Re: [Studio] Apache Directory Studio not able to authenticate using GSSAPI (Kerberos)
On 10/15/2016 03:29 PM, Stefan Seelmann wrote: > On 10/15/2016 11:14 AM, Ali, Saqib wrote: >> Hello everyone, >> >> Any help with this? > > Not yet. > > I started to build a test environment (I plan Docker containers with a > KDC) but didn't finish yet. But I'm not able to test against an Active > Directory because I don't have one available. I'm done with the tests and I'm happy that it works. I run an ApacheDS as KDC, do a kinit to get the TGT which is then stored in credentials cache in /tmp/krb5cc_1000. Then in Studio Kerberos connection properties I configured "Use native TGT" and "Use native system configuration" and finally the authentication worked. While writing the tests I also got your error mesage "Unable to obtain Principal Name for authentication". This means that Studio/Java cannot read the credential cache. Please make sure that you run kinit and your /tmp/krb5cc_uid exists and is readable. Another issue when I got this error message within the Docker container was that there was no entry in /etc/passwd for my user and then Java could not resolve user.name to the uid. I hope this helps you a bit to get a step further. Kind Regards, Stefan
Re: [Studio] Apache Directory Studio not able to authenticate using GSSAPI (Kerberos)
On 10/15/2016 11:14 AM, Ali, Saqib wrote: > Hello everyone, > > Any help with this? Not yet. I started to build a test environment (I plan Docker containers with a KDC) but didn't finish yet. But I'm not able to test against an Active Directory because I don't have one available. There are also some Jiras regarding Kerberos/GSSAPI authentication [1], [2], so I assume it's not working properly. Kind Regards, Stefan [1] https://issues.apache.org/jira/browse/DIRSTUDIO-1066 [2] https://issues.apache.org/jira/browse/DIRSTUDIO-1103
Re: [Studio] Apache Directory Studio not able to authenticate using GSSAPI (Kerberos)
Hello everyone, Any help with this? Thanks On Sep 30, 2016 12:32 PM, "Ali, Saqib"wrote: > Emmanuel, > > Here is the Java version: > > $ java -version > java version "1.8.0_101" > Java(TM) SE Runtime Environment (build 1.8.0_101-b13) > Java HotSpot(TM) 64-Bit Server VM (build 25.101-b13, mixed mode) > > > > > > > > > On Thu, Sep 29, 2016 at 10:41 PM, Emmanuel Lécharny > wrote: > > Le 30/09/16 à 00:38, Ali, Saqib a écrit : > >> I have a Ubuntu machine that is configured SSSD for Authentication to > >> Active Directory Kerberos Domain. > >> > >> The Kerberos setup works well on this machine. No issues accessing AD > >> protected File Shares. > >> > >> However when I try to configure Apache Directory Studio to use GSSAPI > >> (Kerberos) to connect to the Active Directory LDAP port (636), I get > >> the following exception: > > > > What JVM are you using (and which version) ? > > >
Re: [Studio] Apache Directory Studio not able to authenticate using GSSAPI (Kerberos)
Emmanuel, Here is the Java version: $ java -version java version "1.8.0_101" Java(TM) SE Runtime Environment (build 1.8.0_101-b13) Java HotSpot(TM) 64-Bit Server VM (build 25.101-b13, mixed mode) On Thu, Sep 29, 2016 at 10:41 PM, Emmanuel Lécharnywrote: > Le 30/09/16 à 00:38, Ali, Saqib a écrit : >> I have a Ubuntu machine that is configured SSSD for Authentication to >> Active Directory Kerberos Domain. >> >> The Kerberos setup works well on this machine. No issues accessing AD >> protected File Shares. >> >> However when I try to configure Apache Directory Studio to use GSSAPI >> (Kerberos) to connect to the Active Directory LDAP port (636), I get >> the following exception: > > What JVM are you using (and which version) ? >
[Studio] Apache Directory Studio not able to authenticate using GSSAPI (Kerberos)
I have a Ubuntu machine that is configured SSSD for Authentication to Active Directory Kerberos Domain. The Kerberos setup works well on this machine. No issues accessing AD protected File Shares. However when I try to configure Apache Directory Studio to use GSSAPI (Kerberos) to connect to the Active Directory LDAP port (636), I get the following exception: The authentication failed - javax.security.auth.login.LoginException: Unable to obtain Principal Name for authentication org.apache.directory.api.ldap.model.exception.LdapException: javax.security.auth.login.LoginException: Unable to obtain Principal Name for authentication at org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:1657) at org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:1543) at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$2.run(DirectoryApiConnectionWrapper.java:444) at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1171) at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.doBind(DirectoryApiConnectionWrapper.java:457) at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.bind(DirectoryApiConnectionWrapper.java:303) at org.apache.directory.studio.connection.core.jobs.CheckBindRunnable.run(CheckBindRunnable.java:79) at org.apache.directory.studio.connection.ui.RunnableContextRunner$1.run(RunnableContextRunner.java:127) at org.eclipse.jface.operation.ModalContext$ModalContextThread.run(ModalContext.java:122) Caused by: javax.security.auth.login.LoginException: Unable to obtain Principal Name for authentication at com.sun.security.auth.module.Krb5LoginModule.promptForName(Krb5LoginModule.java:841) at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:704) at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:617) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755) at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) at javax.security.auth.login.LoginContext.login(LoginContext.java:587) at org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:1644) ... 8 more javax.security.auth.login.LoginException: Unable to obtain Principal Name for auth