This discussion is archived
0 Replies Latest reply: Jan 4, 2012 8:34 AM by 908952 RSS

Ticket isnt for us - Apache DS on Windows Server 2008 with Kerberos

908952 Newbie
Currently Being Moderated
Hello there,

I installed Apache DS 1.5.7 on Windows Server 2008 R2 with Kerberos enabled.
I followed the instructions here http://directory.apache.org/apacheds/1.5/543-kerberos-in-apacheds-155.html.
I added the my users like the example ldif file of the official instructions. Users got their krb keys.

But when i try to authenticate with Apache Directory Studio using Kerberos authentication as told in the instructions.
I get ERROR 35 "Ticket isn't for us".

I tried googling this issuebut i couldnt solve it on my own.
Any help will be greatly appreciated.

Here is the server log

INFO | jvm 1 | 2012/01/04 18:03:29 | [18:03:29] ERROR [org.apache.directory.shared.ldap.entry.DefaultServerAttribute] - ERR_04450 The value {0} is incorrect, it hasnt been added
INFO | jvm 1 | 2012/01/04 18:03:29 | [18:03:29] ERROR [org.apache.directory.server.Service] - Cannot start the server : reuseAddress can't be set while the acceptor is bound.
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /192.168.27.110:59504 CREATED: datagram
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /192.168.27.110:59504 OPENED
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /192.168.27.110:59504 RCVD: org.apache.directory.server.kerberos.shared.messages.KdcRequest@65a608
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService] - Received Authentication Service (AS) request:
INFO | jvm 1 | 2012/01/04 18:03:35 |      messageType: AS_REQ
INFO | jvm 1 | 2012/01/04 18:03:35 |      protocolVersionNumber: 5
INFO | jvm 1 | 2012/01/04 18:03:35 |      clientAddress: 192.168.27.110
INFO | jvm 1 | 2012/01/04 18:03:35 |      nonce: 2070170438
INFO | jvm 1 | 2012/01/04 18:03:35 |      kdcOptions:
INFO | jvm 1 | 2012/01/04 18:03:35 |      clientPrincipal: myuser@myrealm.org.tr
INFO | jvm 1 | 2012/01/04 18:03:35 |      serverPrincipal: krbtgt/myrealm.org.tr@myrealm.org.tr
INFO | jvm 1 | 2012/01/04 18:03:35 |      encryptionType: des-cbc-crc (1), aes128-cts-hmac-sha1-96 (17), des-cbc-md5 (3), rc4-hmac (23), des3-cbc-sha1-kd (16)
INFO | jvm 1 | 2012/01/04 18:03:35 |      realm: myrealm.org.tr
INFO | jvm 1 | 2012/01/04 18:03:35 |      from time: null
INFO | jvm 1 | 2012/01/04 18:03:35 |      till time: 19700101000000Z
INFO | jvm 1 | 2012/01/04 18:03:35 |      renew-till time: null
INFO | jvm 1 | 2012/01/04 18:03:35 |      hostAddresses: null
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService] - Session will use encryption type des-cbc-md5 (3).
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.shared.store.operations.StoreUtils] - Found entry ServerEntry
INFO | jvm 1 | 2012/01/04 18:03:35 | dn[n]: uid=myuser,ou=people,o=myrealm,dc=myrealm,dc=org,dc=tr
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: organizationalPerson
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: person
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: krb5Principal
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: krb5KDCEntry
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: inetOrgPerson
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: top
INFO | jvm 1 | 2012/01/04 18:03:35 | uid: myuser
INFO | jvm 1 | 2012/01/04 18:03:35 | sn: mysurname
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5PrincipalName: myuser@myrealm.org.tr
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5Key: '0x30 0x21 0xA0 0x03 0x02 0x01 0x10 0xA1 0x1A 0x04 0x18 0x6B 0x4C 0x3B 0x25 0x92 ...'
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5Key: '0x30 0x19 0xA0 0x03 0x02 0x01 0x11 0xA1 0x12 0x04 0x10 0x44 0x28 0x3A 0x44 0x47 ...'
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5Key: '0x30 0x19 0xA0 0x03 0x02 0x01 0x17 0xA1 0x12 0x04 0x10 0x47 0xBF 0x80 0x39 0xA8 ...'
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5Key: '0x30 0x11 0xA0 0x03 0x02 0x01 0x03 0xA1 0x0A 0x04 0x08 0xB9 0xFE 0xE9 0x45 0xB5 ...'
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5KeyVersionNumber: 4
INFO | jvm 1 | 2012/01/04 18:03:35 | cn: myname mysurname
INFO | jvm 1 | 2012/01/04 18:03:35 | userPassword: '0x41 0x61 0x31 0x32 0x33 0x34 0x35 0x36 '
INFO | jvm 1 | 2012/01/04 18:03:35 | for kerberos principal name myuser@myrealm.org.tr
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService] - Verifying using SAM subsystem.
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService] - Verifying using encrypted timestamp.
