:03:25 | [18:03:25] WARN
[org.apache.directory.shared.ldap.ldif.LdifReader] - No version information
: assuming version: 1
INFO   | jvm 1    | 2012/01/04 18:03:25 | [18:03:25] WARN
[org.apache.directory.shared.ldap.ldif.LdifReader] - No version information
: assuming version: 1
INFO   | jvm 1    | 2012/01/04 18:03:25 | [18:03:25] WARN
[org.apache.directory.shared.ldap.ldif.LdifReader] - No version information
: assuming version: 1
INFO   | jvm 1    | 2012/01/04 18:03:29 | [18:03:29] ERROR
[org.apache.directory.shared.ldap.entry.DefaultServerAttribute] - ERR_04450
The value {0} is incorrect, it hasnt been added
INFO   | jvm 1    | 2012/01/04 18:03:29 | [18:03:29] ERROR
[org.apache.directory.shared.ldap.entry.DefaultServerAttribute] - ERR_04450
The value {0} is incorrect, it hasnt been added
INFO   | jvm 1    | 2012/01/04 18:03:29 | [18:03:29] ERROR
[org.apache.directory.shared.ldap.entry.DefaultServerAttribute] - ERR_04450
The value {0} is incorrect, it hasnt been added
INFO   | jvm 1    | 2012/01/04 18:03:29 | [18:03:29] ERROR
[org.apache.directory.shared.ldap.entry.DefaultServerAttribute] - ERR_04450
The value {0} is incorrect, it hasnt been added
INFO   | jvm 1    | 2012/01/04 18:03:29 | [18:03:29] ERROR
[org.apache.directory.shared.ldap.entry.DefaultServerAttribute] - ERR_04450
The value {0} is incorrect, it hasnt been added
INFO   | jvm 1    | 2012/01/04 18:03:29 | [18:03:29] ERROR
[org.apache.directory.shared.ldap.entry.DefaultServerAttribute] - ERR_04450
The value {0} is incorrect, it hasnt been added
INFO   | jvm 1    | 2012/01/04 18:03:29 | [18:03:29] ERROR
[org.apache.directory.shared.ldap.entry.DefaultServerAttribute] - ERR_04450
The value {0} is incorrect, it hasnt been added
INFO   | jvm 1    | 2012/01/04 18:03:29 | [18:03:29] ERROR
[org.apache.directory.shared.ldap.entry.DefaultServerAttribute] - ERR_04450
The value {0} is incorrect, it hasnt been added
INFO   | jvm 1    | 2012/01/04 18:03:29 | [18:03:29] ERROR
[org.apache.directory.shared.ldap.entry.DefaultServerAttribute] - ERR_04450
The value {0} is incorrect, it hasnt been added
INFO   | jvm 1    | 2012/01/04 18:03:29 | [18:03:29] ERROR
[org.apache.directory.shared.ldap.entry.DefaultServerAttribute] - ERR_04450
The value {0} is incorrect, it hasnt been added
INFO   | jvm 1    | 2012/01/04 18:03:29 | [18:03:29] ERROR
[org.apache.directory.shared.ldap.entry.DefaultServerAttribute] - ERR_04450
The value {0} is incorrect, it hasnt been added
INFO   | jvm 1    | 2012/01/04 18:03:29 | [18:03:29] ERROR
[org.apache.directory.shared.ldap.entry.DefaultServerAttribute] - ERR_04450
The value {0} is incorrect, it hasnt been added
INFO   | jvm 1    | 2012/01/04 18:03:29 | Starting the Kerberos server
INFO   | jvm 1    | 2012/01/04 18:03:29 |            _
_          _  __ ____   ___
INFO   | jvm 1    | 2012/01/04 18:03:29 |           / \   _ __    ___  ___|
|__   ___| |/ /|  _ \ / __|
INFO   | jvm 1    | 2012/01/04 18:03:29 |          / _ \ | '_ \ / _` |/ __|
'_ \ / _ \ ' / | | | / /
INFO   | jvm 1    | 2012/01/04 18:03:29 |         / ___ \| |_) | (_| | (__|
| | |  __/ . \ | |_| \ \__
INFO   | jvm 1    | 2012/01/04 18:03:29 |        /_/   \_\ .__/
\__,_|\___|_| |_|\___|_|\_\|____/ \___|
INFO   | jvm 1    | 2012/01/04 18:03:29 |                |_|

INFO   | jvm 1    | 2012/01/04 18:03:29 |
INFO   | jvm 1    | 2012/01/04 18:03:29 | [18:03:29] INFO
[org.apache.directory.server.kerberos.kdc.KdcServer] - Kerberos service
started.
