The servers are Solaris or Linux? GRE
On Fri, Jul 23, 2010 at 10:08 AM, David L. Endicott < [email protected]> wrote: > If anyone can help I would appreciate it. I'm pulling my hair out. > I am running VDI3.0 on 3 servers with a remote database. I am using > Kerberos to authenticate to active directory. I recently had to rebuild > one of the secondary servers. After I did, I now have the following > problem: > Authentication will work great for a while, then will stop. Running the > following command on the VDI servers restores function for a while: > kinit -V [email protected] > > I had this same problem about a year ago and the issue turned out to be > a typo in the krb5.conf file. Here is a copy of my current file: > > [libdefaults] > default_realm = OTC.LOCAL > default_checksum = rsa-md5 > > [realms] > OTC.LOCAL = { > kdc = otcdc1.otc.local > kdc = otcbkup1.otc.local > } > > [domain_realm] > .otc.local = OTC.LOCAL > otc.local = OTC.LOCAL > > I stepped up the logging levels on cacao and while it is still failing I > get the following in the log file when a user tries to login: > > Jul 23, 2010 7:29:56 AM com.sun.vda.service.client.ClientRequestWorker > run > FINEST: thr#38 Received request from vda-client (127.0.0.1): > query([email protected], token=user.1271252258-7053) > Jul 23, 2010 7:29:57 AM ADConnection kerberosLogin > FINER: thr#38 THROW > javax.security.auth.login.LoginException: > java.lang.IllegalArgumentException: EncryptionKey: Key bytes cannot be > null! > at > sun.security.krb5.EncryptionKey.<init>(EncryptionKey.java:212) > at > sun.security.krb5.EncryptionKey.acquireSecretKeys(EncryptionKey.java:190 > ) > at > sun.security.krb5.EncryptionKey.acquireSecretKeys(EncryptionKey.java:158 > ) > at > com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5L > oginModule.java:656) > at > com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java: > 542) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.jav > a:39) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessor > Impl.java:25) > at java.lang.reflect.Method.invoke(Method.java:585) > at > javax.security.auth.login.LoginContext.invoke(LoginContext.java:769) > at > javax.security.auth.login.LoginContext.access$000(LoginContext.java:186) > at > javax.security.auth.login.LoginContext$4.run(LoginContext.java:683) > at java.security.AccessController.doPrivileged(Native Method) > at > javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) > at > javax.security.auth.login.LoginContext.login(LoginContext.java:579) > at > com.sun.vda.service.ldap.ADConnection.kerberosLogin(ADConnection.java:15 > 1) > at > com.sun.vda.service.ldap.ADConnection.bind(ADConnection.java:124) > at > com.sun.vda.service.ldap.UserDirConnection.getConnection(UserDirConnecti > on.java:174) > at > com.sun.vda.service.ldap.UserDirConnection.<init>(UserDirConnection.java > :106) > at > com.sun.vda.service.ldap.UserDirConnection.getInstance(UserDirConnection > .java:119) > at > com.sun.vda.service.core.UserDirectory.getUserDirConnection(UserDirector > y.java:282) > at > com.sun.vda.service.core.UserDirectory.getConnection(UserDirectory.java: > 288) > at > com.sun.vda.service.core.UserDirectory.getBaseDn(UserDirectory.java:292) > at > com.sun.vda.service.core.UserDirectory.getDnFromUserId(UserDirectory.jav > a:135) > at > com.sun.vda.service.core.UserDirectory.getDnFromUserId(UserDirectory.jav > a:121) > at > com.sun.vda.service.client.QueryDesktops.execute(QueryDesktops.java:67) > at > com.sun.vda.service.client.ClientRequestWorker.execute(ClientRequestWork > er.java:119) > at > com.sun.vda.service.client.ClientRequestWorker.run(ClientRequestWorker.j > ava:74) > at > java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecuto > r.java:650) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.ja > va:675) > at java.lang.Thread.run(Thread.java:595) > > at > javax.security.auth.login.LoginContext.invoke(LoginContext.java:872) > at > javax.security.auth.login.LoginContext.access$000(LoginContext.java:186) > at > javax.security.auth.login.LoginContext$4.run(LoginContext.java:683) > at java.security.AccessController.doPrivileged(Native Method) > at > javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) > at > javax.security.auth.login.LoginContext.login(LoginContext.java:579) > at > com.sun.vda.service.ldap.ADConnection.kerberosLogin(ADConnection.java:15 > 1) > at > com.sun.vda.service.ldap.ADConnection.bind(ADConnection.java:124) > at > com.sun.vda.service.ldap.UserDirConnection.getConnection(UserDirConnecti > on.java:174) > at > com.sun.vda.service.ldap.UserDirConnection.<init>(UserDirConnection.java > :106) > at > com.sun.vda.service.ldap.UserDirConnection.getInstance(UserDirConnection > .java:119) > at > com.sun.vda.service.core.UserDirectory.getUserDirConnection(UserDirector > y.java:282) > at > com.sun.vda.service.core.UserDirectory.getConnection(UserDirectory.java: > 288) > at > com.sun.vda.service.core.UserDirectory.getBaseDn(UserDirectory.java:292) > at > com.sun.vda.service.core.UserDirectory.getDnFromUserId(UserDirectory.jav > a:135) > at > com.sun.vda.service.core.UserDirectory.getDnFromUserId(UserDirectory.jav > a:121) > at > com.sun.vda.service.client.QueryDesktops.execute(QueryDesktops.java:67) > at > com.sun.vda.service.client.ClientRequestWorker.execute(ClientRequestWork > er.java:119) > at > com.sun.vda.service.client.ClientRequestWorker.run(ClientRequestWorker.j > ava:74) > at > java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecuto > r.java:650) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.ja > va:675) > at java.lang.Thread.run(Thread.java:595) > Jul 23, 2010 7:29:57 AM UserDirConnection getConnection > FINER: thr#38 THROW > javax.naming.AuthenticationException: > javax.security.auth.login.LoginException: > java.lang.IllegalArgumentException: EncryptionKey: Key bytes cannot be > null! > at > sun.security.krb5.EncryptionKey.<init>(EncryptionKey.java:212) > at > sun.security.krb5.EncryptionKey.acquireSecretKeys(EncryptionKey.java:190 > ) > at > sun.security.krb5.EncryptionKey.acquireSecretKeys(EncryptionKey.java:158 > ) > at > com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5L > oginModule.java:656) > at > com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java: > 542) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.jav > a:39) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessor > Impl.java:25) > at java.lang.reflect.Method.invoke(Method.java:585) > at > javax.security.auth.login.LoginContext.invoke(LoginContext.java:769) > at > javax.security.auth.login.LoginContext.access$000(LoginContext.java:186) > at > javax.security.auth.login.LoginContext$4.run(LoginContext.java:683) > at java.security.AccessController.doPrivileged(Native Method) > at > javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) > at > javax.security.auth.login.LoginContext.login(LoginContext.java:579) > at > com.sun.vda.service.ldap.ADConnection.kerberosLogin(ADConnection.java:15 > 1) > at > com.sun.vda.service.ldap.ADConnection.bind(ADConnection.java:124) > at > com.sun.vda.service.ldap.UserDirConnection.getConnection(UserDirConnecti > on.java:174) > at > com.sun.vda.service.ldap.UserDirConnection.<init>(UserDirConnection.java > :106) > at > com.sun.vda.service.ldap.UserDirConnection.getInstance(UserDirConnection > .java:119) > at > com.sun.vda.service.core.UserDirectory.getUserDirConnection(UserDirector > y.java:282) > at > com.sun.vda.service.core.UserDirectory.getConnection(UserDirectory.java: > 288) > at > com.sun.vda.service.core.UserDirectory.getBaseDn(UserDirectory.java:292) > at > com.sun.vda.service.core.UserDirectory.getDnFromUserId(UserDirectory.jav > a:135) > at > com.sun.vda.service.core.UserDirectory.getDnFromUserId(UserDirectory.jav > a:121) > at > com.sun.vda.service.client.QueryDesktops.execute(QueryDesktops.java:67) > at > com.sun.vda.service.client.ClientRequestWorker.execute(ClientRequestWork > er.java:119) > at > com.sun.vda.service.client.ClientRequestWorker.run(ClientRequestWorker.j > ava:74) > at > java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecuto > r.java:650) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.ja > va:675) > at java.lang.Thread.run(Thread.java:595) > > at > com.sun.vda.service.ldap.ADConnection.processException(ADConnection.java > :392) > at > com.sun.vda.service.ldap.ADConnection.kerberosLogin(ADConnection.java:15 > 3) > at > com.sun.vda.service.ldap.ADConnection.bind(ADConnection.java:124) > at > com.sun.vda.service.ldap.UserDirConnection.getConnection(UserDirConnecti > on.java:174) > at > com.sun.vda.service.ldap.UserDirConnection.<init>(UserDirConnection.java > :106) > at > com.sun.vda.service.ldap.UserDirConnection.getInstance(UserDirConnection > .java:119) > at > com.sun.vda.service.core.UserDirectory.getUserDirConnection(UserDirector > y.java:282) > at > com.sun.vda.service.core.UserDirectory.getConnection(UserDirectory.java: > 288) > at > com.sun.vda.service.core.UserDirectory.getBaseDn(UserDirectory.java:292) > at > com.sun.vda.service.core.UserDirectory.getDnFromUserId(UserDirectory.jav > a:135) > at > com.sun.vda.service.core.UserDirectory.getDnFromUserId(UserDirectory.jav > a:121) > at > com.sun.vda.service.client.QueryDesktops.execute(QueryDesktops.java:67) > at > com.sun.vda.service.client.ClientRequestWorker.execute(ClientRequestWork > er.java:119) > at > com.sun.vda.service.client.ClientRequestWorker.run(ClientRequestWorker.j > ava:74) > at > java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecuto > r.java:650) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.ja > va:675) > at java.lang.Thread.run(Thread.java:595) > Jul 23, 2010 7:29:57 AM com.sun.vda.service.client.ClientRequestWorker > run > WARNING: thr#38 Failed executing vda-client request: > query([email protected], token=user.1271252258-7053): > javax.naming.AuthenticationException: > javax.security.auth.login.LoginException: > java.lang.IllegalArgumentException: EncryptionKey: Key bytes cannot be > null! > at > sun.security.krb5.EncryptionKey.<init>(EncryptionKey.java:212) > at > sun.security.krb5.EncryptionKey.acquireSecretKeys(EncryptionKey.java:190 > ) > at > sun.security.krb5.EncryptionKey.acquireSecretKeys(EncryptionKey.java:158 > ) > at > com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5L > oginModule.java:656) > at > com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java: > 542) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.jav > a:39) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessor > Impl.java:25) > at java.lang.reflect.Method.invoke(Method.java:585) > at > javax.security.auth.login.LoginContext.invoke(LoginContext.java:769) > at > javax.security.auth.login.LoginContext.access$000(LoginContext.java:186) > at > javax.security.auth.login.LoginContext$4.run(LoginContext.java:683) > at java.security.AccessController.doPrivileged(Native Method) > at > javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) > at > javax.security.auth.login.LoginContext.login(LoginContext.java:579) > at > com.sun.vda.service.ldap.ADConnection.kerberosLogin(ADConnection.java:15 > 1) > at > com.sun.vda.service.ldap.ADConnection.bind(ADConnection.java:124) > at > com.sun.vda.service.ldap.UserDirConnection.getConnection(UserDirConnecti > on.java:174) > at > com.sun.vda.service.ldap.UserDirConnection.