jmeter-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Felix Schumacher <felix.schumac...@internetallee.de>
Subject Re: Jmeter Kerberos
Date Fri, 08 Jun 2018 20:46:15 GMT


Am 08.06.2018 um 22:28 schrieb chandrikak:
> Thanks for the response Felix.
>
> 1. Yes the below two files are enabled in system.properties .:
> (if i give wrong path, i get error in jmeter log, so validated it that way)
>
> java.security.krb5.conf=krb5.conf
> java.security.auth.login.config=jaas.conf
You could try to set -Dsun.security.krb5.debug=true to get more debug 
information. ||
||
>
> 2. I am using windows machine and hence cannot configure the bin/setenv.sh
But you could place those settings in bin/setenv.bat :)
>
> 3.Request headers:
>
> Connection: keep-alive
> User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows; Trident/6.0)
>
>
> 4. The server doesnt have any problem because the same uris works fine in
> loadrunner and manually through browser as well.
> When recording the script via Loadrunner, it is recording fine  succesfully,
> but replay again throws same error:
>> WARN  - org.apache.http.client.protocol.RequestTargetAuthentication:
>> NEGOTIATE authentication error: No valid credentials provided (Mechanism
>> level: No valid credentials provided (Mechanism level: Message stream
>> modified (41)))
>>
>> WARN  - org.apache.http.client.protocol.RequestTargetAuthentication:
>> NEGOTIATE authentication error: No valid credentials provided (Mechanism
>> level: No valid credentials provided (Mechanism level: Message stream
>> modified (41)))
The only things I found on google pointed to upper/lowercase problems 
with the domain.
Check that you have uppercased the domain on every SPN: user@REALM
> 5. Already update the JAAS to include debug=true.  here is the log response
> in command prompt:
>
>
> Debug is  true storeKey false useTicketCache false useKeyTab false
> doNotPrompt f
> alse ticketCache is null isInitiator true KeyTab is null refreshKrb5Config
> is fa
> lse principal is null tryFirstPass is false useFirstPass is false storePass
> is f
> alse clearPass is false
>                  [Krb5LoginModule] user entered username: *testuser*
>
> principal is *testuser@XXX.TEST.COM*
> Commit Succeeded
>
> 6. krb5.conf
>
> # Default Krb5.conf file for OctetString VDE 3.0
>
> [libdefaults]
>          default_realm = XXX.TEST.COM
>          default_checksum = ***
>          default_tkt_enctypes = ***
>          default_tgs_enctypes = ***
>          permitted_enctypes = ***
I would omit all the above settings except the default_realm.
>          udp_preference_limit=*
> #       default_tgs_enctypes = **
> #       default_tkt_enctypes = **
> #       permitted_enctypes = **
> ##        clockskew=*
>    ##      kdc_timeout=**
>      ##    max_retries=*
>
> [realms]
>   
>
>          xxx.test.COM = {
>     
> kdc = servername.XXX.TEST.COM
> admin_server = servername.xxx.test.com
> default_domain = XXX.TEST.COM
Your kerberos domain is most probably set up correctly in DNS, so leave 
out this section completely.

Regards,
  Felix

>          }
>
>         
>
> [domain_realm]
>         
>          .xxx.test.com = XXX.TEST.COM
>          xxx.test.com = XXX.TEST.COM
>         
> #[logging]
> #        kdc = /opt/apps/Oracle/OViD/logs/local1
> #        admin-server = /opt/apps/Oracle/OViD/logs/local2
> #        default = /opt/apps/Oracle/OViD/logs/auth
>
>
>
>
>
>
>
>
>
>
> --
> Sent from: http://www.jmeter-archive.org/JMeter-User-f512775.html
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org
> For additional commands, e-mail: user-help@jmeter.apache.org
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message