Hi,
No that is the weirdest thing the ip CAS machine.
The JCIFS Config is as follows, I tried kerberosKdc with ip address and
same results.
<bean id="jcifsConfig"
class="org.jasig.cas.support.spnego.authentication.handler.support.JCIFSConfig"
p:jcifsServicePrincipal="HTTP/[email protected]"
p:kerberosDebug="true"
p:kerberosRealm="DEVAD.VU.EDU.AU"
p:kerberosConf="/var/lib/tomcat8/webapps/cas/WEB-INF/classes/vuProperties/caskrb5.conf"
p:kerberosKdc="devaddc1.devad.vu.edu.au"
p:loginConf="/var/lib/tomcat8/webapps/cas/WEB-INF/classes/vuProperties/login.conf"/>
<bean id="spnegoAuthentication" class="jcifs.spnego.Authentication" />
<bean id="spnegoHandler"
class="org.jasig.cas.support.spnego.authentication.handler.support.JCIFSSpnegoAuthenticationHandler"
p:authentication-ref="spnegoAuthentication"
p:principalWithDomainName="false"
p:NTLMallowed="true" />
<bean id="spnegoPrincipalResolver"
class="org.jasig.cas.support.spnego.authentication.principal.SpnegoPrincipalResolver"
/>
caskrb5.conf is as follows,
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
ticket_lifetime = 24000
default_realm = DEVAD.VU.EDU.AU
default_keytab_name =
/usr/share/tomcat8/webapps/cas/WEB-INF/classes/vuProperties/svc_casadsso.keytab
dns_lookup_realm = false
dns_lookup_kdc = false
default_tkt_enctypes = rc4-hmac
default_tgs_enctypes = rc4-hmac
[realms]
DEVAD.VU.EDU.AU = {
kdc = devaddc1.devad.vu.edu.au:88
}
[domain_realm]
.devad.vu.edu.au = DEVAD.VU.EDU.AU
devad.vu.edu.au = DEVAD.VU.EDU.AU
On Friday, 22 July 2016 20:08:50 UTC+10, Stefan Paetow wrote:
>
> > 2016-07-22 14:22:03,728 DEBUG
> [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] -
> <JCIFSSpnegoAuthenticationHandler exception details: Error performing NTLM
> authentication: jcifs.smb.SmbException: Failed to connect:
> JCIFS192_30_1C<00>/XX.XX.XX.XX
> > jcifs.util.transport.TransportException
> > java.net.ConnectException: Connection refused
>
> Well, who does the IP that the above failure to connect refer to?
> domaindc1.devad.cc.ee.aa?
>
> Basically Java is trying to make an SMB connection to the KDC server (the
> domain controller) that is supposed to provide it with a ticket based on
> your credential and it's getting a connection refused.
>
> Stefan Paetow
> Moonshot Industry & Research Liaison Coordinator
>
> t: +44 (0)1235 822 125
> gpg: 0x3FCE5142
> xmpp: [email protected] <javascript:>
> skype: stefan.paetow.janet
>
> jisc.ac.uk
>
> Jisc is a registered charity (number 1149740) and a company limited by
> guarantee which is registered in England under Company No. 5747339, VAT No.
> GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower Hill,
> Bristol, BS2 0JA. T 0203 697 5800.
>
>
>
>
>
--
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/f2538a74-2978-4ded-b7fa-3936baf08a8c%40apereo.org.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.
