AW: some windows user fail
Gsandtner Michael
michael.gsandtner at wien.gv.at
Thu Jan 24 02:59:29 EST 2013
Here is a successfull log:
starting JXplorer...
java -Dsun.security.krb5.debug=true -Dfile.encoding=utf-8 -cp .:jars/*:jasper/lib/* com.ca.directory.jxplorer.JXplorer
Jan 24, 2013 8:49:13 AM com.ca.directory.jxplorer.JXplorer printTime
INFO: main start
TIME: Thu Jan 24 08:49:13 CET 2013 (377)
Jan 24, 2013 8:49:13 AM com.ca.directory.jxplorer.JXplorer checkJavaEnvironment
INFO: running java from: /usr/lib/jvm/java-1.6.0-sun-1.6.0.31/jre
Jan 24, 2013 8:49:13 AM com.ca.directory.jxplorer.JXplorer checkJavaEnvironment
INFO: running java version 1.6.0_31
Jan 24, 2013 8:49:13 AM com.ca.directory.jxplorer.JXConfig getConfigDirectory
WARNING: JX using configDirectory: /data1/jxplorer/
Jan 24, 2013 8:49:13 AM com.ca.directory.jxplorer.JXConfig getConfigDirectory
WARNING: JX using configDirectory: /data1/jxplorer/
Jan 24, 2013 8:49:13 AM com.ca.directory.jxplorer.JXConfig getConfigDirectory
WARNING: JX using configDirectory: /data1/jxplorer/
Jan 24, 2013 8:49:13 AM com.ca.directory.jxplorer.JXConfig setupLogger
INFO: setting up logger
XXX logging initially level WARNING with 0 parents=true
Jan 24, 2013 8:49:13 AM com.ca.commons.cbutil.CBUtility readPropertyFile
WARNING: No property list:
/data1/jxplorer/search_filters.txt
Jan 24, 2013 8:49:14 AM com.ca.commons.cbutil.CBUtility readPropertyFile
WARNING: No property list:
bookmarks.txt
Jan 24, 2013 8:49:14 AM com.ca.commons.cbutil.CBUtility readPropertyFile
WARNING: No property list:
quicksearch.txt
>>>KinitOptions cache name is /tmp/krb5cc_0
>>>DEBUG <CCacheInputStream> client principal is lanadvgsa at MAGWIEN.GV.AT
>>>DEBUG <CCacheInputStream> server principal is krbtgt/MAGWIEN.GV.AT at MAGWIEN.GV.AT
>>>DEBUG <CCacheInputStream> key type: 23
>>>DEBUG <CCacheInputStream> auth time: Thu Jan 24 08:47:58 CET 2013
>>>DEBUG <CCacheInputStream> start time: Thu Jan 24 08:47:55 CET 2013
>>>DEBUG <CCacheInputStream> end time: Thu Jan 24 18:47:58 CET 2013
>>>DEBUG <CCacheInputStream> renew_till time: Fri Jan 25 08:47:55 CET 2013
>>> CCacheInputStream: readFlags() FORWARDABLE; PROXIABLE; RENEWABLE; INITIAL; PRE_AUTH;
Config name: /etc/krb5.conf
Found ticket for lanadvgsa at MAGWIEN.GV.AT to go to krbtgt/MAGWIEN.GV.AT at MAGWIEN.GV.AT expiring on Thu Jan 24 18:47:58 CET 2013
Entered Krb5Context.initSecContext with state=STATE_NEW
Found ticket for lanadvgsa at MAGWIEN.GV.AT to go to krbtgt/MAGWIEN.GV.AT at MAGWIEN.GV.AT expiring on Thu Jan 24 18:47:58 CET 2013
Service ticket not found in the subject
>>> Credentials acquireServiceCreds: same realm
>>> KdcAccessibility: reset
Using builtin default etypes for default_tgs_enctypes
default etypes for default_tgs_enctypes: 3 1 23 16 17.
