[31292] in Kerberos
Re: windows 2003 domain controller, mod_auth_kerb in linux, issue
daemon@ATHENA.MIT.EDU (Nikolay Shopik)
Fri Jul 10 12:32:28 2009
X-Barracuda-Envelope-From: gcekg-kerberos@m.gmane.org
To: kerberos@mit.edu
From: Nikolay Shopik <shopik@inblock.ru>
Date: Fri, 10 Jul 2009 20:29:37 +0400
Message-ID: <h37qcm$9vu$1@ger.gmane.org>
Mime-Version: 1.0
X-Complaints-To: usenet@ger.gmane.org
In-Reply-To: <COL120-W263F1402B9D7442F156A40FF270@phx.gbl>
Content-Type: text/plain; charset="windows-1252"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
And you are enabled "Integrated windows authentication" option in IE6,
don't you?
On 10.07.2009 19:20, Ahmar Nauman wrote:
>
> Hi,
>
> I'm using windows server 2003 as domain controller,
> i've succesfully followed all the necessary steps required for setting up an SSO, generated keytab files which gives me correct info if i type klist -k , integrated mod_auth_kerb and configured machines.
> My browser setting are just fine as well,
>
>
> My httpd.conf is like
> <Location /myURL
> AuthType Kerberos
> AuthName "Test Kerberos Login"
> KrbVerifyKDC off # it doesn't work if i remove this line
> KrbMethodNegotiate On
> KrbMethodK5Passwd On
> KrbAuthRealms LAB1.DIGIDENT-SOLUTIONS.COM
> Krb5KeyTab /etc/krb5.keytab
> KrbSaveCredentials On
> KrbServiceName HTTP
> require valid-user
> </Location
>
> Now when i tried to test from IE(v 6) it open a login box, if i supply username and password as setup in active directory, it allows me to enter. I dont want to get this login box, so if i change KrbMethodK5Passwd to Off, it simply refuses me to get in by Authorization Required message in browser and in apache logs, i get the following errors,
>
> [Fri Jul 10 20:31:25 2009] [debug] src/mod_auth_kerb.c(1266): [client x.x.x.x] Verifying client data using KRB5 GSS-API
> [Fri Jul 10 20:31:25 2009] [debug] src/mod_auth_kerb.c(1282): [client ......] Verification returned code 589824
> [Fri Jul 10 20:31:25 2009] [debug] src/mod_auth_kerb.c(1309): [client ......] Warning: received token seems to be NTLM, which isn't supported by the Kerberos module. Check your IE configuration.
> [Fri Jul 10 20:31:25 2009] [error] [client ......9] gss_accept_sec_context() failed: Invalid token was supplied (No error)
>
> I'm trying to resolve this issue, but nothing work out so far.
> Can anybody please help here??
>
> regards
> - Ahmar
>
> _________________________________________________________________
> Drag n’ drop—Get easy photo sharing with Windows Live™ Photos.
>
> http://www.microsoft.com/windows/windowslive/products/photos.aspx
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