INFO   | jvm 1    | 2012/01/04 18:03:29 | Kerberos service started.
INFO   | jvm 1    | 2012/01/04 18:03:29 | Kerberos server started
INFO   | jvm 1    | 2012/01/04 18:03:29 | [18:03:29] ERROR
[org.apache.directory.shared.ldap.entry.DefaultServerAttribute] - ERR_04450
The value {0} is incorrect, it hasnt been added
INFO   | jvm 1    | 2012/01/04 18:03:29 | [18:03:29] ERROR
[org.apache.directory.shared.ldap.entry.DefaultServerAttribute] - ERR_04450
The value {0} is incorrect, it hasnt been added
INFO   | jvm 1    | 2012/01/04 18:03:29 | [18:03:29] ERROR
[org.apache.directory.shared.ldap.entry.DefaultServerAttribute] - ERR_04450
The value {0} is incorrect, it hasnt been added
INFO   | jvm 1    | 2012/01/04 18:03:29 | [18:03:29] ERROR
[org.apache.directory.shared.ldap.entry.DefaultServerAttribute] - ERR_04450
The value {0} is incorrect, it hasnt been added
INFO   | jvm 1    | 2012/01/04 18:03:29 | [18:03:29] ERROR
[org.apache.directory.shared.ldap.entry.DefaultServerAttribute] - ERR_04450
The value {0} is incorrect, it hasnt been added
INFO   | jvm 1    | 2012/01/04 18:03:29 | [18:03:29] ERROR
[org.apache.directory.shared.ldap.entry.DefaultServerAttribute] - ERR_04450
The value {0} is incorrect, it hasnt been added
INFO   | jvm 1    | 2012/01/04 18:03:29 | [18:03:29] ERROR
[org.apache.directory.shared.ldap.entry.DefaultServerAttribute] - ERR_04450
The value {0} is incorrect, it hasnt been added
INFO   | jvm 1    | 2012/01/04 18:03:29 | [18:03:29] ERROR
[org.apache.directory.shared.ldap.entry.DefaultServerAttribute] - ERR_04450
The value {0} is incorrect, it hasnt been added
INFO   | jvm 1    | 2012/01/04 18:03:29 | [18:03:29] ERROR
[org.apache.directory.shared.ldap.entry.DefaultServerAttribute] - ERR_04450
The value {0} is incorrect, it hasnt been added
INFO   | jvm 1    | 2012/01/04 18:03:29 | [18:03:29] ERROR
[org.apache.directory.shared.ldap.entry.DefaultServerAttribute] - ERR_04450
The value {0} is incorrect, it hasnt been added
INFO   | jvm 1    | 2012/01/04 18:03:29 | [18:03:29] ERROR
[org.apache.directory.shared.ldap.entry.DefaultServerAttribute] - ERR_04450
The value {0} is incorrect, it hasnt been added
INFO   | jvm 1    | 2012/01/04 18:03:29 | [18:03:29] ERROR
[org.apache.directory.shared.ldap.entry.DefaultServerAttribute] - ERR_04450
The value {0} is incorrect, it hasnt been added
INFO   | jvm 1    | 2012/01/04 18:03:29 | [18:03:29] ERROR
[org.apache.directory.server.Service] - Cannot start the server :
reuseAddress can't be set while the acceptor is bound.
INFO   | jvm 1    | 2012/01/04 18:03:35 | [18:03:35] DEBUG
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /
192.168.27.110:59504 CREATED:  datagram
INFO   | jvm 1    | 2012/01/04 18:03:35 | [18:03:35] DEBUG
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /
192.168.27.110:59504 OPENED
INFO   | jvm 1    | 2012/01/04 18:03:35 | [18:03:35] DEBUG
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /
192.168.27.110:59504 RCVD:
 org.apache.directory.server.kerberos.shared.messages.KdcRequest@65a608
INFO   | jvm 1    | 2012/01/04 18:03:35 | [18:03:35] DEBUG
[org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService]
- Received Authentication Service (AS) request:
INFO   | jvm 1    | 2012/01/04 18:03:35 | messageType:           AS_REQ
INFO   | jvm 1    | 2012/01/04 18:03:35 | protocolVersionNumber: 5
INFO   | jvm 1    | 2012/01/04 18:03:35 | clientAddress:
192.168.27.110
INFO   | jvm 1    | 2012/01/04 18:03:35 | nonce:                 2070170438
INFO   | jvm 1    | 2012/01/04 18:03:35 | kdcOptions:
INFO   | jvm 1    | 2012/01/04 18:03:35 | clientPrincipal:
myuser@myrealm.org.tr
INFO   | jvm 1    | 2012/01/04 18:03:35 | serverPrincipal:       krbtgt/
myrealm.org.tr@myrealm.org.tr
INFO   | jvm 1    | 2012/01/04 18:03:35 | encryptionType:
 des-cbc-crc (1), aes128-cts-hmac-sha1-96 (17), des-cbc-md5 (3), rc4-hmac
(23), des3-cbc-sha1-kd (16)
INFO   | jvm 1    | 2012/01/04 18:03:35 | realm:
myrealm.org.tr
INFO   | jvm 1    | 2012/01/04 18:03:35 | from time:             null
INFO   | jvm 1    | 2012/01/04 18:03:35 | till time:
19700101000000Z
INFO   | jvm 1    | 2012/01/04 18:03:35 | renew-till time:       null
INFO   | jvm 1    | 2012/01/04 18:03:35 | hostAddresses:         null
INFO   | jvm 1    | 2012/01/04 18:03:35 | [18:03:35] DEBUG
[org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService]
- Session will use encryption type des-cbc-md5 (3).