<init>(UserDirConnection.java > :106) > at > com.sun.vda.service.ldap.UserDirConnection.getInstance(UserDirConnection > .java:119) > at > com.sun.vda.service.core.UserDirectory.getUserDirConnection(UserDirector > y.java:282) > at > com.sun.vda.service.core.UserDirectory.getConnection(UserDirectory.java: > 288) > at > com.sun.vda.service.core.UserDirectory.getBaseDn(UserDirectory.java:292) > at > com.sun.vda.service.core.UserDirectory.getDnFromUserId(UserDirectory.jav > a:135) > at > com.sun.vda.service.core.UserDirectory.getDnFromUserId(UserDirectory.jav > a:121) > at > com.sun.vda.service.client.QueryDesktops.execute(QueryDesktops.java:67) > at > com.sun.vda.service.client.ClientRequestWorker.execute(ClientRequestWork > er.java:119) > at > com.sun.vda.service.client.ClientRequestWorker.run(ClientRequestWorker.j > ava:74) > at > java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecuto > r.java:650) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.ja > va:675) > at java.lang.Thread.run(Thread.java:595) > > Jul 23, 2010 7:29:57 AM com.sun.vda.service.client.ClientRequestWorker > run > FINEST: thr#38 Sent response to vda-client: > errorjavax.naming.AuthenticationException: > javax.security.auth.login.LoginException: > java.lang.IllegalArgumentException: EncryptionKey: Key bytes cannot be > null! > at > sun.security.krb5.EncryptionKey.<init>(EncryptionKey.java:212) > at > sun.security.krb5.EncryptionKey.acquireSecretKeys(EncryptionKey.java:190 > ) > at > sun.security.krb5.EncryptionKey.acquireSecretKeys(EncryptionKey.java:158 > ) > at > com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5L > oginModule.java:656) > at > com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java: > 542) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.jav > a:39) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessor > Impl.java:25) > at java.lang.reflect.Method.invoke(Method.java:585) > at > javax.security.auth.login.LoginContext.invoke(LoginContext.java:769) > at > javax.security.auth.login.LoginContext.access$000(LoginContext.java:186) > at > javax.security.auth.login.LoginContext$4.run(LoginContext.java:683) > at java.security.AccessController.doPrivileged(Native Method) > at > javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) > at > javax.security.auth.login.LoginContext.login(LoginContext.java:579) > at > com.sun.vda.service.ldap.ADConnection.kerberosLogin(ADConnection.java:15 > 1) > at > com.sun.vda.service.ldap.ADConnection.bind(ADConnection.java:124) > at > com.sun.vda.service.ldap.UserDirConnection.getConnection(UserDirConnecti > on.java:174) > at > com.sun.vda.service.ldap.UserDirConnection.<init>(UserDirConnection.java > :106) > at > com.sun.vda.service.ldap.UserDirConnection.getInstance(UserDirConnection > .java:119) > at > com.sun.vda.service.core.UserDirectory.getUserDirConnection(UserDirector > y.java:282) > at > com.sun.vda.service.core.UserDirectory.getConnection(UserDirectory.java: > 288) > at > com.sun.vda.service.core.UserDirectory.getBaseDn(UserDirectory.java:292) > at > com.sun.vda.service.core.UserDirectory.getDnFromUserId(UserDirectory.jav > a:135) > at > com.sun.vda.service.core.UserDirectory.getDnFromUserId(UserDirectory.jav > a:121) > at > com.sun.vda.service.client.QueryDesktops.execute(QueryDesktops.java:67) > at > com.sun.vda.service.client.ClientRequestWorker.execute(ClientRequestWork > er.java:119) > at > com.sun.vda.service.client.ClientRequestWorker.run(ClientRequestWorker.j > ava:74) > at > java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecuto > r.java:650) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.ja > va:675) > at java.lang.Thread.run(Thread.java:595) > > I read a document that said this could be caused by time sync issues. I > am running the network/ntp service on each server and have the following > in the ntp.conf file: > > server hotcdc1.otc.local > > Which should sync it to the domain controller. The error log seems to > show a successful sync. > > Running the kinit command fixes it for a while. What is going on here? > > Thanks, > DLE > > David L. Endicott > President > NeoTech Solutions, Inc. > [email protected] > > _______________________________________________ > SunRay-Users mailing list > [email protected] > http://www.filibeto.org/mailman/listinfo/sunray-users > > -- Gustavo Riveros Consultor TI | Provectis S.A.
_______________________________________________ SunRay-Users mailing list [email protected] http://www.filibeto.org/mailman/listinfo/sunray-users
