Hi, Yes I restarted and I got the same error. I forgot to include my environment: Windows 7, SP1, 64 Bit Oracle JDK 1.8.0_45 Apache DS 2.0 M19 (Not the latest because of a bug with DS Studio) DS Studio 2.0.0
Ed Brown Streaming Analytics Lead office: 410.418.9910 mobile: 410.303.5336 [email protected] www.sas.com SAS® … THE POWER TO KNOW® -----Original Message----- From: Kiran Ayyagari [mailto:[email protected]] Sent: Tuesday, June 09, 2015 4:17 AM To: [email protected] Subject: Re: Help Configuring LDAP/KERBEROS Needed On Tue, Jun 9, 2015 at 11:35 AM, Ed Brown <[email protected]> wrote: > Hi, > I'm following the example on Kerberos integration located here: > https://directory.apache.org/apacheds/kerberos-ug/4.2-authenticate-studio.html. > The error I get, which is at the bottom, indicates the default realm > cannot be found. Any pointers/help would be appreciated. > > TIA. > > According to DS Studio, I have a realm EXAMPLE.COM. > The krbtgt user is: > > Krb5KeyVersionNumber=0 > Krb5PrincipalName=ldap/[email protected]<mailto:ldap/ > [email protected]> > Ou=TGT > Uid=ldap > > The ldap user is: > Krb5KeyVersionNumber=0 > Krb5PrincipalName=krbtgt/[email protected]<mailto:Krb5PrincipalN > ame > =krbtgt/[email protected]> > Ou=LDAP > Uid=krbtgt > > Kerberos server: > Port: 60088 > Kerberos change password server: > Port: 60464 > Primary KDC Realse: EXAMPLE.COM > Search Base DN: dc=security,dc=example,dc=com > > LDAP/LDAPS Servers: > SASL Host: example.net > SASL Principal ldap/[email protected]<mailto:ldap/ > [email protected]> > Search Base DN: dc=security,dc=example,dc=com > > Authentication: > User: dnelson > Kerberos settings: Obtain TGBT from KDC Kerberos realm: EXAMPLE.COM > KDC Host: example.net KDC port: 60888 > > Local hosts file: > 127.0.0.1 localhost example.com example.net > ::1 localhost example.com example.net > > config is looking good, can you restart the server and try? > > When I authenticate, the follow error appears in the log file (after > turning on debug logging), specifying it can't find the default realm: > > [22:59:27] DEBUG > [org.apache.directory.shared.kerberos.messages.Ticket] - Ticket encoding : > 0x6D 0x82 0x02 ... > [22:59:27] DEBUG > [org.apache.directory.shared.kerberos.messages.Ticket] - Ticket initial value > : Ticket : > tkt-vno : 5 > realm : EXAMPLE.COM > sname : { name-type: KRB_NT_UNKNOWN, name-string : <'ldap', > 'example.net'> } > enc-part : EncryptedData : { > etype: aes128-cts-hmac-sha1-96 (17) > cipher: 0x77 0xFF 0x5F ... > } > > ... > > [22:59:28] DEBUG > [org.apache.directory.shared.kerberos.codec.encryptionKey.actions.Encr > yptionKeyInit] > - EncryptionKey created > [22:59:28] DEBUG > [org.apache.directory.shared.kerberos.codec.encryptionKey.actions.Stor > eKeyType] > - keytype : aes128-cts-hmac-sha1-96 (17) [22:59:28] DEBUG > [org.apache.directory.shared.kerberos.codec.encryptionKey.actions.Encr > yptionKeyInit] > - EncryptionKey created > [22:59:28] DEBUG > [org.apache.directory.shared.kerberos.codec.encryptionKey.actions.Stor > eKeyType] > - keytype : rc4-hmac (23) > [22:59:28] DEBUG > [org.apache.directory.shared.kerberos.codec.encryptionKey.actions.Encr > yptionKeyInit] > - EncryptionKey created > [22:59:28] DEBUG > [org.apache.directory.shared.kerberos.codec.encryptionKey.actions.Stor > eKeyType] > - keytype : aes256-cts-hmac-sha1-96 (18) [22:59:28] DEBUG > [org.apache.directory.shared.kerberos.codec.encryptionKey.actions.Encr > yptionKeyInit] > - EncryptionKey created > [22:59:28] DEBUG > [org.apache.directory.shared.kerberos.codec.encryptionKey.actions.Stor > eKeyType] > - keytype : des-cbc-md5 (3) > [22:59:28] DEBUG > [org.apache.directory.shared.kerberos.codec.encryptionKey.actions.Encr > yptionKeyInit] > - EncryptionKey created > [22:59:28] DEBUG > [org.apache.directory.shared.kerberos.codec.encryptionKey.actions.Stor > eKeyType] > - keytype : des3-cbc-sha1-kd (16) > [22:59:28] WARN [org.apache.directory.server.ldap.LdapProtocolHandler] > - Unexpected exception forcing session to close: sending disconnect > notice to client. > java.security.PrivilegedActionException: > javax.security.sasl.SaslException: Failure to initialize security > context [Caused by GSSException: Invalid name provided (Mechanism level: > KrbException: Cannot locate default realm)] > > > > Ed Brown > > > -- Kiran Ayyagari http://keydap.com