>>> CksumType: sun.security.krb5.internal.crypto.RsaMd5CksumType
>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
>>> KrbKdcReq send: kdc=master.magwien.gv.at UDP:88, timeout=30000, number of retries =3, #bytes=1596
>>> KDCCommunication: kdc=master.magwien.gv.at UDP:88, timeout=30000,Attempt =1, #bytes=1596
>>> KrbKdcReq send: #bytes read=111
>>> KrbKdcReq send: #bytes read=111
>>> KdcAccessibility: remove master.magwien.gv.at
>>> KDCRep: init() encoding tag is 126 req type is 13
>>>KRBError:
sTime is Thu Jan 24 08:49:01 CET 2013 1359013741000
suSec is 217950
error code is 52
error Message is Response too big for UDP, retry with TCP
realm is MAGWIEN.GV.AT
sname is ldap/vmlxentw3.host.magwien.gv.at
msgType is 30
>>> KrbKdcReq send: kdc=master.magwien.gv.at TCP:88, timeout=30000, number of retries =3, #bytes=1596
>>> KDCCommunication: kdc=master.magwien.gv.at TCP:88, #bytes=1596
>>>DEBUG: TCPClient reading 1538 bytes
>>> KrbKdcReq send: #bytes read=1538
>>> KrbKdcReq send: #bytes read=1538
>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
>>> KrbApReq: APOptions are 00000000 00000000 00000000 00000000
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
Krb5Context setting mySeqNumber to: 159520043
Krb5Context setting peerSeqNumber to: 0
Created InitSecContextToken:
0000: 01 00 6E 82 05 B1 30 82 05 AD A0 03 02 01 05 A1 ..n...0.........
0010: 03 02 01 0E A2 07 03 05 00 00 00 00 00 A3 82 04 ................
0020: D5 61 82 04 D1 30 82 04 CD A0 03 02 01 05 A1 0F .a...0..........
0030: 1B 0D 4D 41 47 57 49 45 4E 2E 47 56 2E 41 54 A2 ..MAGWIEN.GV.AT.
0040: 2F 30 2D A0 03 02 01 00 A1 26 30 24 1B 04 6C 64 /0-......&0$..ld
0050: 61 70 1B 1C 76 6D 6C 78 65 6E 74 77 33 2E 68 6F ap..vmlxentw3.ho
0060: 73 74 2E 6D 61 67 77 69 65 6E 2E 67 76 2E 61 74 st.magwien.gv.at
0070: A3 82 04 82 30 82 04 7E A0 03 02 01 17 A1 03 02 ....0...........
0080: 01 0B A2 82 04 70 04 82 04 6C 15 A6 39 18 AC 2F .....p...l..9../
0090: 48 61 AB 43 82 8C C0 72 FB A4 04 C6 B7 FC 6E CB Ha.C...r......n.
00A0: C3 A2 13 74 93 52 95 A7 CC C6 A4 40 33 1C 51 01 ...t.R..... at 3.Q.
00B0: 65 BF 67 5A AD 59 F6 B5 A1 BA A7 63 95 FE D3 92 e.gZ.Y.....c....
00C0: 41 9B 99 D1 FD 88 C4 20 64 04 AC 4B D5 BD 31 59 A...... d..K..1Y
00D0: 93 1C 9D 3B F3 48 8C AF A8 9B 07 86 9A C6 E1 6E ...;.H.........n
00E0: 31 76 56 04 65 AC AA 0B 78 9B 9F F7 E7 F8 09 38 1vV.e...x......8
00F0: B4 40 E3 F1 27 83 DD 54 FB 21 21 4B CF 6A 7A CE . at ..'..T.!!K.jz.
0100: 32 C6 93 20 B5 3A 18 99 2D A4 3C E8 2A 8C 9E 43 2.. .:..-.<.*..C
0110: D2 3B 74 52 CB C5 D1 9D BE 88 B2 92 E0 D8 18 64 .;tR...........d
0120: 6A 37 54 80 1E 24 8F 1B A8 C5 C8 6B A9 6C A4 BF j7T..$.....k.l..
0130: F6 A1 69 DD FC 89 F2 D0 9C F1 9A F8 4E B2 C6 F0 ..i.........N...
