Can you describe what you have done ? When you always get a NTLM token it normally means that there is no key for this service in your kdc. Check that you don't use CNAMEs. Use kerbtray on your Windows machine to see which tickets are available for IE.
Regards Markus "Siarhei Baidun" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] Hello Everybody, I'm experiencing a problem that is getting very serious for me since I have not found any solution for a week. I have a SuSe 9.0 Enterprise Server installed with Apache 2.0.49. My goal is to set up kerberos authentication. I have also installed and configured mod_auth_kerb module for Apache. Now I'm trying to access protected pages on my server via browser (I tried IE6, Mozilla 1.7.12 and FireFox 1.5b1) I'm constantly getting 401 Error - authentication failed! I haved debugged HTTP calls and have found that browser send NTLMSSP response instaed of Kerberos one. As a result Apache writes to errror log the following: [Mon Oct 03 11:04:04 2005] [debug] src/mod_auth_kerb.c(1322): [client 10.3.103.154 <http://10.3.103.154>] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos [Mon Oct 03 11:04:04 2005] [debug] src/mod_auth_kerb.c(1322): [client 10.3.103.154 <http://10.3.103.154>] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos [Mon Oct 03 11:04:04 2005] [debug] src/mod_auth_kerb.c(1023): [client 10.3.103.154 <http://10.3.103.154>] Acquiring creds for HTTP/[EMAIL PROTECTED] [Mon Oct 03 11:04:04 2005] [debug] src/mod_auth_kerb.c(1152): [client 10.3.103.154 <http://10.3.103.154>] Verifying client data using KRB5 GSS-API [Mon Oct 03 11:04:04 2005] [debug] src/mod_auth_kerb.c(1168): [client 10.3.103.154 <http://10.3.103.154>] Verification returned code 589824 [Mon Oct 03 11:04:04 2005] [debug] src/mod_auth_kerb.c(1194): [client 10.3.103.154 <http://10.3.103.154>] Warning: received token seems to be NTLM, which isn't supported by the Kerberos module. Check your IE configuration. [Mon Oct 03 11:04:04 2005] [error] [client 10.3.103.154<http://10.3.103.154>] gss_accept_sec_context() failed: A token was invalid (Success) For already a week I can't find a workaround for the problem or to find at least the reason of such behaviour. And this thing does not depend on the browser - IE, Mozilla or Firefox - I'm getting the same on all of them. I would be very appreciated if somebody give me a hint what is happening, why and how to solve the problem. -- Thanks a lot in advance, Siarhei Baidun ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
