AW: some windows user fail

Wed, 13 Feb 2013 23:01:52 -0800 

It turned out to be a problem in the Oracle Directory Server documentation 
about configuring GSSAPI (one should use "dsMatching-pattern: ${Principal}" 
instead of " dsMatching-pattern: \${Principal} " in the identityMapping)

Now all users work as expected.

--Michael Gsandtner

-----Ursprüngliche Nachricht-----
Von: Benjamin Kaduk *EXTERN* [mailto:[email protected]] 
Gesendet: Donnerstag, 24. Jänner 2013 04:29
An: Gsandtner Michael
Cc: '[email protected]'
Betreff: Re: some windows user fail

On Mon, 21 Jan 2013, Gsandtner Michael wrote:

> We want to access a LDAP Directory Server:
> Directory Server: Sun-Directory-Server/11.1.1.5.0 B2011.0517.2353 (64-bit) on 
> Red Hat Enterprise Linux Server release 5.8 (Tikanga)
> KDC: Active Directory 2003 on Windows Server 2003 SP2
> Client Jxplorer v3.3.02 on Red Hat Enterprise Linux ES release 4 (Nahant 
> Update 9)
>
> Most of the domain user work, however some do not, e.g.:

It is a bit hard to tell what the failing behavior is from the verbose log 
without a success case to compare to, but:

> # kinit admadvgsa
> # JXOPTS="-Dsun.security.krb5.debug=true" ./jxplorer.sh console
> starting JXplorer...
> java -Dsun.security.krb5.debug=true -Dfile.encoding=utf-8  -cp 
> .:jars/*:jasper/lib/* com.ca.directory.jxplorer.JXplorer
> Jan 21, 2013 11:10:31 AM com.ca.directory.jxplorer.JXplorer printTime

> Using builtin default etypes for default_tgs_enctypes
> default etypes for default_tgs_enctypes: 3 1 23 16 17.
>>>> CksumType: sun.security.krb5.internal.crypto.RsaMd5CksumType
>>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
>>>> KrbKdcReq send: kdc=master.magwien.gv.at UDP:88, timeout=30000, number of 
>>>> retries =3, #bytes=1340
>>>> KDCCommunication: kdc=master.magwien.gv.at UDP:88, timeout=30000,Attempt 
>>>> =1, #bytes=1340
>>>> KrbKdcReq send: #bytes read=1322
>>>> KrbKdcReq send: #bytes read=1322
>>>> KdcAccessibility: remove master.magwien.gv.at
>>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
>>>> KrbApReq: APOptions are 00000000 00000000 00000000 00000000
>>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType

Are these three EType lines different for a successful case?

-Ben Kaduk

> Krb5Context setting mySeqNumber to: 658059415
> Krb5Context setting peerSeqNumber to: 0

________________________________________________
Kerberos mailing list           [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos

Reply via email to