Hi Felix, I actually transcribed that file across and it does say TEST.NET in the [domain realm] part of the file! Sorry about the misinformation.
I have included output from the Sampler result and have highlighted the two WWW-Authenticate entries. Thread Name: Test HPS Group 1-1 Sample Start: 2014-10-09 12:58:54 EST Load time: 974 Latency: 974 Size in bytes: 1533 Headers size in bytes: 240 Body size in bytes: 1293 Sample Count: 1 Error Count: 1 Response code: 401 Response message: Unauthorized Response headers: HTTP/1.1 401 Unauthorized Content-Type: text/html Server: Microsoft-IIS/7.5 *WWW-Authenticate: NegotiateWWW-Authenticate: NTLM* X-Powered-By: ASP.NET Date: Thu, 09 Oct 2014 01:58:54 GMT Connection: keep-alive Content-Length: 1293 HTTPSampleResult fields: ContentType: text/html DataEncoding: iso-8859-1 Regards, James On Wed, Oct 8, 2014 at 6:53 PM, Felix Schumacher < [email protected]> wrote: > Am 08.10.2014 04:54, schrieb James Lawson: > >> Hi all, >> >> I've only just subscribed so I hope this message is suitable! >> >> I am attempting to run some performance testing against a Web Application >> that we are running. The Web App uses Kerberos (my >> understanding/familiarity with Kerberos is limited and I'm unable to >> access >> the Domain Controller to check settings. It's all a bit difficult). >> >> We have an account that can access the application ok but when I try and >> use the same account through JMeter I can't get a request to work. >> >> Our krb5.conf and jaas.conf files follow: >> >> krb5.conf >> ------------- >> >> [libdefaults] >> default_realm = TEST.NET >> dns_lookup_kdc = true >> dns_lookup_realm = true >> udp_preference_limit = 1 >> [realms] >> TEST.NET = { >> kdc = DC1.TEST.NET >> default_domain = TEST.NET >> } >> [domain_realm] >> test.net = TEST >> .test.net = TEST >> > The domain on the right should be TEST.NET, but it will probably not > change anything, > since your default_realm is TEST.NET. > > > >> jaas.conf >> ------------- >> >> JMeter { >> com.sun.security.auth.module.Krb5LoginModule required >> doNotPrompt=false >> useKeyTab=false >> storeKey=false >> debug=true; >> }; >> >> I have an HTTP Authorization Manager in my JMeter test. It is configured >> to >> have the following entries. >> >> Base URL: >> Username: ITAdmin >> Password: <Password> >> Domain: test >> Realm: TEST.NET >> Mechanism: Kerberos >> >> I have debugging turned on as you can see above and the debug information >> is attached: >> >> Debug is true storeKey false useTicketCache false useKeyTab false >> doNotPrompt false ticketCache is null isInitiator true KeyTab is null >> refreshKrb5Config is false principal is null tryFirstPass is false >> useFirstPass is false storePass is false clearPass is false >> [Krb5LoginModule] user entered username: ITAdmin >> principal is [email protected] >> Commit Succeeded >> >> So I'm assuming that the account is being found ok. But the test then >> fails >> and I receive the following output in the JMeter logging Window: >> >> 2014/10/08 13:33:55 INFO - jmeter.engine.StandardJMeterEngine: Running >> the >> test! >> 2014/10/08 13:33:55 INFO - jmeter.samplers.SampleEvent: List of >> sample_variables: [] >> 2014/10/08 13:33:55 INFO - jmeter.gui.util.JMeterMenuBar: >> setRunning(true,*local*) >> 2014/10/08 13:33:55 INFO - jmeter.engine.StandardJMeterEngine: Starting >> ThreadGroup: 1 : Test HPS Group >> 2014/10/08 13:33:55 INFO - jmeter.engine.StandardJMeterEngine: Starting >> 1 >> threads for group Test HPS Group. >> 2014/10/08 13:33:55 INFO - jmeter.engine.StandardJMeterEngine: Thread >> will >> continue on error >> 2014/10/08 13:33:55 INFO - jmeter.threads.ThreadGroup: Starting thread >> group number 1 threads 1 ramp-up 1 perThread 1000.0 delayedStart=false >> 2014/10/08 13:33:55 INFO - jmeter.threads.ThreadGroup: Started thread >> group number 1 >> 2014/10/08 13:33:55 INFO - jmeter.engine.StandardJMeterEngine: All >> thread >> groups have been started >> 2014/10/08 13:33:55 INFO - jmeter.threads.JMeterThread: Thread started: >> Test HPS Group 1-1 >> 2014/10/08 13:33:55 WARN - >> org.apache.http.client.protocol.RequestTargetAuthentication: NEGOTIATE >> authentication error: No valid credentials provided (Mechanism level: No >> valid credentials provided (Mechanism level: Fail to create credential. >> (63) - No service creds)) >> 2014/10/08 13:33:55 WARN - >> org.apache.http.client.protocol.RequestTargetAuthentication: NTLM >> authentication error: Credentials cannot be used for NTLM authentication: >> org.apache.jmeter.protocol.http.control.AuthManager$NullCredentials >> > Could it be, that your server is offering NTLM negotiation only? Can you > place a Tree View Listener in your testplan and > look in the sampler report for a Response Header named "WWW-Authenticate"? > > Regards > Felix > > 2014/10/08 13:33:55 INFO - jmeter.threads.JMeterThread: Thread finished: >> Test HPS Group 1-1 >> 2014/10/08 13:33:55 INFO - jmeter.engine.StandardJMeterEngine: Notifying >> test listeners of end of test >> 2014/10/08 13:33:55 INFO - jmeter.gui.util.JMeterMenuBar: >> setRunning(false,*local*) >> >> I'm at a bit of a loss. I dont have enough experience around Kerberos to >> be >> able to work out if my krb5.conf file is incomplete. Any assistance would >> be much appreciated! >> >> Regards, >> >> James >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