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService] - Entry for client principal myuser@myrealm.org.tr has no SAM type. Proceeding with standard pre-authentication.
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] WARN [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - Additional pre-authentication required (25)
INFO | jvm 1 | 2012/01/04 18:03:35 | org.apache.directory.server.kerberos.shared.exceptions.KerberosException: Additional pre-authentication required
INFO | jvm 1 | 2012/01/04 18:03:35 |      at org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService.verifyEncryptedTimestamp(AuthenticationService.java:269)
INFO | jvm 1 | 2012/01/04 18:03:35 |      at org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService.execute(AuthenticationService.java:107)
INFO | jvm 1 | 2012/01/04 18:03:35 |      at org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler.messageReceived(KerberosProtocolHandler.java:145)
INFO | jvm 1 | 2012/01/04 18:03:35 |      at org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:713)
INFO | jvm 1 | 2012/01/04 18:03:35 |      at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
INFO | jvm 1 | 2012/01/04 18:03:35 |      at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46)
INFO | jvm 1 | 2012/01/04 18:03:35 |      at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:793)
INFO | jvm 1 | 2012/01/04 18:03:35 |      at org.apache.mina.filter.codec.ProtocolCodecFilter$ProtocolDecoderOutputImpl.flush(ProtocolCodecFilter.java:375)
INFO | jvm 1 | 2012/01/04 18:03:35 |      at org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:229)
INFO | jvm 1 | 2012/01/04 18:03:35 |      at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
INFO | jvm 1 | 2012/01/04 18:03:35 |      at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46)
INFO | jvm 1 | 2012/01/04 18:03:35 |      at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:793)
INFO | jvm 1 | 2012/01/04 18:03:35 |      at org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:119)
INFO | jvm 1 | 2012/01/04 18:03:35 |      at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
INFO | jvm 1 | 2012/01/04 18:03:35 |      at org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:426)
INFO | jvm 1 | 2012/01/04 18:03:35 |      at org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.readHandle(AbstractPollingConnectionlessIoAcceptor.java:436)
INFO | jvm 1 | 2012/01/04 18:03:35 |      at org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.processReadySessions(AbstractPollingConnectionlessIoAcceptor.java:407)
INFO | jvm 1 | 2012/01/04 18:03:35 |      at org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.access$600(AbstractPollingConnectionlessIoAcceptor.java:56)
INFO | jvm 1 | 2012/01/04 18:03:35 |      at org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor$Acceptor.run(AbstractPollingConnectionlessIoAcceptor.java:360)
INFO | jvm 1 | 2012/01/04 18:03:35 |      at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)
INFO | jvm 1 | 2012/01/04 18:03:35 |      at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
INFO | jvm 1 | 2012/01/04 18:03:35 |      at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
INFO | jvm 1 | 2012/01/04 18:03:35 |      at java.lang.Thread.run(Thread.java:722)
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - Responding to request with error:
INFO | jvm 1 | 2012/01/04 18:03:35 |      explanatory text: Additional pre-authentication required
INFO | jvm 1 | 2012/01/04 18:03:35 |      error code: 25
INFO | jvm 1 | 2012/01/04 18:03:35 |      clientPrincipal: null
INFO | jvm 1 | 2012/01/04 18:03:35 |      client time: null
INFO | jvm 1 | 2012/01/04 18:03:35 |      serverPrincipal: krbtgt/EXAMPLE.COM@EXAMPLE.COM
INFO | jvm 1 | 2012/01/04 18:03:35 |      server time: 20120104160335Z
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /192.168.27.110:59504 SENT: org.apache.directory.server.kerberos.shared.messages.ErrorMessage@1878a17
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /192.168.27.110:59505 CREATED: datagram
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /192.168.27.110:59505 OPENED
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /192.168.27.110:59505 RCVD: org.apache.directory.server.kerberos.shared.messages.KdcRequest@e8df29
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService] - Received Authentication Service (AS) request:
INFO | jvm 1 | 2012/01/04 18:03:35 |      messageType: AS_REQ
