directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kiran Ayyagari <kayyag...@apache.org>
Subject Re: ApacheDS and Kerberos Setup
Date Sun, 11 May 2014 09:58:23 GMT
On Thu, May 8, 2014 at 12:00 AM, Reid Varner <r.varner@samsung.com> wrote:

> Hello,
>
>
>
> I am tasked with setting up an ApacheDS 2.0.0 LDAP + Kerberos (including
> KDC) server for use in our testing environment. I followed this guide<
> https://directory.apache.org/apacheds/kerberos-ug/4.2-authenticate-studio.html>,
> but am unable to successfully authenticate with my LDAP server using
> Kerberos as per the final step on that page.
>
> I am using the latest Apache Directory Studio (2.0.0.v20130628).
>
> When I have "Require Pre-Authentication By Encrypted TimeStamp" checked
> and I click "Check Authentication", I get the
> error:javax.security.auth.login.LoginException: Integrity check on
> decrypted field failed (31)
>
> When I uncheck that field, restart the server, and click "Check
> Authentication" again, I get: javax.security.auth.login.LoginException:
> Checksum Failed
>
>
>
> I am sure the username and password I am supplying is correct. What could
> be the problem? Has anyone successfully set up ApacheDS 2.0.0 with
> Kerberos? Is there a guide I should be following somewhere?
>
> It seems the folks over at ApacheDS have yet to document configuration<
> http://directory.apache.org/apacheds/kerberos-ug/2-kerberos-config.html>
> of their Kerberos server.
>
> Fyi, my configuration is exactly as per the guide<
> https://directory.apache.org/apacheds/kerberos-ug/4.2-authenticate-studio.html
> >.
>
> this configuration is correct and I confirm that this works as expected
with version 2.0.0-M16.

Can you replace your server's log4j.properties with this
http://pastebin.com/Hqzt96Aw
and send us the log (you cannot attach to the mail, so use any pastebin
site and provide us the link)

otoh, your mail was delivered to us today due to an issue with ASF's mail
server.

> Many thanks,
>
> Reid
>



-- 
Kiran Ayyagari
http://keydap.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message