John: I would try bringing down the AD server and just see if CAS locks. Since CAS is using LDAP with AD, you're actually making a service connection on CAS startup and then maintaining one SSL socket connection for the time that CAS is up.
Try it and if you find that to be the problem, share it with us. Thanks, David On 10/17/08, Andrew Ralph Feller, afelle1 <[EMAIL PROTECTED]> wrote: > John, > > Have you looked into using AD + Kerberos instead of AD + LDAP? We have done > AD + LDAP in the past and currently do AD + Kerberos due to our AD > administrators preferences; also it doesn't require us to use a service > account. If interested in Kerberos, you should look into the > JaasAuthenticationHandler ( > http://www.ja-sig.org/wiki/display/CASUM/JAAS ). > > HTH, > Andrew > > PS: You wouldn't happen to be at the Tucson branch of Raytheon by any chance > would you? > > > On 10/17/08 9:27 AM, "Scott Battaglia" <[EMAIL PROTECTED]> wrote: > > > This seems to have popped up previously: > > http://tp.its.yale.edu/pipermail/cas/2008-July/008884.html > > Not sure if its the same problem though. > > -Scott > > -Scott Battaglia > PGP Public Key Id: 0x383733AA > LinkedIn: http://www.linkedin.com/in/scottbattaglia > > > On Fri, Oct 17, 2008 at 10:17 AM, John M Stewart <[EMAIL PROTECTED]> > wrote: > > Greetings: > > We recently deployed CAS as our sso solution on Tomcat 6. During > development and testing it's worked fine but now after we've deployed we > are randomly getting failures where no one can login and the users get a > stacktrace after they enter their credentials with an AD LDAP error message > that looks like this: > > [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment > AcceptSecurityContext error, data 52e, vece] > > I say it's random because the app works fine for a day or two and then we > start getting this error and no one can login, but after I stop/start CAS > via the manager it works fine again. I know that the users are putting in > the right credentials. Has anyone else seen this behaviour with CAS + AD? > Thanks in advance! > > John Stewart. > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > > > ________________________________ > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > > -- > Andrew R. Feller, Analyst > Information Technology Services > 200 Fred Frey Building > Louisiana State University > Baton Rouge, LA 70803 > (225) 578-3737 (Office) > (225) 578-6400 (Fax) > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > > _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
