directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrew Wiley <debio...@gmail.com>
Subject Kerberos Can't Find Users
Date Wed, 21 Apr 2010 20:33:12 GMT
I'm setting up an embedded ADS server, and I'm trying to get a KDC running
as well, but for some reason the KDC can't find any users. I'm creating a
partition in dc=wileynet,dc=org and
adding uid=administrator,ou=Administrators,dc=wileynet,dc=org with the
objectClasses account, posixAccount, andkrb5Principal. The entry winds up
looking like this:
ServerEntry
    dn[n]: uid=administrator,ou=Administrators,dc=wileynet,dc=org
    objectClass: krb5Principal
    objectClass: posixAccount
    objectClass: account
    objectClass: top
    uid: administrator
    krb5PrincipalName: administrator@WILEYNET.ORG
    userPassword: (null)
    uidNumber: 1000
    cn: administrator
    gidNumber: 1000
    homeDirectory:

I have also created a KdcServer with this code, where defaultSuffix is
wileynet.org and getDN simply converts wileynet.org to dc=wileynet,dc=org
KdcServer kdcServer = new KdcServer();
kdcServer.setDirectoryService(service);
String temp = "krbtgt/" + defaultSuffix.toUpperCase() + "@"
+ defaultSuffix.toUpperCase();
System.out.println(temp);
kdcServer.setKdcPrincipal(temp);
temp = defaultSuffix.toUpperCase();
System.out.println(temp);
kdcServer.setPrimaryRealm(temp);
temp = getDN(defaultSuffix);
System.out.println(temp);
kdcServer.setSearchBaseDn(getDN(defaultSuffix));
kdcServer.setMaximumTicketLifetime(1000);
kdcServer.setMaximumRenewableLifetime(2000);
Transport kt = new UdpTransport(1088);
kdcServer.addTransports(kt);
kdcServer.setEncryptionTypes(EncryptionType.values());
 try {
kdcServer.start();
} catch (Exception e) {
log.error("Failed to start Kerberos Server", e);
}
I've got all the printlns in there to prove that these values are being fed
in:
KdcPrincipal: krbtgt/WILEYNET.ORG@WILEYNET.ORG
PrimaryRealm: WILEYNET.ORG
SearchBaseDN: dc=wileynet,dc=org
I then go to a console (I'm running Ubuntu), and try to run kinit
administrator@WILEYNET.ORG and see this on the command line:
kinit: Client not found in Kerberos database while getting initial
credentials
and this in the ADS log:
160564 [NioDatagramAcceptor-3] WARN
org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler  -
Client not found in Kerberos database (6)

Am I missing something here?

Thanks,
Andrew Wiley

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message