Forum Stats

  • 3,838,691 Users
  • 2,262,394 Discussions
  • 7,900,733 Comments

Discussions

Ticket isnt for us - Apache DS on Windows Server 2008 with Kerberos

Hello there,

I installed Apache DS 1.5.7 on Windows Server 2008 R2 with Kerberos enabled.
I followed the instructions here http://directory.apache.org/apacheds/1.5/543-kerberos-in-apacheds-155.html.
I added the my users like the example ldif file of the official instructions. Users got their krb keys.

But when i try to authenticate with Apache Directory Studio using Kerberos authentication as told in the instructions.
I get ERROR 35 "Ticket isn't for us".

I tried googling this issuebut i couldnt solve it on my own.
Any help will be greatly appreciated.

Here is the server log

INFO | jvm 1 | 2012/01/04 18:03:29 | [18:03:29] ERROR [org.apache.directory.shared.ldap.entry.DefaultServerAttribute] - ERR_04450 The value {0} is incorrect, it hasnt been added
INFO | jvm 1 | 2012/01/04 18:03:29 | [18:03:29] ERROR [org.apache.directory.server.Service] - Cannot start the server : reuseAddress can't be set while the acceptor is bound.
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /192.168.27.110:59504 CREATED: datagram
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /192.168.27.110:59504 OPENED
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /192.168.27.110:59504 RCVD: [email protected]65a608
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService] - Received Authentication Service (AS) request:
INFO | jvm 1 | 2012/01/04 18:03:35 | messageType: AS_REQ
INFO | jvm 1 | 2012/01/04 18:03:35 | protocolVersionNumber: 5
INFO | jvm 1 | 2012/01/04 18:03:35 | clientAddress: 192.168.27.110
INFO | jvm 1 | 2012/01/04 18:03:35 | nonce: 2070170438
INFO | jvm 1 | 2012/01/04 18:03:35 | kdcOptions:
INFO | jvm 1 | 2012/01/04 18:03:35 | clientPrincipal: [email protected]
INFO | jvm 1 | 2012/01/04 18:03:35 | serverPrincipal: krbtgt/[email protected]
INFO | jvm 1 | 2012/01/04 18:03:35 | encryptionType: des-cbc-crc (1), aes128-cts-hmac-sha1-96 (17), des-cbc-md5 (3), rc4-hmac (23), des3-cbc-sha1-kd (16)
INFO | jvm 1 | 2012/01/04 18:03:35 | realm: myrealm.org.tr
INFO | jvm 1 | 2012/01/04 18:03:35 | from time: null
INFO | jvm 1 | 2012/01/04 18:03:35 | till time: 19700101000000Z
INFO | jvm 1 | 2012/01/04 18:03:35 | renew-till time: null
INFO | jvm 1 | 2012/01/04 18:03:35 | hostAddresses: null
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService] - Session will use encryption type des-cbc-md5 (3).
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.shared.store.operations.StoreUtils] - Found entry ServerEntry
INFO | jvm 1 | 2012/01/04 18:03:35 | dn[n]: uid=myuser,ou=people,o=myrealm,dc=myrealm,dc=org,dc=tr
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: organizationalPerson
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: person
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: krb5Principal
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: krb5KDCEntry
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: inetOrgPerson
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: top
INFO | jvm 1 | 2012/01/04 18:03:35 | uid: myuser
INFO | jvm 1 | 2012/01/04 18:03:35 | sn: mysurname
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5PrincipalName: [email protected]
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5Key: '0x30 0x21 0xA0 0x03 0x02 0x01 0x10 0xA1 0x1A 0x04 0x18 0x6B 0x4C 0x3B 0x25 0x92 ...'
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5Key: '0x30 0x19 0xA0 0x03 0x02 0x01 0x11 0xA1 0x12 0x04 0x10 0x44 0x28 0x3A 0x44 0x47 ...'
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5Key: '0x30 0x19 0xA0 0x03 0x02 0x01 0x17 0xA1 0x12 0x04 0x10 0x47 0xBF 0x80 0x39 0xA8 ...'
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5Key: '0x30 0x11 0xA0 0x03 0x02 0x01 0x03 0xA1 0x0A 0x04 0x08 0xB9 0xFE 0xE9 0x45 0xB5 ...'
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5KeyVersionNumber: 4
INFO | jvm 1 | 2012/01/04 18:03:35 | cn: myname mysurname
INFO | jvm 1 | 2012/01/04 18:03:35 | userPassword: '0x41 0x61 0x31 0x32 0x33 0x34 0x35 0x36 '
