some windows user fail
Gsandtner Michael
michael.gsandtner at wien.gv.at
Mon Jan 21 05:47:39 EST 2013
We want to access a LDAP Directory Server:
Directory Server: Sun-Directory-Server/11.1.1.5.0 B2011.0517.2353 (64-bit) on Red Hat Enterprise Linux Server release 5.8 (Tikanga)
KDC: Active Directory 2003 on Windows Server 2003 SP2
Client Jxplorer v3.3.02 on Red Hat Enterprise Linux ES release 4 (Nahant Update 9)
Most of the domain user work, however some do not, e.g.:
# kinit admadvgsa
# JXOPTS="-Dsun.security.krb5.debug=true" ./jxplorer.sh console
starting JXplorer...
java -Dsun.security.krb5.debug=true -Dfile.encoding=utf-8 -cp .:jars/*:jasper/lib/* com.ca.directory.jxplorer.JXplorer
Jan 21, 2013 11:10:31 AM com.ca.directory.jxplorer.JXplorer printTime
INFO: main start
TIME: Mon Jan 21 11:10:31 CET 2013 (133)
Jan 21, 2013 11:10:31 AM com.ca.directory.jxplorer.JXplorer checkJavaEnvironment
INFO: running java from: /usr/lib/jvm/java-1.6.0-sun-1.6.0.31/jre
Jan 21, 2013 11:10:31 AM com.ca.directory.jxplorer.JXplorer checkJavaEnvironment
INFO: running java version 1.6.0_31
Jan 21, 2013 11:10:31 AM com.ca.directory.jxplorer.JXConfig getConfigDirectory
WARNING: JX using configDirectory: /data1/jxplorer/
Jan 21, 2013 11:10:31 AM com.ca.directory.jxplorer.JXConfig getConfigDirectory
WARNING: JX using configDirectory: /data1/jxplorer/
Jan 21, 2013 11:10:31 AM com.ca.directory.jxplorer.JXConfig getConfigDirectory
WARNING: JX using configDirectory: /data1/jxplorer/
Jan 21, 2013 11:10:31 AM com.ca.directory.jxplorer.JXConfig setupLogger
INFO: setting up logger
XXX logging initially level WARNING with 0 parents=true
Jan 21, 2013 11:10:31 AM com.ca.commons.cbutil.CBUtility readPropertyFile
WARNING: No property list:
/data1/jxplorer/search_filters.txt
Jan 21, 2013 11:10:31 AM com.ca.commons.cbutil.CBUtility readPropertyFile
WARNING: No property list:
bookmarks.txt
Jan 21, 2013 11:10:31 AM com.ca.commons.cbutil.CBUtility readPropertyFile
WARNING: No property list:
quicksearch.txt
>>>KinitOptions cache name is /tmp/krb5cc_0
>>>DEBUG <CCacheInputStream> client principal is admadvgsa at MAGWIEN.GV.AT
>>>DEBUG <CCacheInputStream> server principal is krbtgt/MAGWIEN.GV.AT at MAGWIEN.GV.AT
>>>DEBUG <CCacheInputStream> key type: 23
>>>DEBUG <CCacheInputStream> auth time: Mon Jan 21 10:51:20 CET 2013
>>>DEBUG <CCacheInputStream> start time: Mon Jan 21 10:51:18 CET 2013
>>>DEBUG <CCacheInputStream> end time: Mon Jan 21 20:51:20 CET 2013
>>>DEBUG <CCacheInputStream> renew_till time: Tue Jan 22 10:51:18 CET 2013
>>> CCacheInputStream: readFlags() FORWARDABLE; PROXIABLE; RENEWABLE; INITIAL; PRE_AUTH;
Config name: /etc/krb5.conf
Found ticket for admadvgsa at MAGWIEN.GV.AT to go to krbtgt/MAGWIEN.GV.AT at MAGWIEN.GV.AT expiring on Mon Jan 21 20:51:20 CET 2013
Entered Krb5Context.initSecContext with state=STATE_NEW
Found ticket for admadvgsa at MAGWIEN.GV.AT to go to krbtgt/MAGWIEN.GV.AT at MAGWIEN.GV.AT expiring on Mon Jan 21 20:51:20 CET 2013
Service ticket not found in the subject
>>> Credentials acquireServiceCreds: same realm
>>> KdcAccessibility: reset
Using builtin default etypes for default_tgs_enctypes
default etypes for default_tgs_enctypes: 3 1 23 16 17.
