Well the setup is pretty much in the subject of the message. Here is what I did more:
0. Specify the needed params in krb5.conf (mainly the kdc and realms is important), important here is that : kinit [email protected] works fine! I do get a Ticket Granting Ticket (which I can see with klist). 1. On the AD side I mapped the user to the SPN. (setspn -A qpidd/[email protected] user) 2. Generated the keytab with ktpas on the AD box: ktpass -out c:\temp\qpidd.keytab -princ qpidd/[email protected] -mapUser user -mapOp set -pass ****** -crypto DES-CBC-MD5 -pType KRB5_NT_PRINCIPAL +DesOnly 3. Put the keytab file in /etc 4. Invoke a sample connection. String URL for connection is: "amqp://ananymous:guest@clientid/testpath?brokerlist='tcp://10.1.10.89:5672?sasl_mechs='GSSAPI'&sasl_protocol='qpidd'&sasl_server='vmvmrg''"; As a result I get: AMQConnectionFailureException: Cannot connect to broker : connection-refused : Authentication Failed (error code 320 : connection forced). Seems (and may be I am wrong) like the params that I send in the connection url are wrong. Anyone with an opinion? Thank You, Eugene. -- View this message in context: http://apache-qpid-developers.2158895.n2.nabble.com/qpidd-0-14-Kerberos-Active-Directory-on-Windows-2003-Server-tp7581381.html Sent from the Apache Qpid developers mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
