If it is VDI, it's Solaris.
David,
Last time this happened, didn't you wind up copying the krb5.conf file
from a working server? Have you actually compared time stamps on the
VDI core servers with each other and the AD congtroller? Something else
is on the tip of my tongue, having a brain f*rt though.
Gustavo Riveros (Provectis) wrote:
The servers are Solaris or Linux?
GRE
On Fri, Jul 23, 2010 at 10:08 AM, David L. Endicott
<[email protected] <mailto:[email protected]>>
wrote:
If anyone can help I would appreciate it. I'm pulling my hair out.
I am running VDI3.0 on 3 servers with a remote database. I am using
Kerberos to authenticate to active directory. I recently had to rebuild
one of the secondary servers. After I did, I now have the following
problem:
Authentication will work great for a while, then will stop. Running the
following command on the VDI servers restores function for a while:
kinit -V [email protected]
I had this same problem about a year ago and the issue turned out to be
a typo in the krb5.conf file. Here is a copy of my current file:
[libdefaults]
default_realm = OTC.LOCAL
default_checksum = rsa-md5
[realms]
OTC.LOCAL = {
kdc = otcdc1.otc.local
kdc = otcbkup1.otc.local
}
[domain_realm]
.otc.local = OTC.LOCAL
otc.local = OTC.LOCAL
I stepped up the logging levels on cacao and while it is still failing I
get the following in the log file when a user tries to login:
Jul 23, 2010 7:29:56 AM com.sun.vda.service.client.ClientRequestWorker
run
FINEST: thr#38 Received request from vda-client (127.0.0.1):
query([email protected], token=user.1271252258-7053)
Jul 23, 2010 7:29:57 AM ADConnection kerberosLogin
FINER: thr#38 THROW
javax.security.auth.login.LoginException:
java.lang.IllegalArgumentException: EncryptionKey: Key bytes cannot be
null!
at
sun.security.krb5.EncryptionKey.<init>(EncryptionKey.java:212)
at
sun.security.krb5.EncryptionKey.acquireSecretKeys(EncryptionKey.java:190
)
at
sun.security.krb5.EncryptionKey.acquireSecretKeys(EncryptionKey.java:158
)
at
com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5L
oginModule.java:656)
at
com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:
542)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.jav
a:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessor
Impl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at
javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
at
javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at
javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at java.security.AccessController.doPrivileged(Native Method)
at
javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at
javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at
com.sun.vda.service.ldap.ADConnection.kerberosLogin(ADConnection.java:15
1)
at
com.sun.vda.service.ldap.ADConnection.bind(ADConnection.java:124)
at
com.sun.vda.service.ldap.UserDirConnection.getConnection(UserDirConnecti
on.java:174)
at
com.sun.vda.service.ldap.UserDirConnection.<init>(UserDirConnection.java
:106)
at
com.sun.vda.service.ldap.UserDirConnection.getInstance(UserDirConnection
.java:119)
at
com.sun.vda.service.core.UserDirectory.getUserDirConnection(UserDirector
y.java:282)
at
com.sun.vda.service.core.UserDirectory.getConnection(UserDirectory.java:
288)
at
com.sun.vda.service.core.UserDirectory.getBaseDn(UserDirectory.java:292)
at
com.sun.vda.service.core.UserDirectory.getDnFromUserId(UserDirectory.jav
a:135)
at
com.sun.vda.service.core.UserDirectory.getDnFromUserId(UserDirectory.jav
a:121)
at
com.sun.vda.service.client.QueryDesktops.execute(QueryDesktops.java:67)
at
com.sun.vda.service.client.ClientRequestWorker.execute(ClientRequestWork
er.java:119)
at
com.sun.vda.service.client.ClientRequestWorker.run(ClientRequestWorker.j
ava:74)
at
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecuto
r.java:650)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.ja
va:675)
at java.lang.Thread.run(Thread.java:595)
at
javax.security.auth.login.LoginContext.invoke(LoginContext.java:872)
at
javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at
javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at java.security.AccessController.doPrivileged(Native Method)
at
javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at
javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at
com.sun.vda.service.ldap.ADConnection.kerberosLogin(ADConnection.java:15
1)
at
com.sun.vda.service.ldap.ADConnection.bind(ADConnection.java:124)
at
com.sun.vda.service.ldap.UserDirConnection.getConnection(UserDirConnecti
on.java:174)
at
com.sun.vda.service.ldap.UserDirConnection.<init>(UserDirConnection.java
:106)
at
com.sun.vda.service.ldap.UserDirConnection.getInstance(UserDirConnection
.java:119)
at
com.sun.vda.service.core.UserDirectory.getUserDirConnection(UserDirector
y.java:282)
at
com.sun.vda.service.core.UserDirectory.getConnection(UserDirectory.java:
288)
at
com.sun.vda.service.core.UserDirectory.getBaseDn(UserDirectory.java:292)
at
com.sun.vda.service.core.UserDirectory.getDnFromUserId(UserDirectory.jav
a:135)
at
com.sun.vda.service.core.UserDirectory.getDnFromUserId(UserDirectory.jav
a:121)
at
com.sun.vda.service.client.QueryDesktops.execute(QueryDesktops.java:67)
at
com.sun.vda.service.client.ClientRequestWorker.execute(ClientRequestWork
er.java:119)
at
com.sun.vda.service.client.ClientRequestWorker.run(ClientRequestWorker.j
ava:74)
at
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecuto
r.java:650)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.ja
va:675)
at java.lang.Thread.run(Thread.java:595)
Jul 23, 2010 7:29:57 AM UserDirConnection getConnection
FINER: thr#38 THROW
javax.naming.AuthenticationException:
javax.security.auth.login.LoginException:
java.lang.IllegalArgumentException: EncryptionKey: Key bytes cannot be
null!
