run kerbtray.exe on windows system and try to purge all the available ticket cache.
On Nov 26, 2007 6:08 PM, <[EMAIL PROTECTED]> wrote: > Sounds like the same problem I postet last week. Unfortunately I have not > found a solution for it. If you find any, please let me know, I will do the > same. > > Just to check: > [ ] You have the "Enable Integrated Windows Authentication" chackbox > checked and restarted your browser > [ ] You have added the site you are contacting to your "local intranet > zoone" > [ ] In security Settings for intranet zone "Automatic logon only in > intranet zone" is selected > > Regards, > Florian > > > -------- Original-Nachricht -------- > > Datum: Mon, 26 Nov 2007 03:04:43 -0800 (PST) > > Von: palm <[EMAIL PROTECTED]> > > An: [email protected] > > Betreff: Apache + Kerberos + MS-AD = SSO / Problem with a Login Box for > some Users > > > hi, > > > > currently we had a heavy problem with our SSO configuration. u can see > > in subject which configuration we have. its a apache2 with kerberos > > modules and the users are in an MS active directory. > > > > everything works rather fine. but some of the users get a login > > message dialog box few times a day. after the login with their > > username and password everything works fine. some of them getting the > > box again after a while and some don't. > > > > for the most of all users it works fine. but its not only a special > > group who had this login box problem. the most of all users had > > alleady this problem not > > > > when a User get the Login Box we found this messages in the Apache > > logs : > > > > [Wed Nov 21 12:11:03 2007] [debug] src/mod_auth_kerb.c(1483): [client > > 192.168.2.115] kerb_authenticate_user entered with user (NULL) and > > auth_type Kerberos [Wed Nov 21 12:11:03 2007] [debug] src/ > > mod_auth_kerb.c(1483): [client 192.168.2.115] kerb_authenticate_user > > entered with user (NULL) and auth_type Kerberos [Wed Nov 21 12:11:03 > > 2007] [debug] src/mod_auth_kerb.c(1174): [client 192.168.2.115] > > Acquiring creds for HTTP/[EMAIL PROTECTED] > > > > [Wed Nov 21 12:11:03 2007] [debug] src/mod_auth_kerb.c(1314): [client > > 192.168.2.115] Verifying client data using KRB5 GSS-API [Wed Nov 21 > > 12:11:03 2007] [debug] src/mod_auth_kerb.c(1330): [client > > 192.168.2.115] Verification returned code 589824 [Wed Nov 21 12:11:03 > > 2007] [debug] src/mod_auth_kerb.c(1357): [client 192.168.2.115] > > Warning: received token seems to be NTLM, which isn't supported by the > > Kerberos module. Check your IE configuration. > > > > [Wed Nov 21 12:11:03 2007] [error] [client 192.168.2.115] > > gss_accept_sec_context() failed: A token was invalid (Token header is > > malformed or corrupt) [Wed Nov 21 12:24:11 2007] [debug] src/ > > mod_auth_kerb.c(1483): [client 192.168.2.115] kerb_authenticate_user > > entered with user (NULL) and auth_type Kerberos [Wed Nov 21 12:24:11 > > 2007] [debug] src/mod_auth_kerb.c(943): [client 192.168.2.115] Using > > HTTP/[EMAIL PROTECTED] as server principal for > > password verification [Wed Nov 21 12:24:11 2007] [debug] src/ > > mod_auth_kerb.c(683): [client 192.168.2.115] Trying to get TGT for > > user [EMAIL PROTECTED] [Wed Nov 21 12:24:11 2007] [debug] src/ > > mod_auth_kerb.c(597): [client 192.168.2.115] Trying to verify > > authenticity of KDC using principal HTTP/ > > [EMAIL PROTECTED] > > > > The reason for that Problem is that the Browser tried to get a NTLM > > Ticket but we dont know why .... everythings is configured for > > Kerberos and for the most of all User it works fine. We check allready > > different Browsers and we have this Problem with IE 6 & 7 and Firefox. > > > > I hope someone here had a great Idea what we can do. > > > > greetz > > palm > > ________________________________________________ > > Kerberos mailing list [email protected] > > https://mailman.mit.edu/mailman/listinfo/kerberos > ________________________________________________ > Kerberos mailing list [email protected] > https://mailman.mit.edu/mailman/listinfo/kerberos > -- Nikhil Google is Great ! ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