>>> CksumType: sun.security.krb5.internal.crypto.RsaMd5CksumType
>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
>>> KrbKdcReq send: kdc=master.magwien.gv.at UDP:88, timeout=30000, number of retries =3, #bytes=1340
>>> KDCCommunication: kdc=master.magwien.gv.at UDP:88, timeout=30000,Attempt =1, #bytes=1340
>>> KrbKdcReq send: #bytes read=1322
>>> KrbKdcReq send: #bytes read=1322
>>> KdcAccessibility: remove master.magwien.gv.at
>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
>>> KrbApReq: APOptions are 00000000 00000000 00000000 00000000
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
Krb5Context setting mySeqNumber to: 658059415
Krb5Context setting peerSeqNumber to: 0
Created InitSecContextToken:
0000: 01 00 6E 82 04 D9 30 82 04 D5 A0 03 02 01 05 A1 ..n...0.........
0010: 03 02 01 0E A2 07 03 05 00 00 00 00 00 A3 82 03 ................
0020: FD 61 82 03 F9 30 82 03 F5 A0 03 02 01 05 A1 0F .a...0..........
0030: 1B 0D 4D 41 47 57 49 45 4E 2E 47 56 2E 41 54 A2 ..MAGWIEN.GV.AT.
0040: 2F 30 2D A0 03 02 01 00 A1 26 30 24 1B 04 6C 64 /0-......&0$..ld
0050: 61 70 1B 1C 76 6D 6C 78 65 6E 74 77 33 2E 68 6F ap..vmlxentw3.ho
0060: 73 74 2E 6D 61 67 77 69 65 6E 2E 67 76 2E 61 74 st.magwien.gv.at
0070: A3 82 03 AA 30 82 03 A6 A0 03 02 01 17 A1 03 02 ....0...........
0080: 01 0B A2 82 03 98 04 82 03 94 58 E1 92 B9 23 06 ..........X...#.
0090: 24 AD 18 87 FE FF C3 D3 D1 16 DF B2 A8 17 7F 3E $..............>
00A0: D5 06 B1 B1 82 6B EB F7 ED 4A 6A 61 00 C5 5D F9 .....k...Jja..].
00B0: CC A8 FA EF 0B 62 2F 20 62 94 05 15 AD B0 5D 7E .....b/ b.....].
00C0: 89 F1 0B 48 1B A6 1F A9 9C 9B 64 C2 BA BE 9F 5C ...H......d....\
00D0: 57 D5 81 A4 FF 40 D7 9E 9D 08 54 4A A6 42 7D 4C W.... at ....TJ.B.L
00E0: 39 B5 BA 51 37 D3 0F CF 9B 7A 68 B9 C4 12 5D 9B 9..Q7....zh...].
00F0: 9C 9E 66 55 D2 5E 39 65 AF DB AF A0 3A 69 9B 92 ..fU.^9e....:i..
0100: 87 E7 FE 52 0C A2 F4 B3 D9 07 81 F2 C8 58 E4 CD ...R.........X..
0110: 50 1C 6A 59 6A 80 F1 89 AC 46 FB 96 5E 5C 2D 4D P.jYj....F..^\-M
0120: DE 8B 52 53 F2 F4 9D F4 EC F2 98 5D EE 60 6F F1 ..RS.......].`o.
0130: C9 E0 AB 9A 24 CA BF C2 02 E6 C0 9D 31 69 40 AC ....$.......1i at .
0140: 76 0D A4 41 3C 46 01 AA FC 5A 81 61 0E BE 0A 6A v..A<F...Z.a...j
0150: 7D F3 7B 18 A4 9E 50 BF 6D 55 15 62 B5 13 B5 B1 ......P.mU.b....
0160: 7E 18 52 4F 3D D3 3C B7 DE 88 8D 48 EC B4 F7 F4 ..RO=.<....H....
0170: F1 3E 0F A2 EC 48 CE 39 B4 F2 32 5F 14 36 32 05 .>...H.9..2_.62.
0180: D7 72 27 51 DD AA 55 2D 15 50 DC 2A EF BF F3 4F .r'Q..U-.P.*...O
0190: AA 7F 20 79 F1 D4 77 71 09 77 86 CB B9 41 11 B9 .. y..wq.w...A..