INFO | jvm 1 | 2012/01/04 18:03:35 | for kerberos principal name [email protected]
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService] - Verifying using SAM subsystem.
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService] - Verifying using encrypted timestamp.
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService] - Entry for client principal [email protected] has no SAM type. Proceeding with standard pre-authentication.
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] WARN [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - Additional pre-authentication required (25)
INFO | jvm 1 | 2012/01/04 18:03:35 | org.apache.directory.server.kerberos.shared.exceptions.KerberosException: Additional pre-authentication required
INFO | jvm 1 | 2012/01/04 18:03:35 | at org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService.verifyEncryptedTimestamp(AuthenticationService.java:269)
INFO | jvm 1 | 2012/01/04 18:03:35 | at org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService.execute(AuthenticationService.java:107)
INFO | jvm 1 | 2012/01/04 18:03:35 | at org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler.messageReceived(KerberosProtocolHandler.java:145)
INFO | jvm 1 | 2012/01/04 18:03:35 | at org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:713)
INFO | jvm 1 | 2012/01/04 18:03:35 | at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
INFO | jvm 1 | 2012/01/04 18:03:35 | at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46)
INFO | jvm 1 | 2012/01/04 18:03:35 | at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:793)
INFO | jvm 1 | 2012/01/04 18:03:35 | at org.apache.mina.filter.codec.ProtocolCodecFilter$ProtocolDecoderOutputImpl.flush(ProtocolCodecFilter.java:375)
INFO | jvm 1 | 2012/01/04 18:03:35 | at org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:229)
INFO | jvm 1 | 2012/01/04 18:03:35 | at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
INFO | jvm 1 | 2012/01/04 18:03:35 | at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46)
INFO | jvm 1 | 2012/01/04 18:03:35 | at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:793)
INFO | jvm 1 | 2012/01/04 18:03:35 | at org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:119)
INFO | jvm 1 | 2012/01/04 18:03:35 | at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
INFO | jvm 1 | 2012/01/04 18:03:35 | at org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:426)
INFO | jvm 1 | 2012/01/04 18:03:35 | at org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.readHandle(AbstractPollingConnectionlessIoAcceptor.java:436)
INFO | jvm 1 | 2012/01/04 18:03:35 | at org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.processReadySessions(AbstractPollingConnectionlessIoAcceptor.java:407)
INFO | jvm 1 | 2012/01/04 18:03:35 | at org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.access$600(AbstractPollingConnectionlessIoAcceptor.java:56)
INFO | jvm 1 | 2012/01/04 18:03:35 | at org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor$Acceptor.run(AbstractPollingConnectionlessIoAcceptor.java:360)
INFO | jvm 1 | 2012/01/04 18:03:35 | at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)
INFO | jvm 1 | 2012/01/04 18:03:35 | at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
INFO | jvm 1 | 2012/01/04 18:03:35 | at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
INFO | jvm 1 | 2012/01/04 18:03:35 | at java.lang.Thread.run(Thread.java:722)
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - Responding to request with error:
INFO | jvm 1 | 2012/01/04 18:03:35 | explanatory text: Additional pre-authentication required
INFO | jvm 1 | 2012/01/04 18:03:35 | error code: 25
INFO | jvm 1 | 2012/01/04 18:03:35 | clientPrincipal: null
INFO | jvm 1 | 2012/01/04 18:03:35 | client time: null
INFO | jvm 1 | 2012/01/04 18:03:35 | serverPrincipal: krbtgt/[email protected]
INFO | jvm 1 | 2012/01/04 18:03:35 | server time: 20120104160335Z
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /192.168.27.110:59504 SENT: or[email protected]1878a17
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /192.168.27.110:59505 CREATED: datagram