0140: 32 BD 23 2C 21 BB DF EC 6A 3B BB 8A 8C 15 D1 2F 2.#,!...j;...../
0150: 08 03 5C 28 FA 40 E8 C8 1B AD 2A DE C3 41 8F A6 ..\(. at ....*..A..
0160: 83 6E D4 BE 45 CB 0D 69 E8 EF F7 68 24 68 33 F1 .n..E..i...h$h3.
0170: 35 11 7B 98 7C 87 6F 35 F0 E7 28 F5 BF 50 68 F2 5.....o5..(..Ph.
0180: C2 79 80 0F 63 9E F1 22 91 22 54 67 F0 2D 21 BE .y..c.."."Tg.-!.
0190: 41 E6 D9 27 52 9A 44 7D D9 5E 75 A6 7A D5 30 ED A..'R.D..^u.z.0.
01A0: 17 9A 1E 8C 28 3D 2C 17 03 4C 6C 60 70 13 86 CD ....(=,..Ll`p...
01B0: 77 B9 69 25 D3 09 28 6C 67 C9 45 C1 E3 87 53 B9 w.i%..(lg.E...S.
01C0: DA 6C 87 FC 0A F1 17 B3 40 5F 6A 6C AF 4A 35 79 .l...... at _jl.J5y
01D0: 42 4E 6A 48 CE F0 C0 EA 78 FC 08 7E 91 72 94 07 BNjH....x....r..
01E0: 77 3D 86 66 5E 81 1A C7 0F A4 DF 0D 1B 02 54 60 w=.f^.........T`
01F0: 49 FF D4 DC 3A 3C 92 9F 58 58 29 8B 68 A1 4F 27 I...:<..XX).h.O'
0200: 85 7C 1E 8F 42 A3 F2 C9 14 08 3E 68 D9 42 E6 9A ....B.....>h.B..
0210: 5D 69 14 50 9E 62 C1 CC 02 65 17 2F 66 97 64 BC ]i.P.b...e./f.d.
0220: 31 30 B3 CB 46 22 8A 8A 78 29 C6 D8 E2 7E 12 48 10..F"..x).....H
0230: 21 38 36 2E 81 33 11 87 D5 A1 A6 D8 07 AA 3E 36 !86..3........>6
0240: EE 95 9A E1 B5 7D F2 02 8B 9B 18 F9 82 D6 74 72 ..............tr
0250: 02 3B BF 3D 94 3C 1A 27 0D FF AD 29 C1 68 6B 50 .;.=.<.'...).hkP
0260: 2B 39 51 69 04 DA 57 92 4C BE A9 5E 74 55 9C 06 +9Qi..W.L..^tU..
0270: E7 8B 68 A1 5A F1 5B 24 0E 81 B0 77 A2 A1 84 2A ..h.Z.[$...w...*
0280: 30 4D D4 C4 98 57 65 CE 09 7E F9 D5 54 A8 C4 52 0M...We.....T..R
0290: 0E 06 6F 8B 85 89 58 42 5F EA 3D 72 3C B0 4A FC ..o...XB_.=r<.J.
02A0: 3C 75 B3 65 64 13 68 9D 93 DD 43 B7 4A 86 C2 B1 <u.ed.h...C.J...
02B0: 99 08 C6 1A B4 DA 1C 35 9D EE 11 E8 E5 11 F4 4E .......5.......N
02C0: 08 AB ED 4F C1 CD C6 D6 71 18 88 9D 2E 17 42 44 ...O....q.....BD
02D0: 81 38 C9 7F B7 8E 61 12 68 A0 0C CA 5A F8 B2 71 .8....a.h...Z..q
02E0: 00 3D 80 90 2B 83 5D 04 62 BC 96 7B 57 3E 85 42 .=..+.].b...W>.B
02F0: A4 E2 F2 6F 73 93 82 94 8B E2 10 BE 8A 02 2D EA ...os.........-.
0300: 27 01 B8 69 79 DF E7 CB 11 8D 01 1F E7 96 E5 77 '..iy..........w
0310: 0C 3F CC E7 3C F3 35 90 28 FA 8C 04 DE 70 C3 13 .?..<.5.(....p..