01A0: AE E3 7E BA 77 56 DD 99 6D 75 F1 F5 02 5B 95 70 ....wV..mu...[.p
01B0: A6 9C 7C C1 41 DB 87 D4 5C C9 46 AF C9 A3 55 75 ....A...\.F...Uu
01C0: 96 F9 18 1D 1B 0A DF BD 9B AD 01 59 83 21 BA 52 ...........Y.!.R
01D0: 89 8F 20 76 C7 68 82 85 AF A0 FC F1 ED 91 15 50 .. v.h.........P
01E0: CB 1B 1A B5 37 C7 83 98 D8 6C 96 75 55 A5 68 A9 ....7....l.uU.h.
01F0: 6C 64 A3 1B F6 33 F3 61 B6 C7 A4 C0 FF F4 73 D2 ld...3.a......s.
0200: FE 56 04 4E 84 35 3F 31 16 1A 2E 0E E0 A6 0B D3 .V.N.5?1........
0210: 47 B9 E9 0C B8 92 5B 39 F6 30 AE 37 88 04 4E 10 G.....[9.0.7..N.
0220: 45 8F 59 E5 90 B2 2A B7 93 B8 68 10 BF 1C 14 37 E.Y...*...h....7
0230: EA B3 CF F3 0C CD B6 42 9D 29 31 50 12 7C 3F 7D .......B.)1P..?.
0240: 01 0B 02 DD 83 FA 05 0D E7 86 8E 23 F2 EA 77 D8 ...........#..w.
0250: 60 C8 1E 61 F9 8F 64 0E 58 88 EB BF 8B 8C 96 2C `..a..d.X......,
0260: 89 FF 18 9E 23 A8 75 C3 E9 08 ED DA 92 DC 54 AA ....#.u.......T.
0270: B1 44 8B 1C 0F 24 3A F1 16 D7 D6 87 8E 91 63 88 .D...$:.......c.
0280: 45 1B 21 AF F5 39 84 C0 DE 3C F5 E5 83 84 78 F7 E.!..9...<....x.
0290: A2 20 F4 11 5E FC 68 4C 1B B3 23 0B 94 A6 7A E6 . ..^.hL..#...z.
02A0: 9E 52 D4 CA 4D 41 89 1D 51 E7 6E 0E 6D 7B 70 95 .R..MA..Q.n.m.p.
02B0: E7 70 88 D9 98 B3 21 90 92 4D 3A FA 94 28 B0 44 .p....!..M:..(.D
02C0: 54 56 A0 98 0A 21 2F C8 97 AD E8 44 F9 EE B4 78 TV...!/....D...x
02D0: AC D5 A0 88 FE 3D 51 E4 AA 9D 86 4E 84 C1 56 EF .....=Q....N..V.
02E0: 6F 8E BD 3D 7E F0 B6 E2 75 2D 80 0A 81 03 37 6E o..=....u-....7n
02F0: 6F C4 3D 15 C0 C5 9F 58 12 0E 7E 3C C7 80 31 27 o.=....X...<..1'
0300: 06 65 3D 18 47 D7 0E 4A B8 C0 47 EF 63 4D A4 A4 .e=.G..J..G.cM..
0310: 11 08 C0 D2 6D F9 BF 51 17 5A BA FC BB 61 25 FB ....m..Q.Z...a%.
0320: 25 17 4F CD 01 A5 96 97 3F 36 FF 17 79 6E BD 2F %.O.....?6..yn./
0330: F2 1C 9C 41 7B C5 04 9C F5 95 57 8A 80 DE 9D 4B ...A......W....K
0340: 38 DA BA B7 8B 8D 07 B6 DF D4 20 D4 2B 73 D3 6A 8......... .+s.j
0350: A5 25 A0 A1 8A DF 90 60 E8 D8 0E 6A 34 5D 30 EF .%.....`...j4]0.
0360: 3C 58 22 92 3A 4E E9 E3 BE 90 59 65 48 E8 80 32 <X".:N....YeH..2
0370: A9 84 1A 6C F2 A7 C1 31 9D A0 AE 96 96 24 09 DB ...l...1.....$..
0380: 36 22 C0 D7 9F C4 CC 92 AB B4 16 3B 09 28 E2 4A 6".........;.(.J
0390: A9 09 93 32 B5 F5 5B A9 E5 0E 31 40 B1 41 97 D8 ...2..[...1 at .A..
