On Tue, Jun 9, 2015 at 11:35 AM, Ed Brown <[email protected]> wrote:
> Hi,
> I'm following the example on Kerberos integration located here:
> https://directory.apache.org/apacheds/kerberos-ug/4.2-authenticate-studio.html.
> The error I get, which is at the bottom, indicates the default realm cannot
> be found. Any pointers/help would be appreciated.
>
> TIA.
>
> According to DS Studio, I have a realm EXAMPLE.COM.
> The krbtgt user is:
>
> Krb5KeyVersionNumber=0
> Krb5PrincipalName=ldap/[email protected]<mailto:ldap/
> [email protected]>
> Ou=TGT
> Uid=ldap
>
> The ldap user is:
> Krb5KeyVersionNumber=0
> Krb5PrincipalName=krbtgt/[email protected]<mailto:Krb5PrincipalName
> =krbtgt/[email protected]>
> Ou=LDAP
> Uid=krbtgt
>
> Kerberos server:
> Port: 60088
> Kerberos change password server:
> Port: 60464
> Primary KDC Realse: EXAMPLE.COM
> Search Base DN: dc=security,dc=example,dc=com
>
> LDAP/LDAPS Servers:
> SASL Host: example.net
> SASL Principal ldap/[email protected]<mailto:ldap/
> [email protected]>
> Search Base DN: dc=security,dc=example,dc=com
>
> Authentication:
> User: dnelson
> Kerberos settings: Obtain TGBT from KDC
> Kerberos realm: EXAMPLE.COM
> KDC Host: example.net
> KDC port: 60888
>
> Local hosts file:
> 127.0.0.1 localhost example.com example.net
> ::1 localhost example.com example.net
>
> config is looking good, can you restart the server and try?
>
> When I authenticate, the follow error appears in the log file (after
> turning on debug logging), specifying it can't find the default realm:
>
> [22:59:27] DEBUG [org.apache.directory.shared.kerberos.messages.Ticket] -
> Ticket encoding : 0x6D 0x82 0x02 ...
> [22:59:27] DEBUG [org.apache.directory.shared.kerberos.messages.Ticket] -
> Ticket initial value : Ticket :
> tkt-vno : 5
> realm : EXAMPLE.COM
> sname : { name-type: KRB_NT_UNKNOWN, name-string : <'ldap', 'example.net'>
> }
> enc-part : EncryptedData : {
> etype: aes128-cts-hmac-sha1-96 (17)
> cipher: 0x77 0xFF 0x5F ...
> }
>
> ...
>
> [22:59:28] DEBUG
> [org.apache.directory.shared.kerberos.codec.encryptionKey.actions.EncryptionKeyInit]
> - EncryptionKey created
> [22:59:28] DEBUG
> [org.apache.directory.shared.kerberos.codec.encryptionKey.actions.StoreKeyType]
> - keytype : aes128-cts-hmac-sha1-96 (17)
> [22:59:28] DEBUG
> [org.apache.directory.shared.kerberos.codec.encryptionKey.actions.EncryptionKeyInit]
> - EncryptionKey created
> [22:59:28] DEBUG
> [org.apache.directory.shared.kerberos.codec.encryptionKey.actions.StoreKeyType]
> - keytype : rc4-hmac (23)
> [22:59:28] DEBUG
> [org.apache.directory.shared.kerberos.codec.encryptionKey.actions.EncryptionKeyInit]
> - EncryptionKey created
> [22:59:28] DEBUG
> [org.apache.directory.shared.kerberos.codec.encryptionKey.actions.StoreKeyType]
> - keytype : aes256-cts-hmac-sha1-96 (18)
> [22:59:28] DEBUG
> [org.apache.directory.shared.kerberos.codec.encryptionKey.actions.EncryptionKeyInit]
> - EncryptionKey created
> [22:59:28] DEBUG
> [org.apache.directory.shared.kerberos.codec.encryptionKey.actions.StoreKeyType]
> - keytype : des-cbc-md5 (3)
> [22:59:28] DEBUG
> [org.apache.directory.shared.kerberos.codec.encryptionKey.actions.EncryptionKeyInit]
> - EncryptionKey created
> [22:59:28] DEBUG
> [org.apache.directory.shared.kerberos.codec.encryptionKey.actions.StoreKeyType]
> - keytype : des3-cbc-sha1-kd (16)
> [22:59:28] WARN [org.apache.directory.server.ldap.LdapProtocolHandler] -
> Unexpected exception forcing session to close: sending disconnect notice to
> client.
> java.security.PrivilegedActionException:
> javax.security.sasl.SaslException: Failure to initialize security context
> [Caused by GSSException: Invalid name provided (Mechanism level:
> KrbException: Cannot locate default realm)]
>
>
>
> Ed Brown
>
>
>
--
Kiran Ayyagari
http://keydap.com
