Hi, I already search for all information I could, read most of them. I know neon is problematic, I had issues before. All eventually resolved after a lot of tears, as Microsoft does not support decent logging.
Alon On Mon, Oct 3, 2011 at 4:33 PM, Douglas E. Engert <[email protected]> wrote: > > > On 10/3/2011 9:12 AM, Alon Bar-Lev wrote: >> Hello, >> >> I have configuration of active directory 2003 r2 sp3 working with >> linux mod_auth_kerb. >> I use SPNEGO for subversion. >> When using Linux all work great! >> When using Windows XP(and Windows 7) Firefox/IE/cifs client work great. >> >> Problem is subversion which uses neon, it get the following: > > Googling for: neon SPNEGO > shows a lot of issues. Maybe you are seeing one of them? > > >> --- >> Running post_send hooks >> ah_post_send (#1), code is 201 (want 401), WWW-Authenticate is Negotiate >> oYGfMIG >> coAMKAQChCwYJKoZIhvcSAQICooGHBIGEYIGBBgkqhkiG9xIBAgICAG9yMHCgAwIBBaEDAgEPomQwYqA >> DAgEXolsEWTLvPLmZvxBgaMEmPDDTIeG9bdJ5rmfTEtsj6Cv9eF9s9Z8sBWhVhPXYzIVsm/sw0hqR+1u >> DM9frpOeV2Y0YGtDk2flN5iOM/HdEujj0GXAYEWHvPp/3kSc2 >> auth: SSPI challenge. >> InitializeSecurityContext [fail] [80090304]. >> sspi: initializeSecurityContext [failed] [80090304]. >> --- >> >> At windows event log I see the following: >> --- >> Event Type: Warning >> Event Source: LSASRV >> Event Category: SPNEGO (Negotiator) >> Event ID: 40962 >> Date: 10/3/2011 >> Time: 3:55:38 PM >> User: N/A >> Computer: VALON >> Description: >> The Security System was unable to authenticate to the server >> HTTP/correlux-gentoo.correlsense.com because the server has completed >> the authentication, but the client authentication protocol Kerberos >> has not. >> >> For more information, see Help and Support Center at >> http://go.microsoft.com/fwlink/events.asp. >> --- >> >> Had anyone seen this before? >> I tried many configurations, but without success: >> --- >> Gentoo >> --- >> dev-libs/openssl-1.0.0e -> also downgraded to openssl-0.9.8f >> www-servers/apache-2.2.21 >> www-apache/mod_auth_kerb-5.4 -> also downgraded to mod_auth_kerb-5.1 >> net-fs/samba-3.5.11 >> app-crypt/mit-krb5-1.9.1 -> also downgraded to 1.6.3 >> --- >> >> The strange thing is that I have centos server on the same network >> with *MUCH* older packages and it does work... >> --- >> CentOS >> --- >> openssl-0.9.8e-20.el5 >> httpd-2.2.3-53.el5.centos.1 >> mod_ssl-2.2.3-53.el5.centos.1 >> mod_auth_kerb-5.1-3.el5 >> samba-3.0.33-3.29.el5_7.4 >> krb5-workstation-1.6.1-62.el5 >> --- >> >> I cannot reach this old state at Gentoo, but I cannot explain the >> difference between the two machines, I use the same procedure to add >> them to the domain: >> <edit smb.conf> >> net ads join >> net ads keytab create >> net ads keytab add HTTP cifs >> >> The same configuration for both. >> >> I don't know how to activate logs at Microsoft end... >> I tried to add Lsa\Kerberos\Parameters debug and logging keys but >> nothing is generated. >> >> Any clue? >> >> Thanks, >> Alon. >> ________________________________________________ >> Kerberos mailing list [email protected] >> https://mailman.mit.edu/mailman/listinfo/kerberos >> >> > > -- > > Douglas E. Engert <[email protected]> > Argonne National Laboratory > 9700 South Cass Avenue > Argonne, Illinois 60439 > (630) 252-5444 > ________________________________________________ > Kerberos mailing list [email protected] > https://mailman.mit.edu/mailman/listinfo/kerberos > ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
