directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ed Brown <Ed.Br...@sas.com>
Subject Help Configuring LDAP/KERBEROS Needed
Date Tue, 09 Jun 2015 03:35:46 GMT
Hi,
I'm following the example on Kerberos integration located here: https://directory.apache.org/apacheds/kerberos-ug/4.2-authenticate-studio.html.
The error I get, which is at the bottom, indicates the default realm cannot be found. Any
pointers/help would be appreciated.

TIA.

According to DS Studio, I have a realm EXAMPLE.COM.
The krbtgt user is:

Krb5KeyVersionNumber=0
Krb5PrincipalName=ldap/example.net@EXAMPLE.COM<mailto:ldap/example.net@EXAMPLE.COM>
Ou=TGT
Uid=ldap

The ldap user is:
Krb5KeyVersionNumber=0
Krb5PrincipalName=krbtgt/EXAMPLE.COM@EXAMPLE.COM<mailto:Krb5PrincipalName=krbtgt/EXAMPLE.COM@EXAMPLE.COM>
Ou=LDAP
Uid=krbtgt

Kerberos server:
Port: 60088
Kerberos change password server:
Port: 60464
Primary KDC Realse: EXAMPLE.COM
Search Base DN: dc=security,dc=example,dc=com

LDAP/LDAPS Servers:
SASL Host: example.net
SASL Principal ldap/example.net@EXAMPLE.COM<mailto:ldap/example.net@EXAMPLE.COM>
Search Base DN: dc=security,dc=example,dc=com

Authentication:
User: dnelson
Kerberos settings: Obtain TGBT from KDC
Kerberos realm: EXAMPLE.COM
KDC Host: example.net
KDC port: 60888

Local hosts file:
127.0.0.1              localhost example.com example.net
::1           localhost example.com example.net


When I authenticate, the follow error appears in the log file (after turning on debug logging),
specifying it can't find the default realm:

[22:59:27] DEBUG [org.apache.directory.shared.kerberos.messages.Ticket] - Ticket encoding
: 0x6D 0x82 0x02 ...
[22:59:27] DEBUG [org.apache.directory.shared.kerberos.messages.Ticket] - Ticket initial value
: Ticket :
  tkt-vno : 5
  realm : EXAMPLE.COM
  sname : { name-type: KRB_NT_UNKNOWN, name-string : <'ldap', 'example.net'> }
  enc-part : EncryptedData : {
    etype: aes128-cts-hmac-sha1-96 (17)
    cipher: 0x77 0xFF 0x5F ...
}

...

[22:59:28] DEBUG [org.apache.directory.shared.kerberos.codec.encryptionKey.actions.EncryptionKeyInit]
- EncryptionKey created
[22:59:28] DEBUG [org.apache.directory.shared.kerberos.codec.encryptionKey.actions.StoreKeyType]
- keytype : aes128-cts-hmac-sha1-96 (17)
[22:59:28] DEBUG [org.apache.directory.shared.kerberos.codec.encryptionKey.actions.EncryptionKeyInit]
- EncryptionKey created
[22:59:28] DEBUG [org.apache.directory.shared.kerberos.codec.encryptionKey.actions.StoreKeyType]
- keytype : rc4-hmac (23)
[22:59:28] DEBUG [org.apache.directory.shared.kerberos.codec.encryptionKey.actions.EncryptionKeyInit]
- EncryptionKey created
[22:59:28] DEBUG [org.apache.directory.shared.kerberos.codec.encryptionKey.actions.StoreKeyType]
- keytype : aes256-cts-hmac-sha1-96 (18)
[22:59:28] DEBUG [org.apache.directory.shared.kerberos.codec.encryptionKey.actions.EncryptionKeyInit]
- EncryptionKey created
[22:59:28] DEBUG [org.apache.directory.shared.kerberos.codec.encryptionKey.actions.StoreKeyType]
- keytype : des-cbc-md5 (3)
[22:59:28] DEBUG [org.apache.directory.shared.kerberos.codec.encryptionKey.actions.EncryptionKeyInit]
- EncryptionKey created
[22:59:28] DEBUG [org.apache.directory.shared.kerberos.codec.encryptionKey.actions.StoreKeyType]
- keytype : des3-cbc-sha1-kd (16)
[22:59:28] WARN [org.apache.directory.server.ldap.LdapProtocolHandler] - Unexpected exception
forcing session to close: sending disconnect notice to client.
java.security.PrivilegedActionException: javax.security.sasl.SaslException: Failure to initialize
security context [Caused by GSSException: Invalid name provided (Mechanism level: KrbException:
Cannot locate default realm)]



Ed Brown



Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message