INFO   | jvm 1    | 2012/01/04 18:03:35 | [18:03:35] DEBUG
[org.apache.directory.server.kerberos.shared.store.operations.StoreUtils] -
Found entry ServerEntry
INFO   | jvm 1    | 2012/01/04 18:03:35 |     dn[n]:
uid=myuser,ou=people,o=myrealm,dc=myrealm,dc=org,dc=tr
INFO   | jvm 1    | 2012/01/04 18:03:35 |     objectClass:
organizationalPerson
INFO   | jvm 1    | 2012/01/04 18:03:35 |     objectClass: person
INFO   | jvm 1    | 2012/01/04 18:03:35 |     objectClass: krb5Principal
INFO   | jvm 1    | 2012/01/04 18:03:35 |     objectClass: krb5KDCEntry
INFO   | jvm 1    | 2012/01/04 18:03:35 |     objectClass: inetOrgPerson
INFO   | jvm 1    | 2012/01/04 18:03:35 |     objectClass: top
INFO   | jvm 1    | 2012/01/04 18:03:35 |     uid: myuser
INFO   | jvm 1    | 2012/01/04 18:03:35 |     sn: mysurname
INFO   | jvm 1    | 2012/01/04 18:03:35 |     krb5PrincipalName:
myuser@myrealm.org.tr
INFO   | jvm 1    | 2012/01/04 18:03:35 |     krb5Key: '0x30 0x21 0xA0 0x03
0x02 0x01 0x10 0xA1 0x1A 0x04 0x18 0x6B 0x4C 0x3B 0x25 0x92 ...'
INFO   | jvm 1    | 2012/01/04 18:03:35 |     krb5Key: '0x30 0x19 0xA0 0x03
0x02 0x01 0x11 0xA1 0x12 0x04 0x10 0x44 0x28 0x3A 0x44 0x47 ...'
INFO   | jvm 1    | 2012/01/04 18:03:35 |     krb5Key: '0x30 0x19 0xA0 0x03
0x02 0x01 0x17 0xA1 0x12 0x04 0x10 0x47 0xBF 0x80 0x39 0xA8 ...'
INFO   | jvm 1    | 2012/01/04 18:03:35 |     krb5Key: '0x30 0x11 0xA0 0x03
0x02 0x01 0x03 0xA1 0x0A 0x04 0x08 0xB9 0xFE 0xE9 0x45 0xB5 ...'
INFO   | jvm 1    | 2012/01/04 18:03:35 |     krb5KeyVersionNumber: 4
INFO   | jvm 1    | 2012/01/04 18:03:35 |     cn: myname mysurname
INFO   | jvm 1    | 2012/01/04 18:03:35 |     userPassword: '0x41 0x61 0x31
0x32 0x33 0x34 0x35 0x36 '
INFO   | jvm 1    | 2012/01/04 18:03:35 |  for kerberos principal name
myuser@myrealm.org.tr
INFO   | jvm 1    | 2012/01/04 18:03:35 | [18:03:35] DEBUG
[org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService]
- Verifying using SAM subsystem.
INFO   | jvm 1    | 2012/01/04 18:03:35 | [18:03:35] DEBUG
[org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService]
- Verifying using encrypted timestamp.
INFO   | jvm 1    | 2012/01/04 18:03:35 | [18:03:35] DEBUG
[org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService]
- Entry for client principal myuser@myrealm.org.tr has no SAM type.
 Proceeding with standard pre-authentication.