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /192.168.27.110:59505 OPENED
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /192.168.27.110:59505 RCVD: [email protected]e8df29
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService] - Received Authentication Service (AS) request:
INFO | jvm 1 | 2012/01/04 18:03:35 | messageType: AS_REQ
INFO | jvm 1 | 2012/01/04 18:03:35 | protocolVersionNumber: 5
INFO | jvm 1 | 2012/01/04 18:03:35 | clientAddress: 192.168.27.110
INFO | jvm 1 | 2012/01/04 18:03:35 | nonce: 205129622
INFO | jvm 1 | 2012/01/04 18:03:35 | kdcOptions:
INFO | jvm 1 | 2012/01/04 18:03:35 | clientPrincipal: [email protected]
INFO | jvm 1 | 2012/01/04 18:03:35 | serverPrincipal: krbtgt/[email protected]
INFO | jvm 1 | 2012/01/04 18:03:35 | encryptionType: des-cbc-crc (1), aes128-cts-hmac-sha1-96 (17), des-cbc-md5 (3), rc4-hmac (23), des3-cbc-sha1-kd (16)
INFO | jvm 1 | 2012/01/04 18:03:35 | realm: myrealm.org.tr
INFO | jvm 1 | 2012/01/04 18:03:35 | from time: null
INFO | jvm 1 | 2012/01/04 18:03:35 | till time: 19700101000000Z
INFO | jvm 1 | 2012/01/04 18:03:35 | renew-till time: null
INFO | jvm 1 | 2012/01/04 18:03:35 | hostAddresses: null
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService] - Session will use encryption type des-cbc-md5 (3).
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.shared.store.operations.StoreUtils] - Found entry ServerEntry
INFO | jvm 1 | 2012/01/04 18:03:35 | dn[n]: uid=myuser,ou=people,o=myrealm,dc=myrealm,dc=org,dc=tr
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: organizationalPerson
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: person
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: krb5Principal
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: krb5KDCEntry
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: inetOrgPerson
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: top
INFO | jvm 1 | 2012/01/04 18:03:35 | uid: myuser
INFO | jvm 1 | 2012/01/04 18:03:35 | sn: mysurname
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5PrincipalName: [email protected]
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5Key: '0x30 0x21 0xA0 0x03 0x02 0x01 0x10 0xA1 0x1A 0x04 0x18 0x6B 0x4C 0x3B 0x25 0x92 ...'
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5Key: '0x30 0x19 0xA0 0x03 0x02 0x01 0x11 0xA1 0x12 0x04 0x10 0x44 0x28 0x3A 0x44 0x47 ...'
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5Key: '0x30 0x19 0xA0 0x03 0x02 0x01 0x17 0xA1 0x12 0x04 0x10 0x47 0xBF 0x80 0x39 0xA8 ...'
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5Key: '0x30 0x11 0xA0 0x03 0x02 0x01 0x03 0xA1 0x0A 0x04 0x08 0xB9 0xFE 0xE9 0x45 0xB5 ...'
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5KeyVersionNumber: 4
INFO | jvm 1 | 2012/01/04 18:03:35 | cn: myname mysurname
INFO | jvm 1 | 2012/01/04 18:03:35 | userPassword: '0x41 0x61 0x31 0x32 0x33 0x34 0x35 0x36 '
INFO | jvm 1 | 2012/01/04 18:03:35 | for kerberos principal name [email protected]
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService] - Verifying using SAM subsystem.
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService] - Verifying using encrypted timestamp.
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService] - Entry for client principal [email protected] has no SAM type. Proceeding with standard pre-authentication.
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService] - Pre-authentication by encrypted timestamp successful for [email protected]
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.shared.store.operations.StoreUtils] - Found entry ServerEntry
INFO | jvm 1 | 2012/01/04 18:03:35 | dn[n]: uid=krbtgt,ou=people,o=myrealm,dc=myrealm,dc=org,dc=tr
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: organizationalPerson
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: person
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: krb5Principal
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: gosaAccount
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: krb5KDCEntry
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: inetOrgPerson