03A0: 08 EB 0A 50 C5 0A 41 58 92 77 D0 D3 86 35 B4 93 ...P..AX.w...5..
03B0: 49 0F 40 DF 8C 80 4C F6 10 34 8C CE 2A 68 D9 A8 I. at ...L..4..*h..
03C0: D9 92 CE 27 92 AB B1 E2 6B C6 23 21 E0 34 12 4C ...'....k.#!.4.L
03D0: 54 77 56 12 CA 0A 98 14 86 6A F9 5E E9 81 B8 F8 TwV......j.^....
03E0: E1 62 66 AC 58 AD 08 76 B3 4E 7C B3 AD 62 F8 CA .bf.X..v.N...b..
03F0: E5 62 3C 07 E4 1D 69 7F 7E 12 2D BA BE DF B0 E3 .b<...i...-.....
0400: 9C 0B 84 C7 A1 28 0D 4B B2 C7 A9 5D 9C AA E9 E8 .....(.K...]....
0410: 99 FB 08 A5 F1 9B 80 2F E9 F3 AB 03 64 D7 A4 81 ......./....d...
0420: BE 30 81 BB A0 03 02 01 03 A2 81 B3 04 81 B0 13 .0..............
0430: 12 96 5D 04 04 7B 87 4E C9 D7 F2 2A 64 0D D1 82 ..]....N...*d...
0440: 14 B3 77 87 F9 BB 0D 91 1C 09 C0 4A 9B 40 46 78 ..w........J. at Fx
0450: 97 CA 90 73 A8 81 D1 A7 C3 04 1E E9 14 CD 52 13 ...s..........R.
0460: A4 19 4A 7A F5 B6 85 79 A0 0A 34 F6 2D 84 B4 2E ..Jz...y..4.-...
0470: 7B 2E 22 79 F7 1B 05 2E 1C 32 47 63 7B 79 2C 34 .."y.....2Gc.y,4
0480: 3F C3 33 42 D6 4D EA F6 A7 62 E2 9D 1B 6C 76 BF ?.3B.M...b...lv.
0490: 6B 27 0B D4 AF DB 92 AE 0A 12 28 FC 1F 7A A7 5A k'........(..z.Z
04A0: CA 49 01 E9 14 9F 3F 0D 74 B5 A5 E4 DF BE BB D2 .I....?.t.......
04B0: 05 CA 19 C6 4B 01 6A F8 40 95 D8 03 82 D8 30 9C ....K.j. at .....0.
04C0: C6 DE 0F 9D 79 DE 4D 82 D9 34 E7 FB 7A 1E F1 6F ....y.M..4..z..o
04D0: A3 23 82 0F 5C DC E8 45 42 4E AD F0 82 CE 45 .#..\..EBN....E
Krb5Context.unwrap: token=[60 33 06 09 2a 86 48 86 f7 12 01 02 02 02 01 00 00 ff ff ff ff ab 5d a3 37 f1 5b 52 40 89 83 e9 c1 aa b0 c3 11 ec ed b4 ae 39 30 59 d4 07 00 ff ff 04 04 04 04 ]
Krb5Context.unwrap: data=[07 00 ff ff ]
Krb5Context.wrap: data=[04 01 00 00 ]
Krb5Context.wrap: token=[60 33 06 09 2a 86 48 86 f7 12 01 02 02 02 01 00 00 ff ff ff ff 65 a0 a3 31 dd 7c 9f fc bf 0b 7c 66 74 05 df 5c 27 cc 38 99 14 f1 a9 86 04 01 00 00 04 04 04 04 ]
javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3067)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3013)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2815)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2729)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:296)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
at javax.naming.InitialContext.init(InitialContext.java:223)
at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:134)
at com.ca.commons.jndi.JndiAction.run(JndiAction.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:337)
at com.ca.commons.jndi.JNDIOps.setupKerberosContext(JNDIOps.java:160)
at com.ca.commons.jndi.JNDIOps.<init>(JNDIOps.java:116)
at com.ca.commons.jndi.BasicOps.<init>(BasicOps.java:55)
at com.ca.commons.jndi.AdvancedOps.<init>(AdvancedOps.java:57)
at com.ca.commons.naming.DXOps.<init>(DXOps.java:40)
at com.ca.directory.jxplorer.broker.CBGraphicsOps.<init>(CBGraphicsOps.java:46)
at com.ca.directory.jxplorer.broker.JNDIDataBroker.openConnection(JNDIDataBroker.java:455)
at com.ca.directory.jxplorer.broker.JNDIDataBroker.openConnection(JNDIDataBroker.java:400)