INFO   | jvm 1    | 2012/01/04 18:03:35 | [18:03:35] WARN
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] -
Additional pre-authentication required (25)
INFO   | jvm 1    | 2012/01/04 18:03:35 |
org.apache.directory.server.kerberos.shared.exceptions.KerberosException:
Additional pre-authentication required
INFO   | jvm 1    | 2012/01/04 18:03:35 | at
org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService.verifyEncryptedTimestamp(AuthenticationService.java:269)
INFO   | jvm 1    | 2012/01/04 18:03:35 | at
org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService.execute(AuthenticationService.java:107)
INFO   | jvm 1    | 2012/01/04 18:03:35 | at
org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler.messageReceived(KerberosProtocolHandler.java:145)
INFO   | jvm 1    | 2012/01/04 18:03:35 | at
org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:713)
INFO   | jvm 1    | 2012/01/04 18:03:35 | at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
INFO   | jvm 1    | 2012/01/04 18:03:35 | at
org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46)
INFO   | jvm 1    | 2012/01/04 18:03:35 | at
org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:793)
INFO   | jvm 1    | 2012/01/04 18:03:35 | at
org.apache.mina.filter.codec.ProtocolCodecFilter$ProtocolDecoderOutputImpl.flush(ProtocolCodecFilter.java:375)
INFO   | jvm 1    | 2012/01/04 18:03:35 | at
org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:229)
INFO   | jvm 1    | 2012/01/04 18:03:35 | at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
INFO   | jvm 1    | 2012/01/04 18:03:35 | at
org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46)
INFO   | jvm 1    | 2012/01/04 18:03:35 | at
org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:793)
INFO   | jvm 1    | 2012/01/04 18:03:35 | at
org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:119)
INFO   | jvm 1    | 2012/01/04 18:03:35 | at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
INFO   | jvm 1    | 2012/01/04 18:03:35 | at
org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:426)
INFO   | jvm 1    | 2012/01/04 18:03:35 | at
org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.readHandle(AbstractPollingConnectionlessIoAcceptor.java:436)
INFO   | jvm 1    | 2012/01/04 18:03:35 | at
org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.processReadySessions(AbstractPollingConnectionlessIoAcceptor.java:407)
INFO   | jvm 1    | 2012/01/04 18:03:35 | at
org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.access$600(AbstractPollingConnectionlessIoAcceptor.java:56)
INFO   | jvm 1    | 2012/01/04 18:03:35 | at
org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor$Acceptor.run(AbstractPollingConnectionlessIoAcceptor.java:360)
INFO   | jvm 1    | 2012/01/04 18:03:35 | at
org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)
INFO   | jvm 1    | 2012/01/04 18:03:35 | at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
INFO   | jvm 1    | 2012/01/04 18:03:35 | at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
INFO   | jvm 1    | 2012/01/04 18:03:35 | at
java.lang.Thread.run(Thread.java:722)
INFO   | jvm 1    | 2012/01/04 18:03:35 | [18:03:35] DEBUG
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] -
Responding to request with error:
INFO   | jvm 1    | 2012/01/04 18:03:35 | explanatory text:      Additional
pre-authentication required
INFO   | jvm 1    | 2012/01/04 18:03:35 | error code:            25
INFO   | jvm 1    | 2012/01/04 18:03:35 | clientPrincipal:       null
INFO   | jvm 1    | 2012/01/04 18:03:35 | client time:           null
INFO   | jvm 1    | 2012/01/04 18:03:35 | serverPrincipal:       krbtgt/
EXAMPLE.COM@EXAMPLE.COM
INFO   | jvm 1    | 2012/01/04 18:03:35 | server time:
20120104160335Z
INFO   | jvm 1    | 2012/01/04 18:03:35 | [18:03:35] DEBUG
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /
192.168.27.110:59504 SENT:
