0 Replies Latest reply: Jan 14, 2010 10:38 AM by 843810 RSS

    Connection reset - port 88. Why?

    843810
      Hi, All

      I am using Kerberos / GSSAPI for LDAP and using port 88 for kerberos. Because the server AD cannot use port SSL that is used...

      Please, ask anything that I will post specifically here.

      See the log:

      11:54:19,355 INFO [AlterarSenhaUtil] Inicio - Metodo: alterarSenhaAD
      11:54:19,355 INFO [ServiceDelegate] InÝcio - execute
      11:54:19,355 INFO [ServiceLocator] Inicio - getObject
      11:54:19,355 INFO [ServiceLocator] Fim - getObject
      11:54:19,355 INFO [ServiceFacade] InÝcio - execute
      11:54:19,355 INFO [ChangePasswordLDAPCommand] InÝcio - execute
      11:54:19,355 INFO [CoreConfig] InÝcio - getInstance
      11:54:19,365 INFO [CoreConfig] Fim - getInstance
      11:54:19,365 INFO [ChangePasswordLDAPCommand] >>>>> map.toString(): {useFirstPass=true, useKeyTab=true, useTicketCache=true, com.sun.security.auth.module.Krb5LoginModule=required, client=true, doNotPrompt=true, refreshKrb5Config=true}
      11:54:19,365 INFO [ChangePasswordLDAPCommand] >>>>> shared.toString(): {javax.net.debug=SSL,handshake,trustmanager, javax.security.auth.login.name=USER@DOMAIN, javax.security.auth.login.password=123456, com.sun.jndi.ldap.connect.pool.timeout=30000, sun.security.krb5.debug=true}
      11:54:19,375 INFO [STDOUT] >>>KinitOptions cache name is C:\Documents and Settings\USER\krb5cc_USER
      11:54:19,385 INFO [STDOUT] >>>DEBUG <CCacheInputStream> client principal is USER@DOMAIN
      11:54:19,385 INFO [STDOUT] >>>DEBUG <CCacheInputStream> server principal is krbtgt/DOMAIN@DOMAIN
      11:54:19,385 INFO [STDOUT] >>>DEBUG <CCacheInputStream> key type: 3
      11:54:19,385 INFO [STDOUT] >>>DEBUG <CCacheInputStream> auth time: Thu Jan 14 11:46:34 BRST 2010
      11:54:19,385 INFO [STDOUT] >>>DEBUG <CCacheInputStream> start time: Thu Jan 14 11:46:34 BRST 2010
      11:54:19,385 INFO [STDOUT] >>>DEBUG <CCacheInputStream> end time: Thu Jan 14 21:46:34 BRST 2010
      11:54:19,385 INFO [STDOUT] >>>DEBUG <CCacheInputStream> renew_till time: Wed Dec 31 21:00:00 BRT 1969
      11:54:19,395 INFO [STDOUT] >>> CCacheInputStream: readFlags() INITIAL; PRE_AUTH;
      11:54:19,395 INFO [STDOUT] Host address is /192.168.131.65
      11:54:19,395 INFO [STDOUT] >>>DEBUG <CCacheInputStream>
      11:54:19,395 INFO [STDOUT] >>> KrbCreds found the default ticket granting ticket in credential cache.
      11:54:19,395 INFO [STDOUT] >>> Obtained TGT from LSA: Credentials:
      client=USER@DOMAIN
      server=krbtgt/DOMAIN@DOMAIN
      authTime=20100114144634Z
      startTime=20100114144634Z
      endTime=20100115004634Z
      renewTill=19700101000000Z
      flags: INITIAL;PRE-AUTHENT
      EType (int): 3
      11:54:19,416 INFO [ChangePasswordLDAPCommand] >>>>>>>>>>>>>>>>>>>>>> subject.toString(): Subject:
      Principal: USER@DOMAIN
      Private Credential: Ticket (hex) =
      0000: 61 82 03 69 30 82 03 65 A0 03 02 01 05 A1 0C 1B a..i0..e........
      ...
      0360: 66 54 60 3B BE E9 8F BD 16 F8 B7 EC E0
      Client Principal = USER@DOMAIN
      Server Principal = krbtgt/DOMAIN@DOMAIN
      Session Key = EncryptionKey: keyType=3 keyBytes (hex dump)=
      0000: CD D0 57 6B 9D 10 EA 68

