From user-return-46799-archive-asf-public=cust-asf.ponee.io@jmeter.apache.org Fri Jun 8 22:46:29 2018 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx-eu-01.ponee.io (Postfix) with SMTP id CEADB180608 for ; Fri, 8 Jun 2018 22:46:28 +0200 (CEST) Received: (qmail 50601 invoked by uid 500); 8 Jun 2018 20:46:27 -0000 Mailing-List: contact user-help@jmeter.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "JMeter Users List" Delivered-To: mailing list user@jmeter.apache.org Received: (qmail 50590 invoked by uid 99); 8 Jun 2018 20:46:27 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 08 Jun 2018 20:46:27 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id 2FB95180A74 for ; Fri, 8 Jun 2018 20:46:27 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 4.19 X-Spam-Level: **** X-Spam-Status: No, score=4.19 tagged_above=-999 required=6.31 tests=[HTML_MESSAGE=2, KAM_LAZY_DOMAIN_SECURITY=1, KAM_LINEPADDING=1.2, T_RP_MATCHES_RCVD=-0.01] autolearn=disabled Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id X6Lwo4_1VwVn for ; Fri, 8 Jun 2018 20:46:23 +0000 (UTC) Received: from internetallee.de (internetallee.de [81.169.162.220]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTPS id 18DB75F3B7 for ; Fri, 8 Jun 2018 20:46:22 +0000 (UTC) Received: from [192.168.178.91] (p54889369.dip0.t-ipconnect.de [84.136.147.105]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by internetallee.de (Postfix) with ESMTPSA id 35DC4E234C3 for ; Fri, 8 Jun 2018 22:46:16 +0200 (CEST) Subject: Re: Jmeter Kerberos To: user@jmeter.apache.org References: <1528489690258-0.post@n5.nabble.com> From: Felix Schumacher Message-ID: <2e18f793-c182-01ca-00d8-04d075bbaab3@internetallee.de> Date: Fri, 8 Jun 2018 22:46:15 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.8.0 MIME-Version: 1.0 In-Reply-To: <1528489690258-0.post@n5.nabble.com> Content-Type: multipart/alternative; boundary="------------1F2D4805371023C6B662BB7B" Content-Language: en-US --------------1F2D4805371023C6B662BB7B Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Am 08.06.2018 um 22:28 schrieb chandrikak: > Thanks for the response Felix. > > 1. Yes the below two files are enabled in system.properties .: > (if i give wrong path, i get error in jmeter log, so validated it that way) > > java.security.krb5.conf=krb5.conf > java.security.auth.login.config=jaas.conf You could try to set -Dsun.security.krb5.debug=true to get more debug information. || || > > 2. I am using windows machine and hence cannot configure the bin/setenv.sh But you could place those settings in bin/setenv.bat :) > > 3.Request headers: > > Connection: keep-alive > User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows; Trident/6.0) > > > 4. The server doesnt have any problem because the same uris works fine in > loadrunner and manually through browser as well. > When recording the script via Loadrunner, it is recording fine succesfully, > but replay again throws same error: >> WARN - org.apache.http.client.protocol.RequestTargetAuthentication: >> NEGOTIATE authentication error: No valid credentials provided (Mechanism >> level: No valid credentials provided (Mechanism level: Message stream >> modified (41))) >> >> WARN - org.apache.http.client.protocol.RequestTargetAuthentication: >> NEGOTIATE authentication error: No valid credentials provided (Mechanism >> level: No valid credentials provided (Mechanism level: Message stream >> modified (41))) The only things I found on google pointed to upper/lowercase problems with the domain. Check that you have uppercased the domain on every SPN: user@REALM > 5. Already update the JAAS to include debug=true. here is the log response > in command prompt: > > > Debug is true storeKey false useTicketCache false useKeyTab false > doNotPrompt f > alse ticketCache is null isInitiator true KeyTab is null refreshKrb5Config > is fa > lse principal is null tryFirstPass is false useFirstPass is false storePass > is f > alse clearPass is false > [Krb5LoginModule] user entered username: *testuser* > > principal is *testuser@XXX.TEST.COM* > Commit Succeeded > > 6. krb5.conf > > # Default Krb5.conf file for OctetString VDE 3.0 > > [libdefaults] > default_realm = XXX.TEST.COM > default_checksum = *** > default_tkt_enctypes = *** > default_tgs_enctypes = *** > permitted_enctypes = *** I would omit all the above settings except the default_realm. > udp_preference_limit=* > # default_tgs_enctypes = ** > # default_tkt_enctypes = ** > # permitted_enctypes = ** > ## clockskew=* > ## kdc_timeout=** > ## max_retries=* > > [realms] > > > xxx.test.COM = { > > kdc = servername.XXX.TEST.COM > admin_server = servername.xxx.test.com > default_domain = XXX.TEST.COM Your kerberos domain is most probably set up correctly in DNS, so leave out this section completely. Regards,  Felix > } > > > > [domain_realm] > > .xxx.test.com = XXX.TEST.COM > xxx.test.com = XXX.TEST.COM > > #[logging] > # kdc = /opt/apps/Oracle/OViD/logs/local1 > # admin-server = /opt/apps/Oracle/OViD/logs/local2 > # default = /opt/apps/Oracle/OViD/logs/auth > > > > > > > > > > > -- > Sent from: http://www.jmeter-archive.org/JMeter-User-f512775.html > > --------------------------------------------------------------------- > To unsubscribe, e-mail: user-unsubscribe@jmeter.apache.org > For additional commands, e-mail: user-help@jmeter.apache.org > --------------1F2D4805371023C6B662BB7B--