0320: E4 C0 33 B2 48 A1 1F E5 54 A2 9F DA DF 4B D0 51 ..3.H...T....K.Q
0330: 25 58 1A 76 19 DD 9B 7E C6 F0 91 28 BC 63 AB 66 %X.v.......(.c.f
0340: BB 00 E7 00 7A BD C4 C8 1A C6 76 B1 83 FB D9 03 ....z.....v.....
0350: 7E AE 42 CF 9E 76 55 25 CB F8 75 B2 D8 6F 87 84 ..B..vU%..u..o..
0360: 73 76 80 01 C8 1A 4E 97 34 68 82 EB 46 82 06 7A sv....N.4h..F..z
0370: B5 43 CF B6 11 AC 9A A2 A8 EF 63 9B E1 1B 8F C3 .C........c.....
0380: F4 99 BC 2A 90 9C 2E 68 B3 B3 29 6C 74 AD 39 AC ...*...h..)lt.9.
0390: 8F 3D D5 58 48 7F B7 8C 50 DF 5D 47 8D A0 06 E4 .=.XH...P.]G....
03A0: 63 21 C0 88 89 E8 0A D8 CA 5B 2A 96 65 B5 F6 91 c!.......[*.e...
03B0: 88 88 47 9A 64 46 6D 40 BB 59 75 4F 39 02 95 6C ..G.dFm at .YuO9..l
03C0: B9 63 58 DB 8B 63 68 CE 42 38 07 C0 E3 C8 07 68 .cX..ch.B8.....h
03D0: 9E 62 98 26 25 DA 5B 0A 8D 6D 7C C1 C7 B1 17 00 .b.&%.[..m......
03E0: 5F 67 44 5F 60 7A 19 7E 86 6B C5 DB 73 6F 15 EF _gD_`z...k..so..
03F0: 2B C5 0F 41 12 CD 2A 2E D2 BD 60 0F CD 91 5A 9D +..A..*...`...Z.
0400: F8 61 91 6B 21 2A 5A CD 35 46 29 41 51 6C 3C FA .a.k!*Z.5F)AQl<.
0410: E9 2E C8 CD 69 45 FE 4C 67 C3 0B 05 C0 DD 96 7E ....iE.Lg.......
0420: 90 FB CA 9D 13 5D E2 9F 98 7E B0 37 5F BA B8 55 .....].....7_..U
0430: 34 43 67 D1 26 4A 62 C9 F8 33 AE A6 35 09 26 DA 4Cg.&Jb..3..5.&.
0440: 52 FF 02 74 DF 7D F5 EF F7 C6 44 3C 55 67 60 74 R..t......D<Ug`t
0450: C7 EA 27 84 4C 23 4A 62 6F 60 50 AA 65 DA 80 A9 ..'.L#Jbo`P.e...
0460: E0 D7 32 1C DD F0 3E 31 8B 0F F9 68 3E 35 7E 79 ..2...>1...h>5.y
0470: 8C A8 F7 58 E3 9B 8E A2 2A EA 4F CA 46 63 90 AA ...X....*.O.Fc..
0480: EB 5E 31 93 0E 97 74 91 91 8E 8C 3B A9 EF 08 53 .^1...t....;...S
0490: 6B E1 61 35 8A 09 33 9C 05 CC 59 61 E6 31 4F C4 k.a5..3...Ya.1O.
04A0: 86 8A 54 72 7E 77 E2 14 06 AA D1 DA B7 A5 D5 4A ..Tr.w.........J
04B0: 0D 70 07 15 0F 42 AF 83 3D B3 AE 55 FD 72 0F B6 .p...B..=..U.r..
04C0: BC C1 20 0A B8 59 61 B9 A1 28 CD 71 28 54 27 51 .. ..Ya..(.q(T'Q
04D0: 72 CE 6B 55 A7 93 42 FC 77 68 44 79 09 15 81 6F r.kU..B.whDy...o
04E0: 65 A6 75 E2 72 0A 59 22 34 97 07 42 4D 55 B9 24 e.u.r.Y"4..BMU.$
04F0: 58 4F BE D3 28 6B A4 81 BE 30 81 BB A0 03 02 01 XO..(k...0......