at
sun.security.krb5.EncryptionKey.<init>(EncryptionKey.java:212)
at
sun.security.krb5.EncryptionKey.acquireSecretKeys(EncryptionKey.java:190
)
at
sun.security.krb5.EncryptionKey.acquireSecretKeys(EncryptionKey.java:158
)
at
com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5L
oginModule.java:656)
at
com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:
542)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.jav
a:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessor
Impl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at
javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
at
javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at
javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at java.security.AccessController.doPrivileged(Native Method)
at
javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at
javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at
com.sun.vda.service.ldap.ADConnection.kerberosLogin(ADConnection.java:15
1)
at
com.sun.vda.service.ldap.ADConnection.bind(ADConnection.java:124)
at
com.sun.vda.service.ldap.UserDirConnection.getConnection(UserDirConnecti
on.java:174)
at
com.sun.vda.service.ldap.UserDirConnection.<init>(UserDirConnection.java
:106)
at
com.sun.vda.service.ldap.UserDirConnection.getInstance(UserDirConnection
.java:119)
at
com.sun.vda.service.core.UserDirectory.getUserDirConnection(UserDirector
y.java:282)
at
com.sun.vda.service.core.UserDirectory.getConnection(UserDirectory.java:
288)
at
com.sun.vda.service.core.UserDirectory.getBaseDn(UserDirectory.java:292)
at
com.sun.vda.service.core.UserDirectory.getDnFromUserId(UserDirectory.jav
a:135)
at
com.sun.vda.service.core.UserDirectory.getDnFromUserId(UserDirectory.jav
a:121)
at
com.sun.vda.service.client.QueryDesktops.execute(QueryDesktops.java:67)
at
com.sun.vda.service.client.ClientRequestWorker.execute(ClientRequestWork
er.java:119)
at
com.sun.vda.service.client.ClientRequestWorker.run(ClientRequestWorker.j
ava:74)
at
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecuto
r.java:650)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.ja
va:675)
at java.lang.Thread.run(Thread.java:595)
at
com.sun.vda.service.ldap.ADConnection.processException(ADConnection.java
:392)
at
com.sun.vda.service.ldap.ADConnection.kerberosLogin(ADConnection.java:15
3)
at
com.sun.vda.service.ldap.ADConnection.bind(ADConnection.java:124)
at
com.sun.vda.service.ldap.UserDirConnection.getConnection(UserDirConnecti
on.java:174)
at
com.sun.vda.service.ldap.UserDirConnection.<init>(UserDirConnection.java
:106)
at
com.sun.vda.service.ldap.UserDirConnection.getInstance(UserDirConnection
.java:119)
at
com.sun.vda.service.core.UserDirectory.getUserDirConnection(UserDirector
y.java:282)
at
com.sun.vda.service.core.UserDirectory.getConnection(UserDirectory.java:
288)
at
com.sun.vda.service.core.UserDirectory.getBaseDn(UserDirectory.java:292)
at
com.sun.vda.service.core.UserDirectory.getDnFromUserId(UserDirectory.jav
a:135)
at
com.sun.vda.service.core.UserDirectory.getDnFromUserId(UserDirectory.jav
a:121)
at
com.sun.vda.service.client.QueryDesktops.execute(QueryDesktops.java:67)
at
com.sun.vda.service.client.ClientRequestWorker.execute(ClientRequestWork
er.java:119)
at
com.sun.vda.service.client.ClientRequestWorker.run(ClientRequestWorker.j
ava:74)
at
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecuto
r.java:650)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.ja
va:675)
at java.lang.Thread.run(Thread.java:595)
Jul 23, 2010 7:29:57 AM com.sun.vda.service.client.ClientRequestWorker
run
WARNING: thr#38 Failed executing vda-client request:
query([email protected], token=user.1271252258-7053):
javax.naming.AuthenticationException:
javax.security.auth.login.LoginException:
java.lang.IllegalArgumentException: EncryptionKey: Key bytes cannot be
null!
