On Fri, Jun 6, 2008 at 2:38 PM, Céline AUSSOURD < [EMAIL PROTECTED]> wrote: > <bean name="jcifsConfig" class="org.jasig.cas.support.spnego.authentication.handler.support.JCIFSConfig"> > <property name="jcifsServicePrincipal" value="HTTP/ [EMAIL PROTECTED]" /> > <property name="jcifsServicePassword" value="XXXX" /> > <property name="jcifsDomain" value="VILLE-CHATEAUROUX.FR"/> > <property name="jcifsDomainController" value=" CETYUNIX.VILLE-CHATEAUROUX.FR"/> > <property name="kerberosDebug" value="true" /> > <property name="kerberosRealm" value="VILLE-CHATEAUROUX.FR" /> > <property name="kerberosKdc" value="172.16.11.0" /> > <property name="loginConf" value="/usr/local/liferay/webapps/cas/WEB-INF/login.conf" /> > </bean>
Céline, You should use FQDN for CAS Server URL and SPN configuration. I mean : CAS Server URL should be reached using : https://pronostix*. ville-chateauroux.fr*/cas/login instead of https://pronostix/cas/login You will also have to update the Service Principal name of the service account in Active Directory. It should be HTTP/pronostix*. [EMAIL PROTECTED] instead of HTTP/ [EMAIL PROTECTED] Then update : your cas configuration to : <property name="jcifsServicePrincipal" value="HTTP/pronostix*. [EMAIL PROTECTED]" /> If this is still not working, could you please check that you do have a valid krbtgt (Kerberos Granting Ticket) on you client windows session ? To check this, you can use : - kerbtray.exe to see the tickets - or klist.exe Bon courage ! -- Arnaud Lesueur LinkedIn: http://www.linkedin.com/in/lesueur
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
