Started to debug the connection a bit more.... when I check in Wireshark on the auth handshake between my browser and the CRM I see no UDP traffic, I only see it passing as TCP and as TLS1.2 can I force Jmeter to use TCP/TLS1.2 for the kerberos handshake?
*Martijn de Vrieze* Phone: +31618707784 | Skype: martijndevrieze | gtalk: [email protected] | Twitter: http://www.twitter.com/martijndevrieze | Linkedin: http://www.linkedin.com/in/martijndevrieze | Home: http://www.martijndevrieze.nl On Fri, Jan 16, 2015 at 10:21 AM, Felix Schumacher < [email protected]> wrote: > Am 16.01.2015 09:58, schrieb Martijn de Vrieze: > >> krb5.conf >> >> [libdefaults] >> default_realm = TEST.NL >> default_tkt_enctypes = aes256-cts-hmac-sha1-96,aes128-cts-hmac-sha1-96 >> default_tgs_enctypes = aes256-cts-hmac-sha1-96,aes128-cts-hmac-sha1-96 >> forwardable=true >> >> [realms] >> TEST.NL = { >> kdc = tst-crm20.test.nl:443 >> > This is a strange port for a kdc. I would expect it to listen on 88. > > } >> >> [domain_realm] >> test.nl= TEST.NL >> .test.nl= TEST.NL >> >> [appdefaults] >> pam = { >> debug = false >> ticket_lifetime = 36000 >> renew_lifetime = 36000 >> forwardable = true >> krb4_convert = false >> } >> >> jaas.conf >> >> >> JMeter { >> com.sun.security.auth.module.Krb5LoginModule required >> doNotPrompt=false >> useKeyTab=false >> storeKey=false; >> }; >> >> On rerunning I recieved the following error (which I have not seen before: >> 2015/01/16 09:57:52 WARN - >> org.apache.http.client.protocol.RequestTargetAuthentication: NEGOTIATE >> authentication error: No valid credentials provided (Mechanism level: No >> valid credentials provided (Mechanism level: Failed to find any Kerberos >> tgt)) >> > That is probably because you don't connect to the right port and noone > responds to you. Try another kdc port. > > Regards > Felix > >> >> *Martijn de Vrieze* >> >> >> >> Phone: +31618707784 | Skype: martijndevrieze | gtalk: >> [email protected] | Twitter: >> http://www.twitter.com/martijndevrieze | Linkedin: >> http://www.linkedin.com/in/martijndevrieze | Home: >> http://www.martijndevrieze.nl >> >> On Fri, Jan 16, 2015 at 9:01 AM, Felix Schumacher < >> [email protected]> wrote: >> >> Am 15.01.2015 22:48, schrieb Martijn de Vrieze: >>> >>> I have been struggling somewhat with JMeter and kerberos lately. Google >>> so >>> >>>> far has not been able to help me out with the issue I am facing. >>>> >>>> The system under test is a Microsoft CRM 2013 platform, up until a few >>>> days >>>> ago my tests worked fine since basic auth was switched on. However on >>>> the >>>> most recent drop with changes they also switched over to kerberos auth >>>> only. >>>> >>>> I have: >>>> * filled in the KRB5.CONF with all relevant information >>>> * HTTP AUTH Manager in the script with base URL, username, password, >>>> domain and KERBEROS filled in >>>> * HTTP Request defaults to ensure and enforce HTTP4 use, HTTPS over port >>>> 443 and the same base URL all over the place >>>> >>>> However I cannot get it to work properly, logging in simply refuses to >>>> work >>>> for me. I'd really appreciate some help here, I use Jmeter fairly often, >>>> with this I am however completely stuck. >>>> >>>> When running the first step, which instantly receives the KERBEROS ath >>>> request I get the following in my logs: >>>> >>>> 2015/01/15 17:13:02 INFO - jmeter.threads.JMeterThread: Thread started: >>>> Jmeter 1-1 >>>> 2015/01/15 17:13:02 INFO - jmeter.services.FileServer: Stored: >>>> users.csv >>>> 2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.CacheManager: >>>> GET(OAH) http://tst-crm20.test.nl/TEST/main.aspx null >>>> 2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control. >>>> HC4CookieHandler: >>>> Found 0 cookies for http://tst-crm20.test.nl/TEST/main.aspx >>>> 2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.CacheManager: >>>> inCache http://tst-crm20.test.nl/TEST/main.aspx null >>>> 2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.AuthManager: >>>> Target URL strings to match against: http://tst-crm20.test.nl/TEST/ >>>> main.aspx >>>> and http://tst-crm20.test.nl:80/TEST/main.aspx >>>> <http://tst-crm20.test.nl/TEST/main.aspx> >>>> 2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.AuthManager: >>>> Checking match against auth'n entry: http://tst-crm20.test.nl >>>> 2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.AuthManager: >>>> Matched >>>> 2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.AuthManager: >>>> Target URL strings to match against: http://tst-crm20.test.nl/TEST/ >>>> main.aspx >>>> and http://tst-crm20.test.nl:80/TEST/main.aspx >>>> <http://tst-crm20.test.nl/TEST/main.aspx> >>>> 2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.AuthManager: >>>> Checking match against auth'n entry: http://tst-crm20.test.nl >>>> 2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.AuthManager: >>>> Matched >>>> 2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.AuthManager: >>>> m.devrieze > D=TEST R= M=KERBEROS >>>> 2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.CacheManager: >>>> GET(OAH) http://tst-crm20.test.nl/TEST/main.aspx null >>>> 2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control. >>>> HC4CookieHandler: >>>> Found 0 cookies for http://tst-crm20.test.nl/TEST/main.aspx >>>> 2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.CacheManager: >>>> inCache http://tst-crm20.test.nl/TEST/main.aspx null >>>> 2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.AuthManager: >>>> Target URL strings to match against: http://tst-crm20.test.nl/TEST/ >>>> main.aspx >>>> and http://tst-crm20.test.nl:80/TEST/main.aspx >>>> <http://tst-crm20.test.nl/TEST/main.aspx> >>>> 2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.AuthManager: >>>> Checking match against auth'n entry: http://tst-crm20.test.nl >>>> 2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.AuthManager: >>>> Matched >>>> 2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control. >>>> KerberosManager: >>>> Subject cached:[] before:m.devrieze >>>> 2015/01/15 17:14:32 WARN - jmeter.protocol.http.control. >>>> KerberosManager: >>>> Could not log in user m.devrieze javax.security.auth.login. >>>> LoginException: >>>> Receive timed out >>>> >>>> It seems, that the kerberos server did not answer the request for a >>> service ticket (at least not within the default timeout of 30s). >>> Could you rerun the test with the java system property >>> "sun.security.krb5.debug" set to true? >>> >>> Could you post the contents of your krb5.conf and jaas.conf file? >>> >>> Regards >>> Felix >>> >>> >>>> *Thanks! * >>>> >>>> *Martijn de Vrieze* >>>> >>>> >>>> Skype: martijndevrieze | gtalk: [email protected] | Twitter: >>>> http://www.twitter.com/martijndevrieze | >>>> >>>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: [email protected] >>> For additional commands, e-mail: [email protected] >>> >>> >>> > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