0500: 03 A2 81 B3 04 81 B0 1F 91 D2 33 2F DA 95 BC 73 ..........3/...s
0510: 3C 32 83 4E 4E 7C 0A 67 62 24 44 05 67 ED 4F F7 <2.NN..gb$D.g.O.
0520: 64 1F 22 7B 3B 8F 73 D5 E1 CB 1D 1D 5B 18 3C DA d.".;.s.....[.<.
0530: 77 97 8D 79 97 66 1A 49 8F 96 16 3D E7 FB E9 9A w..y.f.I...=....
0540: EC CF 92 AE A7 DF C6 AE F7 59 25 2B F3 DD 3D 28 .........Y%+..=(
0550: 44 7F 06 91 51 CB 11 9A 97 18 00 CC E8 F1 28 A8 D...Q.........(.
0560: E2 38 93 47 4F A3 7E 83 B2 4A 2B 9F A5 E0 BD 0C .8.GO....J+.....
0570: 84 78 05 15 FF 5D 3C 07 CA E2 E0 8A 9E 97 73 52 .x...]<.......sR
0580: FD F9 2A 3C FD 24 A6 58 1A 26 A3 BA D7 7F 5F E1 ..*<.$.X.&...._.
0590: 2B 6D 5B 42 3D F0 76 DB 1F 3B A6 EF 9D 26 82 0D +m[B=.v..;...&..
05A0: 42 19 92 37 BD 55 7E 79 E7 EC 0C 90 DA A5 32 A6 B..7.U.y......2.
05B0: BC 6D A9 15 74 67 43 .m..tgC
I hope you can find a difference, I cannot.
--Michael Gsandtner
-----Ursprüngliche Nachricht-----
Von: Benjamin Kaduk *EXTERN* [mailto:kaduk at MIT.EDU]
Gesendet: Donnerstag, 24. Jänner 2013 04:29
An: Gsandtner Michael
Cc: 'kerberos at mit.edu'
Betreff: Re: some windows user fail
On Mon, 21 Jan 2013, Gsandtner Michael wrote:
> We want to access a LDAP Directory Server:
> Directory Server: Sun-Directory-Server/11.1.1.5.0 B2011.0517.2353 (64-bit) on Red Hat Enterprise Linux Server release 5.8 (Tikanga)
> KDC: Active Directory 2003 on Windows Server 2003 SP2
> Client Jxplorer v3.3.02 on Red Hat Enterprise Linux ES release 4 (Nahant Update 9)
>
> Most of the domain user work, however some do not, e.g.:
It is a bit hard to tell what the failing behavior is from the verbose log
without a success case to compare to, but:
> # kinit admadvgsa
> # JXOPTS="-Dsun.security.krb5.debug=true" ./jxplorer.sh console
> starting JXplorer...
> java -Dsun.security.krb5.debug=true -Dfile.encoding=utf-8 -cp .:jars/*:jasper/lib/* com.ca.directory.jxplorer.JXplorer
> Jan 21, 2013 11:10:31 AM com.ca.directory.jxplorer.JXplorer printTime
> Using builtin default etypes for default_tgs_enctypes
> default etypes for default_tgs_enctypes: 3 1 23 16 17.
>>>> CksumType: sun.security.krb5.internal.crypto.RsaMd5CksumType
>>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
>>>> KrbKdcReq send: kdc=master.magwien.gv.at UDP:88, timeout=30000, number of retries =3, #bytes=1340
>>>> KDCCommunication: kdc=master.magwien.gv.at UDP:88, timeout=30000,Attempt =1, #bytes=1340
>>>> KrbKdcReq send: #bytes read=1322
>>>> KrbKdcReq send: #bytes read=1322
>>>> KdcAccessibility: remove master.magwien.gv.at
>>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
>>>> KrbApReq: APOptions are 00000000 00000000 00000000 00000000
>>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
Are these three EType lines different for a successful case?
-Ben Kaduk
> Krb5Context setting mySeqNumber to: 658059415
> Krb5Context setting peerSeqNumber to: 0
More information about the Kerberos
mailing list