directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lkecir <lotfi.ke...@ipcine.com>
Subject Re: ApacheDS and kerberos problems
Date Fri, 25 Jun 2010 08:37:09 GMT
thank you.

I made the changes you told me but still not working.
my kinit doesn't work 

# kinit hnelson@EXAMPLE.COM
kinit(v5): Client or server has a null key while getting initial
credentials

tail -f /var/lib/apacheds-1.5.7/default/log/apacheds-rolling.log

[10:15:29] DEBUG
[org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService] - Session
will use encryption type des-cbc-md5 (3).
[10:15:29] DEBUG
[org.apache.directory.server.kerberos.shared.store.operations.StoreUtils] - Found entry ServerEntry
    dn[n]: uid=hnelson,ou=Users,dc=example,dc=com
    objectClass: organizationalPerson
    objectClass: person
    objectClass: krb5Principal
    objectClass: inetOrgPerson
    objectClass: krb5KDCEntry
    objectClass: top
    uid: hnelson
    sn: Nelson
    krb5PrincipalName: hnelson@EXAMPLE.COM
    krb5KeyVersionNumber: 0
    cn: Horatio Nelson
    userPassword: '0x73 0x65 0x63 0x72 0x65 0x74 '
 for kerberos principal name hnelson@EXAMPLE.COM
[10:15:29] WARN
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler]
- The client or server has a null key (9)
org.apache.directory.server.kerberos.shared.exceptions.KerberosException: The client or server
has a null key
	at
org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService.getEntry(AuthenticationService.java:758)
	at
org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService.getClientEntry(AuthenticationService.java:153)
	at
org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService.execute(AuthenticationService.java:104)
	at
org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler.messageReceived(KerberosProtocolHandler.java:145)
	at org.apache.mina.core.filterchain.DefaultIoFilterChain
$TailFilter.messageReceived(DefaultIoFilterChain.java:713)
	at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
	at org.apache.mina.core.filterchain.DefaultIoFilterChain.access
$1200(DefaultIoFilterChain.java:46)
	at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl
$1.messageReceived(DefaultIoFilterChain.java:793)
	at org.apache.mina.filter.codec.ProtocolCodecFilter
$ProtocolDecoderOutputImpl.flush(ProtocolCodecFilter.java:375)
	at
org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:229)
	at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
	at org.apache.mina.core.filterchain.DefaultIoFilterChain.access
$1200(DefaultIoFilterChain.java:46)
	at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl
$1.messageReceived(DefaultIoFilterChain.java:793)
	at
org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:119)
	at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
	at
org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:426)
	at
org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.readHandle(AbstractPollingConnectionlessIoAcceptor.java:436)
	at
org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.processReadySessions(AbstractPollingConnectionlessIoAcceptor.java:407)
	at
org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.access$600(AbstractPollingConnectionlessIoAcceptor.java:56)
	at org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor
$Acceptor.run(AbstractPollingConnectionlessIoAcceptor.java:360)
	at
org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)
	at java.util.concurrent.ThreadPoolExecutor
$Worker.runTask(ThreadPoolExecutor.java:886)
	at java.util.concurrent.ThreadPoolExecutor
$Worker.run(ThreadPoolExecutor.java:908)
	at java.lang.Thread.run(Thread.java:619)
[10:15:29] DEBUG
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler]
- Responding to request with error:
	explanatory text:      The client or server has a null key
	error code:            9
	clientPrincipal:       null
	client time:           null
	serverPrincipal:       krbtgt/EXAMPLE.COM@EXAMPLE.COM
	server time:           20100625081529Z
[10:15:29] DEBUG
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler]
- /127.0.0.1:55815 SENT:
org.apache.directory.server.kerberos.shared.messages.ErrorMessage@63fb050c
[10:16:29] DEBUG
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler]
- /127.0.0.1:55815 CLOSED

to try authentication i used the principal hnelson@EXAMPLE.COM with
password secret as explained in the advanced user guide. i face a
problem before this step i was not able to run kinit for
hnelson@EXAPMLE.COM
as explained before (kinit hnelson@EXAMPLE.COM
kinit(v5): Client or server has a null key while getting initial
credentials).
 

LDAP entry in LDIF format (i followed the official documentation given i
the web site advanced user guide):

	# ldapsearch -b "uid=hnelson,ou=Users,dc=example,dc=com" -LLL -x
	dn: uid=hnelson,ou=Users,dc=example,dc=com
	uid: hnelson
	sn: Nelson
	krb5PrincipalName: hnelson@EXAMPLE.COM
	objectClass: organizationalPerson
	objectClass: person
	objectClass: krb5Principal
	objectClass: inetOrgPerson
	objectClass: krb5KDCEntry
	objectClass: top
	krb5KeyVersionNumber: 0
	cn: Horatio Nelson
	userPassword:: c2VjcmV0

the file i used to populate my directory is  the  kdc-data.ldif given in
the web site.

hope that's what you asked me for.


thank you.





Mime
View raw message