Hi, I'm following the example on Kerberos integration located here: https://directory.apache.org/apacheds/kerberos-ug/4.2-authenticate-studio.html. The error I get, which is at the bottom, indicates the default realm cannot be found. Any pointers/help would be appreciated.
TIA. According to DS Studio, I have a realm EXAMPLE.COM. The krbtgt user is: Krb5KeyVersionNumber=0 Krb5PrincipalName=ldap/[email protected]<mailto:ldap/[email protected]> Ou=TGT Uid=ldap The ldap user is: Krb5KeyVersionNumber=0 Krb5PrincipalName=krbtgt/[email protected]<mailto:Krb5PrincipalName=krbtgt/[email protected]> Ou=LDAP Uid=krbtgt Kerberos server: Port: 60088 Kerberos change password server: Port: 60464 Primary KDC Realse: EXAMPLE.COM Search Base DN: dc=security,dc=example,dc=com LDAP/LDAPS Servers: SASL Host: example.net SASL Principal ldap/[email protected]<mailto:ldap/[email protected]> Search Base DN: dc=security,dc=example,dc=com Authentication: User: dnelson Kerberos settings: Obtain TGBT from KDC Kerberos realm: EXAMPLE.COM KDC Host: example.net KDC port: 60888 Local hosts file: 127.0.0.1 localhost example.com example.net ::1 localhost example.com example.net When I authenticate, the follow error appears in the log file (after turning on debug logging), specifying it can't find the default realm: [22:59:27] DEBUG [org.apache.directory.shared.kerberos.messages.Ticket] - Ticket encoding : 0x6D 0x82 0x02 ... [22:59:27] DEBUG [org.apache.directory.shared.kerberos.messages.Ticket] - Ticket initial value : Ticket : tkt-vno : 5 realm : EXAMPLE.COM sname : { name-type: KRB_NT_UNKNOWN, name-string : <'ldap', 'example.net'> } enc-part : EncryptedData : { etype: aes128-cts-hmac-sha1-96 (17) cipher: 0x77 0xFF 0x5F ... } ... [22:59:28] DEBUG [org.apache.directory.shared.kerberos.codec.encryptionKey.actions.EncryptionKeyInit] - EncryptionKey created [22:59:28] DEBUG [org.apache.directory.shared.kerberos.codec.encryptionKey.actions.StoreKeyType] - keytype : aes128-cts-hmac-sha1-96 (17) [22:59:28] DEBUG [org.apache.directory.shared.kerberos.codec.encryptionKey.actions.EncryptionKeyInit] - EncryptionKey created [22:59:28] DEBUG [org.apache.directory.shared.kerberos.codec.encryptionKey.actions.StoreKeyType] - keytype : rc4-hmac (23) [22:59:28] DEBUG [org.apache.directory.shared.kerberos.codec.encryptionKey.actions.EncryptionKeyInit] - EncryptionKey created [22:59:28] DEBUG [org.apache.directory.shared.kerberos.codec.encryptionKey.actions.StoreKeyType] - keytype : aes256-cts-hmac-sha1-96 (18) [22:59:28] DEBUG [org.apache.directory.shared.kerberos.codec.encryptionKey.actions.EncryptionKeyInit] - EncryptionKey created [22:59:28] DEBUG [org.apache.directory.shared.kerberos.codec.encryptionKey.actions.StoreKeyType] - keytype : des-cbc-md5 (3) [22:59:28] DEBUG [org.apache.directory.shared.kerberos.codec.encryptionKey.actions.EncryptionKeyInit] - EncryptionKey created [22:59:28] DEBUG [org.apache.directory.shared.kerberos.codec.encryptionKey.actions.StoreKeyType] - keytype : des3-cbc-sha1-kd (16) [22:59:28] WARN [org.apache.directory.server.ldap.LdapProtocolHandler] - Unexpected exception forcing session to close: sending disconnect notice to client. java.security.PrivilegedActionException: javax.security.sasl.SaslException: Failure to initialize security context [Caused by GSSException: Invalid name provided (Mechanism level: KrbException: Cannot locate default realm)] Ed Brown