at com.ca.directory.jxplorer.broker.JNDIDataBroker.processRequest(JNDIDataBroker.java:374)
at com.ca.directory.jxplorer.broker.DataBroker.processQueue(DataBroker.java:200)
at com.ca.directory.jxplorer.broker.JNDIDataBroker.processQueue(JNDIDataBroker.java:883)
at com.ca.directory.jxplorer.broker.DataBroker.run(DataBroker.java:165)
at java.lang.Thread.run(Thread.java:662)
Jan 21, 2013 11:10:39 AM com.ca.directory.jxplorer.broker.JNDIDataBroker openConnection
WARNING: initial receipt of exception by jndi broker a problem with GSSAPI occurred - couldn't create a GSSAPI directory context
javax.naming.NamingException: a problem with GSSAPI occurred - couldn't create a GSSAPI directory context
at com.ca.commons.jndi.JNDIOps.setupKerberosContext(JNDIOps.java:165)
at com.ca.commons.jndi.JNDIOps.<init>(JNDIOps.java:116)
at com.ca.commons.jndi.BasicOps.<init>(BasicOps.java:55)
at com.ca.commons.jndi.AdvancedOps.<init>(AdvancedOps.java:57)
at com.ca.commons.naming.DXOps.<init>(DXOps.java:40)
at com.ca.directory.jxplorer.broker.CBGraphicsOps.<init>(CBGraphicsOps.java:46)
at com.ca.directory.jxplorer.broker.JNDIDataBroker.openConnection(JNDIDataBroker.java:455)
at com.ca.directory.jxplorer.broker.JNDIDataBroker.openConnection(JNDIDataBroker.java:400)
at com.ca.directory.jxplorer.broker.JNDIDataBroker.processRequest(JNDIDataBroker.java:374)
at com.ca.directory.jxplorer.broker.DataBroker.processQueue(DataBroker.java:200)
at com.ca.directory.jxplorer.broker.JNDIDataBroker.processQueue(JNDIDataBroker.java:883)
at com.ca.directory.jxplorer.broker.DataBroker.run(DataBroker.java:165)
at java.lang.Thread.run(Thread.java:662)
Jan 21, 2013 11:10:44 AM com.ca.directory.jxplorer.JXOpenConWin dataReady
WARNING: Error opening connection
javax.naming.NamingException: a problem with GSSAPI occurred - couldn't create a GSSAPI directory context
at com.ca.commons.jndi.JNDIOps.setupKerberosContext(JNDIOps.java:165)
at com.ca.commons.jndi.JNDIOps.<init>(JNDIOps.java:116)
at com.ca.commons.jndi.BasicOps.<init>(BasicOps.java:55)
at com.ca.commons.jndi.AdvancedOps.<init>(AdvancedOps.java:57)
at com.ca.commons.naming.DXOps.<init>(DXOps.java:40)
at com.ca.directory.jxplorer.broker.CBGraphicsOps.<init>(CBGraphicsOps.java:46)
at com.ca.directory.jxplorer.broker.JNDIDataBroker.openConnection(JNDIDataBroker.java:455)
at com.ca.directory.jxplorer.broker.JNDIDataBroker.openConnection(JNDIDataBroker.java:400)
at com.ca.directory.jxplorer.broker.JNDIDataBroker.processRequest(JNDIDataBroker.java:374)
at com.ca.directory.jxplorer.broker.DataBroker.processQueue(DataBroker.java:200)
at com.ca.directory.jxplorer.broker.JNDIDataBroker.processQueue(JNDIDataBroker.java:883)
at com.ca.directory.jxplorer.broker.DataBroker.run(DataBroker.java:165)
at java.lang.Thread.run(Thread.java:662)
Jan 21, 2013 11:10:48 AM com.ca.directory.jxplorer.JXplorer shutdown
WARNING: shutting down
Any hints welcome.
Mit freundlichen Grüßen
Michael Gsandtner
Magistrat Wien, MA 14
E michael.gsandtner at wien.gv.at
More information about the Kerberos
mailing list