I appreciate the help with this. I am new to ApacheDS and Kerberos. I have now tried that tutorial (of course I hadn't got that far, I was trying the tutorial before it, 4.1 - Authenticate with kinit on Linux!)
Adding krbtgt/[email protected] SOLVES the "Server not found in the Kerberos database while getting initial credentials" error with kinit. So that's good. However, now in kinit I get a new error for any principal I try (either using my generated keytab or by typing in the password). Verbose output of kinit -V [email protected] Using default cache: /tmp/krb5cc_13553 Using principal: [email protected] Password for [email protected]: kinit: Password incorrect while getting initial credentials I am trying kinit on a linux machine. On a separate Windows 7 machine, I have Apache Directory Studio. Following the tutorial as best I can (Kerberos settings tab seems subtly different than the screens I see on Apache Directory Studio 2.0.0.v20130628 / Win7 / IBM Java 1.7 JRE) After I set up krbtgt and ldap principals, when I try to connect as one of my principals using Apache directory Studio I get this exception: Error while opening connection - java.lang.IllegalArgumentException org.apache.directory.api.ldap.model.exception.LdapException: java.lang.IllegalArgumentException at org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:1535) at org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:1421) at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$2.run(DirectoryApiConnectionWrapper.java:447) at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1175) at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.doBind(DirectoryApiConnectionWrapper.java:460) at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.bind(DirectoryApiConnectionWrapper.java:306) at org.apache.directory.studio.connection.core.jobs.OpenConnectionsRunnable.run(OpenConnectionsRunnable.java:114) at org.apache.directory.studio.connection.core.jobs.StudioConnectionJob.run(StudioConnectionJob.java:109) at org.eclipse.core.internal.jobs.Worker.run(Worker.java:54) Caused by: java.lang.IllegalArgumentException at javax.security.auth.login.AppConfigurationEntry.<init>(AppConfigurationEntry.java:84) at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$InnerConfiguration.getAppConfigurationEntry(DirectoryApiConnectionWrapper.java:1222) at javax.security.auth.login.LoginContext.init(LoginContext.java:269) at javax.security.auth.login.LoginContext.<init>(LoginContext.java:427) at org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:1520) ... 8 more java.lang.IllegalArgumentException Seems like no matter which way I go I am finding all the hurdles. Thank you, Brian On Fri, Jul 25, 2014 at 12:12 PM, Emmanuel Lécharny <[email protected]> wrote: > Le 25/07/2014 17:19, Brian Laskey a écrit : > > Actually, I solved the "Additional pre-authentication required" error by > > Opening Configuration on my ApacheDS server with Directory Studio, on the > > Kerberos Server tab, uncheck Require Pre-AuthenticationBy Encrypted > > TimeStamp check box under Ticket Settings. > > > > > > Now I receive a different error with kinit using the same keytab and conf > > file: > > kinit: Server not found in Kerberos database while getting initial > > credentials > > > > > > Should I create a principal krbtgt manually? > > I think so. > > Have you followed the tutorial on > > http://directory.apache.org/apacheds/kerberos-ug/4.2-authenticate-studio.html > ? > >