 org.apache.directory.server.kerberos.shared.messages.ErrorMessage@1878a17
INFO   | jvm 1    | 2012/01/04 18:03:35 | [18:03:35] DEBUG
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /
192.168.27.110:59505 CREATED:  datagram
INFO   | jvm 1    | 2012/01/04 18:03:35 | [18:03:35] DEBUG
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /
192.168.27.110:59505 OPENED
INFO   | jvm 1    | 2012/01/04 18:03:35 | [18:03:35] DEBUG
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /
192.168.27.110:59505 RCVD:
 org.apache.directory.server.kerberos.shared.messages.KdcRequest@e8df29
INFO   | jvm 1    | 2012/01/04 18:03:35 | [18:03:35] DEBUG
[org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService]
- Received Authentication Service (AS) request:
INFO   | jvm 1    | 2012/01/04 18:03:35 | messageType:           AS_REQ
INFO   | jvm 1    | 2012/01/04 18:03:35 | protocolVersionNumber: 5
INFO   | jvm 1    | 2012/01/04 18:03:35 | clientAddress:
192.168.27.110
INFO   | jvm 1    | 2012/01/04 18:03:35 | nonce:                 205129622
INFO   | jvm 1    | 2012/01/04 18:03:35 | kdcOptions:
INFO   | jvm 1    | 2012/01/04 18:03:35 | clientPrincipal:
myuser@myrealm.org.tr
INFO   | jvm 1    | 2012/01/04 18:03:35 | serverPrincipal:       krbtgt/
myrealm.org.tr@myrealm.org.tr
INFO   | jvm 1    | 2012/01/04 18:03:35 | encryptionType:
 des-cbc-crc (1), aes128-cts-hmac-sha1-96 (17), des-cbc-md5 (3), rc4-hmac
(23), des3-cbc-sha1-kd (16)
INFO   | jvm 1    | 2012/01/04 18:03:35 | realm:
myrealm.org.tr
INFO   | jvm 1    | 2012/01/04 18:03:35 | from time:             null
INFO   | jvm 1    | 2012/01/04 18:03:35 | till time:
19700101000000Z
INFO   | jvm 1    | 2012/01/04 18:03:35 | renew-till time:       null
INFO   | jvm 1    | 2012/01/04 18:03:35 | hostAddresses:         null
INFO   | jvm 1    | 2012/01/04 18:03:35 | [18:03:35] DEBUG
[org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService]
- Session will use encryption type des-cbc-md5 (3).
INFO   | jvm 1    | 2012/01/04 18:03:35 | [18:03:35] DEBUG
[org.apache.directory.server.kerberos.shared.store.operations.StoreUtils] -
Found entry ServerEntry
INFO   | jvm 1    | 2012/01/04 18:03:35 |     dn[n]:
uid=myuser,ou=people,o=myrealm,dc=myrealm,dc=org,dc=tr
INFO   | jvm 1    | 2012/01/04 18:03:35 |     objectClass:
organizationalPerson
INFO   | jvm 1    | 2012/01/04 18:03:35 |     objectClass: person
INFO   | jvm 1    | 2012/01/04 18:03:35 |     objectClass: krb5Principal
INFO   | jvm 1    | 2012/01/04 18:03:35 |     objectClass: krb5KDCEntry
INFO   | jvm 1    | 2012/01/04 18:03:35 |     objectClass: inetOrgPerson
INFO   | jvm 1    | 2012/01/04 18:03:35 |     objectClass: top
INFO   | jvm 1    | 2012/01/04 18:03:35 |     uid: myuser
INFO   | jvm 1    | 2012/01/04 18:03:35 |     sn: mysurname
INFO   | jvm 1    | 2012/01/04 18:03:35 |     krb5PrincipalName:
myuser@myrealm.org.tr
INFO   | jvm 1    | 2012/01/04 18:03:35 |     krb5Key: '0x30 0x21 0xA0 0x03
0x02 0x01 0x10 0xA1 0x1A 0x04 0x18 0x6B 0x4C 0x3B 0x25 0x92 ...'
INFO   | jvm 1    | 2012/01/04 18:03:35 |     krb5Key: '0x30 0x19 0xA0 0x03
0x02 0x01 0x11 0xA1 0x12 0x04 0x10 0x44 0x28 0x3A 0x44 0x47 ...'
INFO   | jvm 1    | 2012/01/04 18:03:35 |     krb5Key: '0x30 0x19 0xA0 0x03
0x02 0x01 0x17 0xA1 0x12 0x04 0x10 0x47 0xBF 0x80 0x39 0xA8 ...'
INFO   | jvm 1    | 2012/01/04 18:03:35 |     krb5Key: '0x30 0x11 0xA0 0x03
0x02 0x01 0x03 0xA1 0x0A 0x04 0x08 0xB9 0xFE 0xE9 0x45 0xB5 ...'
INFO   | jvm 1    | 2012/01/04 18:03:35 |     krb5KeyVersionNumber: 4
INFO   | jvm 1    | 2012/01/04 18:03:35 |     cn: myname mysurname
INFO   | jvm 1    | 2012/01/04 18:03:35 |     userPassword: '0x41 0x61 0x31
0x32 0x33 0x34 0x35 0x36 '
INFO   | jvm 1    | 2012/01/04 18:03:35 |  for kerberos principal name
myuser@myrealm.org.tr
INFO   | jvm 1    | 2012/01/04 18:03:35 | [18:03:35] DEBUG
[org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService]
- Verifying using SAM subsystem.