at
sun.security.krb5.EncryptionKey.<init>(EncryptionKey.java:212)
at
sun.security.krb5.EncryptionKey.acquireSecretKeys(EncryptionKey.java:190
)
at
sun.security.krb5.EncryptionKey.acquireSecretKeys(EncryptionKey.java:158
)
at
com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5L
oginModule.java:656)
at
com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:
542)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.jav
a:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessor
Impl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at
javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
at
javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at
javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at java.security.AccessController.doPrivileged(Native Method)
at
javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at
javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at
com.sun.vda.service.ldap.ADConnection.kerberosLogin(ADConnection.java:15
1)
at
com.sun.vda.service.ldap.ADConnection.bind(ADConnection.java:124)
at
com.sun.vda.service.ldap.UserDirConnection.getConnection(UserDirConnecti
on.java:174)
at
com.sun.vda.service.ldap.UserDirConnection.<init>(UserDirConnection.java
:106)
at
com.sun.vda.service.ldap.UserDirConnection.getInstance(UserDirConnection
.java:119)
at
com.sun.vda.service.core.UserDirectory.getUserDirConnection(UserDirector
y.java:282)
at
com.sun.vda.service.core.UserDirectory.getConnection(UserDirectory.java:
288)
at
com.sun.vda.service.core.UserDirectory.getBaseDn(UserDirectory.java:292)
at
com.sun.vda.service.core.UserDirectory.getDnFromUserId(UserDirectory.jav
a:135)
at
com.sun.vda.service.core.UserDirectory.getDnFromUserId(UserDirectory.jav
a:121)
at
com.sun.vda.service.client.QueryDesktops.execute(QueryDesktops.java:67)
at
com.sun.vda.service.client.ClientRequestWorker.execute(ClientRequestWork
er.java:119)
at
com.sun.vda.service.client.ClientRequestWorker.run(ClientRequestWorker.j
ava:74)
at
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecuto
r.java:650)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.ja
va:675)
at java.lang.Thread.run(Thread.java:595)
Jul 23, 2010 7:29:57 AM com.sun.vda.service.client.ClientRequestWorker
run
FINEST: thr#38 Sent response to vda-client:
errorjavax.naming.AuthenticationException:
javax.security.auth.login.LoginException:
java.lang.IllegalArgumentException: EncryptionKey: Key bytes cannot be
null!
at
sun.security.krb5.EncryptionKey.<init>(EncryptionKey.java:212)
at
sun.security.krb5.EncryptionKey.acquireSecretKeys(EncryptionKey.java:190
)
at
sun.security.krb5.EncryptionKey.acquireSecretKeys(EncryptionKey.java:158
)
at
com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5L
oginModule.java:656)
at
com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:
542)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.jav
a:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessor
Impl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at
javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
at
javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at
javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at java.security.AccessController.doPrivileged(Native Method)
at
javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at
javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at
com.sun.vda.service.ldap.ADConnection.kerberosLogin(ADConnection.java:15
1)
at
com.sun.vda.service.ldap.ADConnection.bind(ADConnection.java:124)
at
com.sun.vda.service.ldap.UserDirConnection.getConnection(UserDirConnecti
on.java:174)
at
com.sun.vda.service.ldap.UserDirConnection.<init>(UserDirConnection.java
:106)
at
com.sun.vda.service.ldap.UserDirConnection.getInstance(UserDirConnection
.java:119)
at
com.sun.vda.service.core.UserDirectory.getUserDirConnection(UserDirector
y.java:282)
at
com.sun.vda.service.core.UserDirectory.getConnection(UserDirectory.java:
288)
at
com.sun.vda.service.core.UserDirectory.getBaseDn(UserDirectory.java:292)
at
com.sun.vda.service.core.UserDirectory.getDnFromUserId(UserDirectory.jav
a:135)
at
com.sun.vda.service.core.UserDirectory.getDnFromUserId(UserDirectory.jav
a:121)
at
com.sun.vda.service.client.QueryDesktops.execute(QueryDesktops.java:67)
at
com.sun.vda.service.client.ClientRequestWorker.execute(ClientRequestWork
er.java:119)
at
com.sun.vda.service.client.ClientRequestWorker.run(ClientRequestWorker.j
ava:74)
at
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecuto
r.java:650)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.ja
va:675)
at java.lang.Thread.run(Thread.java:595)
I read a document that said this could be caused by time sync issues. I
am running the network/ntp service on each server and have the following
in the ntp.conf file:
server hotcdc1.otc.local
Which should sync it to the domain controller. The error log seems to
show a successful sync.
Running the kinit command fixes it for a while. What is going on here?
Thanks,
DLE
David L. Endicott
President
NeoTech Solutions, Inc.
[email protected] <mailto:[email protected]>
_______________________________________________
SunRay-Users mailing list
[email protected] <mailto:[email protected]>
http://www.filibeto.org/mailman/listinfo/sunray-users
--
Gustavo Riveros
Consultor TI | Provectis S.A.
------------------------------------------------------------------------
_______________________________________________
SunRay-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sunray-users
_______________________________________________
SunRay-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sunray-users
