Error while authenticating using mod_auth_kerb module
Vijay Jain
vijay_jain at persistent.co.in
Fri May 11 10:01:06 EDT 2007
Hi all,
I have been able to authenticate the user based on the credentials provided
but still not able to resolve the issue of NTLM based token from the
browser.
Following is the error message from apache web server for token processing
Warning: received token seems to be NTLM, which isn't supported by the
Kerberos module. Check your IE configuration.
I tried with IE as well as MOzilla browser.
I followed the respective configuration for IE and Mozilla but still not
able to get the Kerberos token.
It seems that there must be some configuration for the windows machine to
send kerberos token instead of NTLM.
Could someone please let me know the required configuration to fetch
kerberos based token from the browser?
Thanks,
Vijay
-----Original Message-----
From: Vijay Jain [mailto:vijay_jain at persistent.co.in]
Sent: Thursday, May 10, 2007 10:28 PM
To: Gopalan, Sriram; kerberos at mit.edu
Subject: RE: Error while authenticating using mod_auth_kerb module
Hi Sriram,
I am obliged by your eagerness to help me resolve my issue. Thank you very
much.
Please find attached mod_auth_kerb configuration doc containing the
configuration details for the AD server and apache web server configuration.
The document contains
1) Snap shots of KERBTRAY.EXE
2) APACHE error logs
3) /etc/krb5.conf
4) httpd.conf configuration for mod_auth_kerb
5) ktpass.exe input paramters
6) kinit command output etc..
Please provide feedback, if any.
Thanks,
Vijay
-----Original Message-----
From: Gopalan, Sriram [mailto:sgopalan at etrade.com]
Sent: Thursday, May 10, 2007 12:57 AM
To: vijay_jain at persistent.co.in; kerberos at mit.edu
Subject: RE: Error while authenticating using mod_auth_kerb module
It should not be getting into basic auth. Still it should authenticate
in basic mode, unless you type wrong password.
So most likely it might be the issue with your httpd.conf or kerb5.conf.
--Sriram
-----Original Message-----
From: kerberos-bounces at mit.edu [mailto:kerberos-bounces at mit.edu] On
Behalf Of vijay_jain at persistent.co.in
Sent: Wednesday, May 09, 2007 8:57 AM
To: kerberos at mit.edu
Subject: Error while authenticating using mod_auth_kerb module
Hi All,
I am using mod_auth_kerb module on Apache web server to authenitcate
user based on the Windows login.
The token based authentication is not sucessful and am getting
"authorization required" message after providing credentials through
pop-up three times.
Basically teh issue is with the token povied by IE. It is NTLM instead
of kerberos token.
I googled on net and found the the issue is with IE settings.
I followed the *resolutions* mentioned at the following link
http://technet2.microsoft.com/windowsserver/en/library/6291dce1-4ea8-4b4
f-a9c1-23926ab6e8dd1033.mspx?mfr=true
i.e enabling IWA through browser.
Adding site to intranet list
Disabling proxies
But still not able to get Kerberos token from IE
Following is the message in Apache log
Warning: received token seems to be NTLM, which isn't supported by the
Kerberos module. Check your IE configuration.
Can someone help me resolve the issue?
Thanks,
Vijay
DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is
the property of Persistent Systems Pvt. Ltd. It is intended only for the
use of the individual or entity to which it is addressed. If you are not
the intended recipient, you are not authorized to read, retain, copy,
print, distribute or use this message. If you have received this
communication in error, please notify the sender and delete all copies
of this message. Persistent Systems Pvt. Ltd. does not accept any
liability for virus infected mails.
________________________________________________
Kerberos mailing list Kerberos at mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails.
More information about the Kerberos
mailing list