      Forwardable Ticket false
      Forwarded Ticket false
      Proxiable Ticket false
      Proxy Ticket false
      Postdated Ticket false
      Renewable Ticket false
      Initial Ticket false
      Auth Time = Thu Jan 14 11:46:34 BRST 2010
      Start Time = Thu Jan 14 11:46:34 BRST 2010
      End Time = Thu Jan 14 21:46:34 BRST 2010
      Renew Till = Null
      Client Addresses clientAddresses[0] = /192.168.131.65


      11:54:19,466 INFO [JndiAction] >>>>> entrei na JndiOperation
      11:54:19,466 INFO [CoreConfig] InÝcio - getInstance
      11:54:19,466 INFO [CoreConfig] Fim - getInstance
      11:54:19,506 INFO [STDOUT] Found ticket for USER@DOMAIN to go to krbtgt/DOMAIN@DOMAIN expiring on Thu Jan 14 21:46:34 BRST 2010
      11:54:19,516 INFO [STDOUT] Entered Krb5Context.initSecContext with state=STATE_NEW
      11:54:19,516 INFO [STDOUT] Found ticket for USER@DOMAIN to go to krbtgt/DOMAIN@DOMAIN expiring on Thu Jan 14 21:46:34 BRST 2010
      11:54:19,516 INFO [STDOUT] Service ticket not found in the subject
      11:54:19,516 INFO [STDOUT] >>> Credentials acquireServiceCreds: same realm
      11:54:19,516 INFO [STDOUT] Using builtin default etypes for default_tgs_enctypes
      11:54:19,516 INFO [STDOUT] default etypes for default_tgs_enctypes:
      11:54:19,516 INFO [STDOUT] 3
      11:54:19,516 INFO [STDOUT] 1
      11:54:19,516 INFO [STDOUT] 16
      11:54:19,526 INFO [STDOUT] .
      11:54:19,526 INFO [STDOUT] >>> CksumType: sun.security.krb5.internal.crypto.RsaMd5CksumType
      11:54:19,526 INFO [STDOUT] >>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
      11:54:19,536 INFO [STDOUT] >>> KrbKdcReq send: kdc=adhara.DOMAIN UDP:88, timeout=30000, number of retries =3, #bytes=1190
      11:54:19,546 INFO [STDOUT] >>> KDCCommunication: kdc=adhara.DOMAIN UDP:88, timeout=30000,Attempt =1, #bytes=1190
      11:54:19,546 INFO [STDOUT] >>> KrbKdcReq send: #bytes read=1146
      11:54:19,546 INFO [STDOUT] >>> KrbKdcReq send: #bytes read=1146
      11:54:19,556 INFO [STDOUT] >>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
      11:54:19,556 INFO [STDOUT] >>> KrbApReq: APOptions are 00100000 00000000 00000000 00000000
      11:54:19,556 INFO [STDOUT] >>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
      11:54:19,566 INFO [STDOUT] Krb5Context setting mySeqNumber to: -570
      11:54:19,616 INFO [STDOUT] Created InitSecContextToken:
      0000: 30 31 20 30 30 20 36 65 20 38 32 20 30 34 20 33 01 00 6e 82 04 3
      ...
      0CC0: 63 36 20
      11:54:19,737 ERROR [STDERR] javax.naming.CommunicationException: SASL bind failed: 172.16.10.241:88 [Root exception is java.net.SocketException: Connection reset]

      Sorry for my bad English

      Thx

      Edited by: c0m4nch3 on Jan 14, 2010 8:38 AM