thank you.
I made the changes you told me but still not working.
my kinit doesn't work
# kinit hnelson@EXAMPLE.COM
kinit(v5): Client or server has a null key while getting initial
credentials
tail -f /var/lib/apacheds-1.5.7/default/log/apacheds-rolling.log
[10:15:29] DEBUG
[org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService] - Session
will use encryption type des-cbc-md5 (3).
[10:15:29] DEBUG
[org.apache.directory.server.kerberos.shared.store.operations.StoreUtils] - Found entry ServerEntry
dn[n]: uid=hnelson,ou=Users,dc=example,dc=com
objectClass: organizationalPerson
objectClass: person
objectClass: krb5Principal
objectClass: inetOrgPerson
objectClass: krb5KDCEntry
objectClass: top
uid: hnelson
sn: Nelson
krb5PrincipalName: hnelson@EXAMPLE.COM
krb5KeyVersionNumber: 0
cn: Horatio Nelson
userPassword: '0x73 0x65 0x63 0x72 0x65 0x74 '
for kerberos principal name hnelson@EXAMPLE.COM
[10:15:29] WARN
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler]
- The client or server has a null key (9)
org.apache.directory.server.kerberos.shared.exceptions.KerberosException: The client or server
has a null key
at
org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService.getEntry(AuthenticationService.java:758)
at
org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService.getClientEntry(AuthenticationService.java:153)
at
org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService.execute(AuthenticationService.java:104)
at
org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler.messageReceived(KerberosProtocolHandler.java:145)
at org.apache.mina.core.filterchain.DefaultIoFilterChain
$TailFilter.messageReceived(DefaultIoFilterChain.java:713)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
at org.apache.mina.core.filterchain.DefaultIoFilterChain.access
$1200(DefaultIoFilterChain.java:46)
at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl
$1.messageReceived(DefaultIoFilterChain.java:793)
at org.apache.mina.filter.codec.ProtocolCodecFilter
$ProtocolDecoderOutputImpl.flush(ProtocolCodecFilter.java:375)
at
org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:229)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
at org.apache.mina.core.filterchain.DefaultIoFilterChain.access
$1200(DefaultIoFilterChain.java:46)
at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl
$1.messageReceived(DefaultIoFilterChain.java:793)
at
org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:119)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:426)
at
org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.readHandle(AbstractPollingConnectionlessIoAcceptor.java:436)
at
org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.processReadySessions(AbstractPollingConnectionlessIoAcceptor.java:407)
at
org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.access$600(AbstractPollingConnectionlessIoAcceptor.java:56)
at org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor
$Acceptor.run(AbstractPollingConnectionlessIoAcceptor.java:360)
at
org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)
at java.util.concurrent.ThreadPoolExecutor
$Worker.runTask(ThreadPoolExecutor.java:886)
at java.util.concurrent.ThreadPoolExecutor
$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:619)
[10:15:29] DEBUG
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler]
- Responding to request with error:
explanatory text: The client or server has a null key
error code: 9
clientPrincipal: null
client time: null
serverPrincipal: krbtgt/EXAMPLE.COM@EXAMPLE.COM
server time: 20100625081529Z
[10:15:29] DEBUG
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler]
- /127.0.0.1:55815 SENT:
org.apache.directory.server.kerberos.shared.messages.ErrorMessage@63fb050c
[10:16:29] DEBUG
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler]
- /127.0.0.1:55815 CLOSED
to try authentication i used the principal hnelson@EXAMPLE.COM with
password secret as explained in the advanced user guide. i face a
problem before this step i was not able to run kinit for
hnelson@EXAPMLE.COM
as explained before (kinit hnelson@EXAMPLE.COM
kinit(v5): Client or server has a null key while getting initial
credentials).
LDAP entry in LDIF format (i followed the official documentation given i
the web site advanced user guide):
# ldapsearch -b "uid=hnelson,ou=Users,dc=example,dc=com" -LLL -x
dn: uid=hnelson,ou=Users,dc=example,dc=com
uid: hnelson
sn: Nelson
krb5PrincipalName: hnelson@EXAMPLE.COM
objectClass: organizationalPerson
objectClass: person
objectClass: krb5Principal
objectClass: inetOrgPerson
objectClass: krb5KDCEntry
objectClass: top
krb5KeyVersionNumber: 0
cn: Horatio Nelson
userPassword:: c2VjcmV0
the file i used to populate my directory is the kdc-data.ldif given in
the web site.
hope that's what you asked me for.
thank you.
|