INFO   | jvm 1    | 2012/01/04 18:03:35 | [18:03:35] DEBUG
[org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService]
- Verifying using encrypted timestamp.
INFO   | jvm 1    | 2012/01/04 18:03:35 | [18:03:35] DEBUG
[org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService]
- Entry for client principal myuser@myrealm.org.tr has no SAM type.
 Proceeding with standard pre-authentication.
INFO   | jvm 1    | 2012/01/04 18:03:35 | [18:03:35] DEBUG
[org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService]
- Pre-authentication by encrypted timestamp successful for
myuser@myrealm.org.tr.
INFO   | jvm 1    | 2012/01/04 18:03:35 | [18:03:35] DEBUG
[org.apache.directory.server.kerberos.shared.store.operations.StoreUtils] -
Found entry ServerEntry
INFO   | jvm 1    | 2012/01/04 18:03:35 |     dn[n]:
uid=krbtgt,ou=people,o=myrealm,dc=myrealm,dc=org,dc=tr
INFO   | jvm 1    | 2012/01/04 18:03:35 |     objectClass:
organizationalPerson
INFO   | jvm 1    | 2012/01/04 18:03:35 |     objectClass: person
INFO   | jvm 1    | 2012/01/04 18:03:35 |     objectClass: krb5Principal
INFO   | jvm 1    | 2012/01/04 18:03:35 |     objectClass: gosaAccount
INFO   | jvm 1    | 2012/01/04 18:03:35 |     objectClass: krb5KDCEntry
INFO   | jvm 1    | 2012/01/04 18:03:35 |     objectClass: inetOrgPerson
INFO   | jvm 1    | 2012/01/04 18:03:35 |     objectClass: top
INFO   | jvm 1    | 2012/01/04 18:03:35 |     uid: krbtgt
INFO   | jvm 1    | 2012/01/04 18:03:35 |     sn: Service
INFO   | jvm 1    | 2012/01/04 18:03:35 |     krb5PrincipalName: krbtgt/
myrealm.org.tr@myrealm.org.tr
INFO   | jvm 1    | 2012/01/04 18:03:35 |     krb5Key: '0x30 0x21 0xA0 0x03
0x02 0x01 0x10 0xA1 0x1A 0x04 0x18 0x5E 0x10 0xEF 0xE9 0x83 ...'
INFO   | jvm 1    | 2012/01/04 18:03:35 |     krb5Key: '0x30 0x19 0xA0 0x03
0x02 0x01 0x11 0xA1 0x12 0x04 0x10 0x18 0x85 0x5A 0xA3 0xC9 ...'
INFO   | jvm 1    | 2012/01/04 18:03:35 |     krb5Key: '0x30 0x19 0xA0 0x03
0x02 0x01 0x17 0xA1 0x12 0x04 0x10 0x47 0xBF 0x80 0x39 0xA8 ...'
INFO   | jvm 1    | 2012/01/04 18:03:35 |     krb5Key: '0x30 0x11 0xA0 0x03
0x02 0x01 0x03 0xA1 0x0A 0x04 0x08 0xEC 0xE0 0x98 0x6D 0x85 ...'
INFO   | jvm 1    | 2012/01/04 18:03:35 |     krb5KeyVersionNumber: 3
INFO   | jvm 1    | 2012/01/04 18:03:35 |     cn: KDC Service
INFO   | jvm 1    | 2012/01/04 18:03:35 |     userPassword: '0x41 0x61 0x31
0x32 0x33 0x34 0x35 0x36 '
INFO   | jvm 1    | 2012/01/04 18:03:35 |  for kerberos principal name
krbtgt/myrealm.org.tr@myrealm.org.tr
INFO   | jvm 1    | 2012/01/04 18:03:35 | [18:03:35] DEBUG
[org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService]
- Ticket will be issued for access to krbtgt/myrealm.org.tr@myrealm.org.tr.
