directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lkecir <lotfi.ke...@ipcine.com>
Subject Re: ApacheDS and kerberos problems
Date Fri, 25 Jun 2010 09:22:03 GMT
thank you for your replay.

keyDerivationInterceptor was enabled as expected in the guide.

so i delete all entries created by the LDIF file (kdc-data.ldif).
and re-impoted them.

i saw the krb5entries for the hnelson entry.


kinit worked

	#kinit hnelson@EXAMPLE.COM
	Password for hnelson@EXAMPLE.COM: 
	# klist
	Ticket cache: FILE:/tmp/krb5cc_0
	Default principal: hnelson@EXAMPLE.COM

	Valid starting     Expires            Service principal
	06/25/10 10:58:00  06/26/10 10:57:56  	krbtgt/EXAMPLE.COM@EXAMPLE.COM


        Kerberos 4 ticket cache: /tmp/tkt0
        klist: You have no tickets cached



i tried to authenticate the same user using apache directory Studio i
got GSSAPI erros:

L'authentification a échouée (authentication failed in english)
 - GSSAPI
  javax.naming.AuthenticationException: GSSAPI [Root exception is
javax.security.sasl.SaslException: GSS initiate failed [Caused by
GSSException: No valid credentials provided (Mechanism level: Server not
found in Kerberos database (7) - Server not found in Kerberos
database)]]
	at com.sun.jndi.ldap.sasl.LdapSasl.saslBind(Unknown Source)
	at com.sun.jndi.ldap.LdapClient.authenticate(Unknown Source)
	at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
	at com.sun.jndi.ldap.LdapCtx.ensureOpen(Unknown Source)
	at com.sun.jndi.ldap.LdapCtx.ensureOpen(Unknown Source)
	at com.sun.jndi.ldap.LdapCtx.reconnect(Unknown Source)
	at javax.naming.ldap.InitialLdapContext.reconnect(Unknown Source)
	at
org.apache.directory.studio.connection.core.io.jndi.JNDIConnectionWrapper$8.run(JNDIConnectionWrapper.java:1165)
	at java.security.AccessController.doPrivileged(Native Method)
	at javax.security.auth.Subject.doAs(Unknown Source)
	at
org.apache.directory.studio.connection.core.io.jndi.JNDIConnectionWrapper.doGssapiBind(JNDIConnectionWrapper.java:1159)
	at
org.apache.directory.studio.connection.core.io.jndi.JNDIConnectionWrapper.access$700(JNDIConnectionWrapper.java:106)
	at
org.apache.directory.studio.connection.core.io.jndi.JNDIConnectionWrapper$7.run(JNDIConnectionWrapper.java:1041)
	at
org.apache.directory.studio.connection.core.io.jndi.JNDIConnectionWrapper.runAndMonitor(JNDIConnectionWrapper.java:1272)
	at
org.apache.directory.studio.connection.core.io.jndi.JNDIConnectionWrapper.doBind(JNDIConnectionWrapper.java:1065)
	at
org.apache.directory.studio.connection.core.io.jndi.JNDIConnectionWrapper.bind(JNDIConnectionWrapper.java:254)
	at
org.apache.directory.studio.connection.core.jobs.CheckBindRunnable.run(CheckBindRunnable.java:80)
	at org.apache.directory.studio.connection.ui.RunnableContextRunner
$1.run(RunnableContextRunner.java:123)
	at org.eclipse.jface.operation.ModalContext
$ModalContextThread.run(ModalContext.java:113)
Caused by: javax.security.sasl.SaslException: GSS initiate failed
[Caused by GSSException: No valid credentials provided (Mechanism level:
Server not found in Kerberos database (7) - Server not found in Kerberos
database)]
	at
com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(Unknown
Source)
	... 19 more
Caused by: GSSException: No valid credentials provided (Mechanism level:
Server not found in Kerberos database (7) - Server not found in Kerberos
database)
	at sun.security.jgss.krb5.Krb5Context.initSecContext(Unknown Source)
	at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)
	at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)
	... 20 more
Caused by: KrbException: Server not found in Kerberos database (7) -
Server not found in Kerberos database
	at sun.security.krb5.KrbTgsRep.<init>(Unknown Source)
	at sun.security.krb5.KrbTgsReq.getReply(Unknown Source)
	at sun.security.krb5.internal.CredentialsUtil.serviceCreds(Unknown
Source)
	at
sun.security.krb5.internal.CredentialsUtil.acquireServiceCreds(Unknown
Source)
	at sun.security.krb5.Credentials.acquireServiceCreds(Unknown Source)
	... 23 more
Caused by: KrbException: Identifier doesn't match expected value (906)
	at sun.security.krb5.internal.KDCRep.init(Unknown Source)
	at sun.security.krb5.internal.TGSRep.init(Unknown Source)
	at sun.security.krb5.internal.TGSRep.<init>(Unknown Source)
	... 28 more

  GSSAPI

my connection settings are: 
for the first screen:
   as i work on distant workstation:
    i put in the network parameters:
    hostname 10.0.10.22 (ip address of my Apache DS)
    port 10389

second screen i choose the same parameters given in the guide expect for
KDC Host : i put the IP address of my ApacheDS.

and when i test the authentication i got the above error message.

so i tried also to run this command on the server : ldapsearch -b
"dc=example,dc=com" "(uid=hnelson)" -Y GSSAPI
i got this output:
                  # ldapsearch -b "dc=example,dc=com" "(uid=hnelson)" -Y
GSSAPI
                    ldap_sasl_interactive_bind_s: Unknown authentication
method (-6)


what can be the problem.

thank you again.



Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message