I have managed to solve that issue by adding the following to the
JCIFSConfig
p:jcifsDomain="devad.vu.edu.au"
p:jcifsDomainController="devaddc1.devad.vu.edu.au"
Question, Is the problem a domain issue.
As you can see by the above configuration. The domain controller
information is.
Domain: devad.vu.edu.au
Domain Controller: devaddc1.devad.vu.edu.au
But the CAS machine configuration is the following.
CAS Address: devportalweb1.vu.edu.au
Domain: vu.edu.au
The machine will need to connect to the devad.vu.edu.au domain correct?
On Monday, 25 July 2016 10:15:59 UTC+10, Colin Wilkinson wrote:
>
> Hi,
>
> No that is the weirdest thing the ip CAS machine.
>
> CAS Machine ip address is XX.XX.XX.XX
> DEVADDC ip address is YY.YY.YY.YY
>
> The JCIFS Config is as follows, I tried kerberosKdc with ip address and
> same results.
>
> <bean id="jcifsConfig"
>
> class="org.jasig.cas.support.spnego.authentication.handler.support.JCIFSConfig"
> p:jcifsServicePrincipal="HTTP/
> devportalweb1.vu.edu...@devad.vu.edu.au"
> p:kerberosDebug="true"
> p:kerberosRealm="DEVAD.VU.EDU.AU <http://devad.vu.edu.au/>"
>
> p:kerberosConf="/var/lib/tomcat8/webapps/cas/WEB-INF/classes/vuProperties/caskrb5.conf"
> p:kerberosKdc="devaddc1.devad.vu.edu.au"
>
> p:loginConf="/var/lib/tomcat8/webapps/cas/WEB-INF/classes/vuProperties/login.conf"/>
>
> <bean id="spnegoAuthentication" class="jcifs.spnego.Authentication" />
>
> <bean id="spnegoHandler"
>
> class="org.jasig.cas.support.spnego.authentication.handler.support.JCIFSSpnegoAuthenticationHandler"
> p:authentication-ref="spnegoAuthentication"
> p:principalWithDomainName="false"
> p:NTLMallowed="true" />
>
> <bean id="spnegoPrincipalResolver"
>
> class="org.jasig.cas.support.spnego.authentication.principal.SpnegoPrincipalResolver"
>
> />
>
> caskrb5.conf is as follows,
>
> [logging]
> default = FILE:/var/log/krb5libs.log
> kdc = FILE:/var/log/krb5kdc.log
> admin_server = FILE:/var/log/kadmind.log
>
> [libdefaults]
> ticket_lifetime = 24000
> default_realm = DEVAD.VU.EDU.AU <http://devad.vu.edu.au/>
> default_keytab_name =
> /usr/share/tomcat8/webapps/cas/WEB-INF/classes/vuProperties/svc_casadsso.keytab
> dns_lookup_realm = false
> dns_lookup_kdc = false
> default_tkt_enctypes = rc4-hmac
> default_tgs_enctypes = rc4-hmac
>
> [realms]
> DEVAD.VU.EDU.AU <http://devad.vu.edu.au/> = {
> kdc = devaddc1.devad.vu.edu.au:88
> }
>
> [domain_realm]
> .devad.vu.edu.au = DEVAD.VU.EDU.AU
> <http://www.google.com/url?q=http%3A%2F%2FDEVAD.VU.EDU.AU&sa=D&sntz=1&usg=AFQjCNFvxr1ZUcuqEnIpYZBvNTSZ-aJ5jA>
> devad.vu.edu.au = DEVAD.VU.EDU.AU <http://devad.vu.edu.au/>
>
> On Friday, 22 July 2016 20:08:50 UTC+10, Stefan Paetow wrote:
>>
>> > 2016-07-22 14:22:03,728 DEBUG
>> [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] -
>> <JCIFSSpnegoAuthenticationHandler exception details: Error performing NTLM
>> authentication: jcifs.smb.SmbException: Failed to connect:
>> JCIFS192_30_1C<00>/XX.XX.XX.XX
>> > jcifs.util.transport.TransportException
>> > java.net.ConnectException: Connection refused
>>
>> Well, who does the IP that the above failure to connect refer to?
>> domaindc1.devad.cc.ee.aa?
>>
>> Basically Java is trying to make an SMB connection to the KDC server (the
>> domain controller) that is supposed to provide it with a ticket based on
>> your credential and it's getting a connection refused.
>>
>> Stefan Paetow
>> Moonshot Industry & Research Liaison Coordinator
>>
>> t: +44 (0)1235 822 125
>> gpg: 0x3FCE5142
>> xmpp: ste...@jabber.dev.ja.net
>> skype: stefan.paetow.janet
>>
>> jisc.ac.uk
>>
>> Jisc is a registered charity (number 1149740) and a company limited by
>> guarantee which is registered in England under Company No. 5747339, VAT No.
>> GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower Hill,
>> Bristol, BS2 0JA. T 0203 697 5800.
>>
>>
>>
>>
>>
--
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To post to this group, send email to cas-user@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/514f0bdc-d8c5-42a1-8e14-f6c23fd9fbce%40apereo.org.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.