INFO   | jvm 1    | 2012/01/04 18:03:35 | [18:03:35] DEBUG
[org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService]
- Monitoring Authentication Service (AS) context:
INFO   | jvm 1    | 2012/01/04 18:03:35 | clockSkew              300000
INFO   | jvm 1    | 2012/01/04 18:03:35 | clientAddress          /
192.168.27.110
INFO   | jvm 1    | 2012/01/04 18:03:35 | principal
myuser@myrealm.org.tr
INFO   | jvm 1    | 2012/01/04 18:03:35 | cn                     null
INFO   | jvm 1    | 2012/01/04 18:03:35 | realm                  null
INFO   | jvm 1    | 2012/01/04 18:03:35 | principal
myuser@myrealm.org.tr
INFO   | jvm 1    | 2012/01/04 18:03:35 | SAM type               null
INFO   | jvm 1    | 2012/01/04 18:03:35 | principal              krbtgt/
myrealm.org.tr@myrealm.org.tr
INFO   | jvm 1    | 2012/01/04 18:03:35 | cn                     null
INFO   | jvm 1    | 2012/01/04 18:03:35 | realm                  null
INFO   | jvm 1    | 2012/01/04 18:03:35 | principal              krbtgt/
myrealm.org.tr@myrealm.org.tr
INFO   | jvm 1    | 2012/01/04 18:03:35 | SAM type               null
INFO   | jvm 1    | 2012/01/04 18:03:35 | Request key type
des-cbc-md5 (3)
INFO   | jvm 1    | 2012/01/04 18:03:35 | Client key version     0
INFO   | jvm 1    | 2012/01/04 18:03:35 | Server key version     0
INFO   | jvm 1    | 2012/01/04 18:03:35 | [18:03:35] DEBUG
[org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService]
- Responding with Authentication Service (AS) reply:
INFO   | jvm 1    | 2012/01/04 18:03:35 | messageType:           AS_REP
INFO   | jvm 1    | 2012/01/04 18:03:35 | protocolVersionNumber: 5
INFO   | jvm 1    | 2012/01/04 18:03:35 | nonce:                 205129622
INFO   | jvm 1    | 2012/01/04 18:03:35 | clientPrincipal:
myuser@myrealm.org.tr
INFO   | jvm 1    | 2012/01/04 18:03:35 | client realm:
myrealm.org.tr
INFO   | jvm 1    | 2012/01/04 18:03:35 | serverPrincipal:       krbtgt/
myrealm.org.tr@myrealm.org.tr
INFO   | jvm 1    | 2012/01/04 18:03:35 | server realm:
myrealm.org.tr
INFO   | jvm 1    | 2012/01/04 18:03:35 | auth time:
20120104160335Z
INFO   | jvm 1    | 2012/01/04 18:03:35 | start time:            null
INFO   | jvm 1    | 2012/01/04 18:03:35 | end time:
 20120105160335Z
INFO   | jvm 1    | 2012/01/04 18:03:35 | renew-till time:       null
INFO   | jvm 1    | 2012/01/04 18:03:35 | hostAddresses:         null
INFO   | jvm 1    | 2012/01/04 18:03:35 | [18:03:35] DEBUG
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /
192.168.27.110:59505 SENT:
 org.apache.directory.server.kerberos.shared.messages.AuthenticationReply@14fa707
INFO   | jvm 1    | 2012/01/04 18:03:35 | [18:03:35] DEBUG
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /
192.168.27.110:59506 CREATED:  datagram
INFO   | jvm 1    | 2012/01/04 18:03:35 | [18:03:35] DEBUG
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /
192.168.27.110:59506 OPENED
INFO   | jvm 1    | 2012/01/04 18:03:35 | [18:03:35] DEBUG
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /
192.168.27.110:59506 RCVD:
 org.apache.directory.server.kerberos.shared.messages.KdcRequest@5eef81
INFO   | jvm 1    | 2012/01/04 18:03:35 | [18:03:35] DEBUG
[org.apache.directory.server.kerberos.kdc.ticketgrant.TicketGrantingService]
- Received Ticket-Granting Service (TGS) request:
INFO   | jvm 1    | 2012/01/04 18:03:35 | messageType:           TGS_REQ
INFO   | jvm 1    | 2012/01/04 18:03:35 | protocolVersionNumber: 5
INFO   | jvm 1    | 2012/01/04 18:03:35 | clientAddress:
192.168.27.110
INFO   | jvm 1    | 2012/01/04 18:03:35 | nonce:                 263725163
INFO   | jvm 1    | 2012/01/04 18:03:35 | kdcOptions:
INFO   | jvm 1    | 2012/01/04 18:03:35 | clientPrincipal:       null
INFO   | jvm 1    | 2012/01/04 18:03:35 | serverPrincipal:       ldap/
kys01.myrealm.org.tr@myrealm.org.tr
INFO   | jvm 1    | 2012/01/04 18:03:35 | encryptionType:
 des-cbc-crc (1), aes128-cts-hmac-sha1-96 (17), des-cbc-md5 (3), rc4-hmac
(23), des3-cbc-sha1-kd (16)
INFO   | jvm 1    | 2012/01/04 18:03:35 | realm:
myrealm.org.tr
INFO   | jvm 1    | 2012/01/04 18:03:35 | from time:             null
INFO   | jvm 1    | 2012/01/04 18:03:35 | till time:
19700101000000Z
INFO   | jvm 1    | 2012/01/04 18:03:35 | renew-till time:       null
INFO   | jvm 1    | 2012/01/04 18:03:35 | hostAddresses:         null
INFO   | jvm 1    | 2012/01/04 18:03:35 | [18:03:35] DEBUG
[org.apache.directory.server.kerberos.kdc.ticketgrant.TicketGrantingService]
- Session will use encryption type des-cbc-md5 (3).