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: top
INFO | jvm 1 | 2012/01/04 18:03:35 | uid: krbtgt
INFO | jvm 1 | 2012/01/04 18:03:35 | sn: Service
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5PrincipalName: krbtgt/[email protected]
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5Key: '0x30 0x21 0xA0 0x03 0x02 0x01 0x10 0xA1 0x1A 0x04 0x18 0x5E 0x10 0xEF 0xE9 0x83 ...'
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5Key: '0x30 0x19 0xA0 0x03 0x02 0x01 0x11 0xA1 0x12 0x04 0x10 0x18 0x85 0x5A 0xA3 0xC9 ...'
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5Key: '0x30 0x19 0xA0 0x03 0x02 0x01 0x17 0xA1 0x12 0x04 0x10 0x47 0xBF 0x80 0x39 0xA8 ...'
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5Key: '0x30 0x11 0xA0 0x03 0x02 0x01 0x03 0xA1 0x0A 0x04 0x08 0xEC 0xE0 0x98 0x6D 0x85 ...'
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5KeyVersionNumber: 3
INFO | jvm 1 | 2012/01/04 18:03:35 | cn: KDC Service
INFO | jvm 1 | 2012/01/04 18:03:35 | userPassword: '0x41 0x61 0x31 0x32 0x33 0x34 0x35 0x36 '
INFO | jvm 1 | 2012/01/04 18:03:35 | for kerberos principal name krbtgt/[email protected]
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService] - Ticket will be issued for access to krbtgt/[email protected]
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService] - Monitoring Authentication Service (AS) context:
INFO | jvm 1 | 2012/01/04 18:03:35 | clockSkew 300000
INFO | jvm 1 | 2012/01/04 18:03:35 | clientAddress /192.168.27.110
INFO | jvm 1 | 2012/01/04 18:03:35 | principal [email protected]
INFO | jvm 1 | 2012/01/04 18:03:35 | cn null
INFO | jvm 1 | 2012/01/04 18:03:35 | realm null
INFO | jvm 1 | 2012/01/04 18:03:35 | principal [email protected]
INFO | jvm 1 | 2012/01/04 18:03:35 | SAM type null
INFO | jvm 1 | 2012/01/04 18:03:35 | principal krbtgt/[email protected]
INFO | jvm 1 | 2012/01/04 18:03:35 | cn null
INFO | jvm 1 | 2012/01/04 18:03:35 | realm null
INFO | jvm 1 | 2012/01/04 18:03:35 | principal krbtgt/[email protected]
INFO | jvm 1 | 2012/01/04 18:03:35 | SAM type null
INFO | jvm 1 | 2012/01/04 18:03:35 | Request key type des-cbc-md5 (3)
INFO | jvm 1 | 2012/01/04 18:03:35 | Client key version 0
INFO | jvm 1 | 2012/01/04 18:03:35 | Server key version 0
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService] - Responding with Authentication Service (AS) reply:
INFO | jvm 1 | 2012/01/04 18:03:35 | messageType: AS_REP
INFO | jvm 1 | 2012/01/04 18:03:35 | protocolVersionNumber: 5
INFO | jvm 1 | 2012/01/04 18:03:35 | nonce: 205129622
INFO | jvm 1 | 2012/01/04 18:03:35 | clientPrincipal: [email protected]
INFO | jvm 1 | 2012/01/04 18:03:35 | client realm: myrealm.org.tr
INFO | jvm 1 | 2012/01/04 18:03:35 | serverPrincipal: krbtgt/[email protected]
INFO | jvm 1 | 2012/01/04 18:03:35 | server realm: myrealm.org.tr
INFO | jvm 1 | 2012/01/04 18:03:35 | auth time: 20120104160335Z
INFO | jvm 1 | 2012/01/04 18:03:35 | start time: null
INFO | jvm 1 | 2012/01/04 18:03:35 | end time: 20120105160335Z
INFO | jvm 1 | 2012/01/04 18:03:35 | renew-till time: null
INFO | jvm 1 | 2012/01/04 18:03:35 | hostAddresses: null
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /192.168.27.110:59505 SENT: org.apach[email protected]14fa707
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /192.168.27.110:59506 CREATED: datagram
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /192.168.27.110:59506 OPENED
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /192.168.27.110:59506 RCVD: [email protected]5eef81
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.kdc.ticketgrant.TicketGrantingService] - Received Ticket-Granting Service (TGS) request:
INFO | jvm 1 | 2012/01/04 18:03:35 | messageType: TGS_REQ
INFO | jvm 1 | 2012/01/04 18:03:35 | protocolVersionNumber: 5
INFO | jvm 1 | 2012/01/04 18:03:35 | clientAddress: 192.168.27.110
INFO | jvm 1 | 2012/01/04 18:03:35 | nonce: 263725163
INFO | jvm 1 | 2012/01/04 18:03:35 | kdcOptions:
INFO | jvm 1 | 2012/01/04 18:03:35 | clientPrincipal: null
INFO | jvm 1 | 2012/01/04 18:03:35 | serverPrincipal: ldap/[email protected]
