Hi all,
I have been able to authenticate the user based on the credentials provided but still not able to resolve the issue of NTLM based token from the browser. Following is the error message from apache web server for token processing Warning: received token seems to be NTLM, which isn't supported by the Kerberos module. Check your IE configuration. I tried with IE as well as MOzilla browser. I followed the respective configuration for IE and Mozilla but still not able to get the Kerberos token. It seems that there must be some configuration for the windows machine to send kerberos token instead of NTLM. Could someone please let me know the required configuration to fetch kerberos based token from the browser? Thanks, Vijay -----Original Message----- From: Vijay Jain [mailto:[EMAIL PROTECTED] Sent: Thursday, May 10, 2007 10:28 PM To: Gopalan, Sriram; [email protected] Subject: RE: Error while authenticating using mod_auth_kerb module Hi Sriram, I am obliged by your eagerness to help me resolve my issue. Thank you very much. Please find attached mod_auth_kerb configuration doc containing the configuration details for the AD server and apache web server configuration. The document contains 1) Snap shots of KERBTRAY.EXE 2) APACHE error logs 3) /etc/krb5.conf 4) httpd.conf configuration for mod_auth_kerb 5) ktpass.exe input paramters 6) kinit command output etc.. Please provide feedback, if any. Thanks, Vijay -----Original Message----- From: Gopalan, Sriram [mailto:[EMAIL PROTECTED] Sent: Thursday, May 10, 2007 12:57 AM To: [EMAIL PROTECTED]; [email protected] Subject: RE: Error while authenticating using mod_auth_kerb module It should not be getting into basic auth. Still it should authenticate in basic mode, unless you type wrong password. So most likely it might be the issue with your httpd.conf or kerb5.conf. --Sriram -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, May 09, 2007 8:57 AM To: [email protected] Subject: Error while authenticating using mod_auth_kerb module Hi All, I am using mod_auth_kerb module on Apache web server to authenitcate user based on the Windows login. The token based authentication is not sucessful and am getting "authorization required" message after providing credentials through pop-up three times. Basically teh issue is with the token povied by IE. It is NTLM instead of kerberos token. I googled on net and found the the issue is with IE settings. I followed the *resolutions* mentioned at the following link http://technet2.microsoft.com/windowsserver/en/library/6291dce1-4ea8-4b4 f-a9c1-23926ab6e8dd1033.mspx?mfr=true i.e enabling IWA through browser. Adding site to intranet list Disabling proxies But still not able to get Kerberos token from IE Following is the message in Apache log Warning: received token seems to be NTLM, which isn't supported by the Kerberos module. Check your IE configuration. Can someone help me resolve the issue? Thanks, Vijay DISCLAIMER ========== This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails. ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos DISCLAIMER ========== This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails. ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