INFO   | jvm 1    | 2012/01/04 18:03:35 | [18:03:35] WARN
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] -
The ticket isn't for us (35)
INFO   | jvm 1    | 2012/01/04 18:03:35 |
org.apache.directory.server.kerberos.shared.exceptions.KerberosException:
The ticket isn't for us
INFO   | jvm 1    | 2012/01/04 18:03:35 | at
org.apache.directory.server.kerberos.kdc.ticketgrant.TicketGrantingService.verifyTgt(TicketGrantingService.java:233)
INFO   | jvm 1    | 2012/01/04 18:03:35 | at
org.apache.directory.server.kerberos.kdc.ticketgrant.TicketGrantingService.execute(TicketGrantingService.java:100)
INFO   | jvm 1    | 2012/01/04 18:03:35 | at
org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler.messageReceived(KerberosProtocolHandler.java:158)
INFO   | jvm 1    | 2012/01/04 18:03:35 | at
org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:713)
INFO   | jvm 1    | 2012/01/04 18:03:35 | at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
INFO   | jvm 1    | 2012/01/04 18:03:35 | at
org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46)
INFO   | jvm 1    | 2012/01/04 18:03:35 | at
org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:793)
INFO   | jvm 1    | 2012/01/04 18:03:35 | at
org.apache.mina.filter.codec.ProtocolCodecFilter$ProtocolDecoderOutputImpl.flush(ProtocolCodecFilter.java:375)
INFO   | jvm 1    | 2012/01/04 18:03:35 | at
org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:229)
INFO   | jvm 1    | 2012/01/04 18:03:35 | at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
INFO   | jvm 1    | 2012/01/04 18:03:35 | at
org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46)
INFO   | jvm 1    | 2012/01/04 18:03:35 | at
org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:793)
INFO   | jvm 1    | 2012/01/04 18:03:35 | at
org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:119)
INFO   | jvm 1    | 2012/01/04 18:03:35 | at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
INFO   | jvm 1    | 2012/01/04 18:03:35 | at
org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:426)
INFO   | jvm 1    | 2012/01/04 18:03:35 | at
org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.readHandle(AbstractPollingConnectionlessIoAcceptor.java:436)
INFO   | jvm 1    | 2012/01/04 18:03:35 | at
org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.processReadySessions(AbstractPollingConnectionlessIoAcceptor.java:407)
INFO   | jvm 1    | 2012/01/04 18:03:35 | at
org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.access$600(AbstractPollingConnectionlessIoAcceptor.java:56)
INFO   | jvm 1    | 2012/01/04 18:03:35 | at
org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor$Acceptor.run(AbstractPollingConnectionlessIoAcceptor.java:360)
INFO   | jvm 1    | 2012/01/04 18:03:35 | at
org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)
INFO   | jvm 1    | 2012/01/04 18:03:35 | at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
INFO   | jvm 1    | 2012/01/04 18:03:35 | at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
INFO   | jvm 1    | 2012/01/04 18:03:35 | at
java.lang.Thread.run(Thread.java:722)
INFO   | jvm 1    | 2012/01/04 18:03:35 | [18:03:35] DEBUG
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] -
Responding to request with error:
INFO   | jvm 1    | 2012/01/04 18:03:35 | explanatory text:      The ticket
isn't for us
INFO   | jvm 1    | 2012/01/04 18:03:35 | error code:            35
INFO   | jvm 1    | 2012/01/04 18:03:35 | clientPrincipal:       null
INFO   | jvm 1    | 2012/01/04 18:03:35 | client time:           null
INFO   | jvm 1    | 2012/01/04 18:03:35 | serverPrincipal:       krbtgt/
EXAMPLE.COM@EXAMPLE.COM
INFO   | jvm 1    | 2012/01/04 18:03:35 | server time:
20120104160335Z
INFO   | jvm 1    | 2012/01/04 18:03:35 | [18:03:35] DEBUG
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /
192.168.27.110:59506 SENT:
 org.apache.directory.server.kerberos.shared.messages.ErrorMessage@1c83981


-- 
Ahmet Çağrı Şimşek <http://www.cs.bilkent.edu.tr/%7Easimsek/>

Mime
View raw message