INFO | jvm 1 | 2012/01/04 18:03:35 | encryptionType: des-cbc-crc (1), aes128-cts-hmac-sha1-96 (17), des-cbc-md5 (3), rc4-hmac (23), des3-cbc-sha1-kd (16)
INFO | jvm 1 | 2012/01/04 18:03:35 | realm: myrealm.org.tr
INFO | jvm 1 | 2012/01/04 18:03:35 | from time: null
INFO | jvm 1 | 2012/01/04 18:03:35 | till time: 19700101000000Z
INFO | jvm 1 | 2012/01/04 18:03:35 | renew-till time: null
INFO | jvm 1 | 2012/01/04 18:03:35 | hostAddresses: null
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.kdc.ticketgrant.TicketGrantingService] - Session will use encryption type des-cbc-md5 (3).
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] WARN [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - The ticket isn't for us (35)
INFO | jvm 1 | 2012/01/04 18:03:35 | org.apache.directory.server.kerberos.shared.exceptions.KerberosException: The ticket isn't for us
INFO | jvm 1 | 2012/01/04 18:03:35 | at org.apache.directory.server.kerberos.kdc.ticketgrant.TicketGrantingService.verifyTgt(TicketGrantingService.java:233)
INFO | jvm 1 | 2012/01/04 18:03:35 | at org.apache.directory.server.kerberos.kdc.ticketgrant.TicketGrantingService.execute(TicketGrantingService.java:100)
INFO | jvm 1 | 2012/01/04 18:03:35 | at org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler.messageReceived(KerberosProtocolHandler.java:158)
INFO | jvm 1 | 2012/01/04 18:03:35 | at org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:713)
INFO | jvm 1 | 2012/01/04 18:03:35 | at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
INFO | jvm 1 | 2012/01/04 18:03:35 | at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46)
INFO | jvm 1 | 2012/01/04 18:03:35 | at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:793)
INFO | jvm 1 | 2012/01/04 18:03:35 | at org.apache.mina.filter.codec.ProtocolCodecFilter$ProtocolDecoderOutputImpl.flush(ProtocolCodecFilter.java:375)
INFO | jvm 1 | 2012/01/04 18:03:35 | at org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:229)
INFO | jvm 1 | 2012/01/04 18:03:35 | at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
INFO | jvm 1 | 2012/01/04 18:03:35 | at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46)
INFO | jvm 1 | 2012/01/04 18:03:35 | at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:793)
INFO | jvm 1 | 2012/01/04 18:03:35 | at org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:119)
INFO | jvm 1 | 2012/01/04 18:03:35 | at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
INFO | jvm 1 | 2012/01/04 18:03:35 | at org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:426)
INFO | jvm 1 | 2012/01/04 18:03:35 | at org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.readHandle(AbstractPollingConnectionlessIoAcceptor.java:436)
INFO | jvm 1 | 2012/01/04 18:03:35 | at org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.processReadySessions(AbstractPollingConnectionlessIoAcceptor.java:407)
INFO | jvm 1 | 2012/01/04 18:03:35 | at org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.access$600(AbstractPollingConnectionlessIoAcceptor.java:56)
INFO | jvm 1 | 2012/01/04 18:03:35 | at org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor$Acceptor.run(AbstractPollingConnectionlessIoAcceptor.java:360)
INFO | jvm 1 | 2012/01/04 18:03:35 | at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)
INFO | jvm 1 | 2012/01/04 18:03:35 | at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
INFO | jvm 1 | 2012/01/04 18:03:35 | at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
INFO | jvm 1 | 2012/01/04 18:03:35 | at java.lang.Thread.run(Thread.java:722)
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - Responding to request with error:
INFO | jvm 1 | 2012/01/04 18:03:35 | explanatory text: The ticket isn't for us
INFO | jvm 1 | 2012/01/04 18:03:35 | error code: 35
INFO | jvm 1 | 2012/01/04 18:03:35 | clientPrincipal: null
INFO | jvm 1 | 2012/01/04 18:03:35 | client time: null
INFO | jvm 1 | 2012/01/04 18:03:35 | serverPrincipal: krbtgt/[email protected]
INFO | jvm 1 | 2012/01/04 18:03:35 | server time: 20120104160335Z
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /192.168.27.110:59506 SENT: or[email protected]1c83981
Tagged:
This discussion has been closed.