INFO | jvm 1 | 2012/01/04 18:03:35 |      protocolVersionNumber: 5
INFO | jvm 1 | 2012/01/04 18:03:35 |      clientAddress: 192.168.27.110
INFO | jvm 1 | 2012/01/04 18:03:35 |      nonce: 205129622
INFO | jvm 1 | 2012/01/04 18:03:35 |      kdcOptions:
INFO | jvm 1 | 2012/01/04 18:03:35 |      clientPrincipal: myuser@myrealm.org.tr
INFO | jvm 1 | 2012/01/04 18:03:35 |      serverPrincipal: krbtgt/myrealm.org.tr@myrealm.org.tr
INFO | jvm 1 | 2012/01/04 18:03:35 |      encryptionType: des-cbc-crc (1), aes128-cts-hmac-sha1-96 (17), des-cbc-md5 (3), rc4-hmac (23), des3-cbc-sha1-kd (16)
INFO | jvm 1 | 2012/01/04 18:03:35 |      realm: myrealm.org.tr
INFO | jvm 1 | 2012/01/04 18:03:35 |      from time: null
INFO | jvm 1 | 2012/01/04 18:03:35 |      till time: 19700101000000Z
INFO | jvm 1 | 2012/01/04 18:03:35 |      renew-till time: null
INFO | jvm 1 | 2012/01/04 18:03:35 |      hostAddresses: null
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService] - Session will use encryption type des-cbc-md5 (3).
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.shared.store.operations.StoreUtils] - Found entry ServerEntry
INFO | jvm 1 | 2012/01/04 18:03:35 | dn[n]: uid=myuser,ou=people,o=myrealm,dc=myrealm,dc=org,dc=tr
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: organizationalPerson
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: person
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: krb5Principal
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: krb5KDCEntry
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: inetOrgPerson
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: top
INFO | jvm 1 | 2012/01/04 18:03:35 | uid: myuser
INFO | jvm 1 | 2012/01/04 18:03:35 | sn: mysurname
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5PrincipalName: myuser@myrealm.org.tr
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5Key: '0x30 0x21 0xA0 0x03 0x02 0x01 0x10 0xA1 0x1A 0x04 0x18 0x6B 0x4C 0x3B 0x25 0x92 ...'
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5Key: '0x30 0x19 0xA0 0x03 0x02 0x01 0x11 0xA1 0x12 0x04 0x10 0x44 0x28 0x3A 0x44 0x47 ...'
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5Key: '0x30 0x19 0xA0 0x03 0x02 0x01 0x17 0xA1 0x12 0x04 0x10 0x47 0xBF 0x80 0x39 0xA8 ...'
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5Key: '0x30 0x11 0xA0 0x03 0x02 0x01 0x03 0xA1 0x0A 0x04 0x08 0xB9 0xFE 0xE9 0x45 0xB5 ...'
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5KeyVersionNumber: 4
INFO | jvm 1 | 2012/01/04 18:03:35 | cn: myname mysurname
INFO | jvm 1 | 2012/01/04 18:03:35 | userPassword: '0x41 0x61 0x31 0x32 0x33 0x34 0x35 0x36 '
INFO | jvm 1 | 2012/01/04 18:03:35 | for kerberos principal name myuser@myrealm.org.tr
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService] - Verifying using SAM subsystem.
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService] - Verifying using encrypted timestamp.
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService] - Entry for client principal myuser@myrealm.org.tr has no SAM type. Proceeding with standard pre-authentication.
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService] - Pre-authentication by encrypted timestamp successful for myuser@myrealm.org.tr.
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.shared.store.operations.StoreUtils] - Found entry ServerEntry
INFO | jvm 1 | 2012/01/04 18:03:35 | dn[n]: uid=krbtgt,ou=people,o=myrealm,dc=myrealm,dc=org,dc=tr
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: organizationalPerson
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: person
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: krb5Principal
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: gosaAccount
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: krb5KDCEntry
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: inetOrgPerson
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: top
INFO | jvm 1 | 2012/01/04 18:03:35 | uid: krbtgt
INFO | jvm 1 | 2012/01/04 18:03:35 | sn: Service
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5PrincipalName: krbtgt/myrealm.org.tr@myrealm.org.tr
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5Key: '0x30 0x21 0xA0 0x03 0x02 0x01 0x10 0xA1 0x1A 0x04 0x18 0x5E 0x10 0xEF 0xE9 0x83 ...'
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5Key: '0x30 0x19 0xA0 0x03 0x02 0x01 0x11 0xA1 0x12 0x04 0x10 0x18 0x85 0x5A 0xA3 0xC9 ...'
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5Key: '0x30 0x19 0xA0 0x03 0x02 0x01 0x17 0xA1 0x12 0x04 0x10 0x47 0xBF 0x80 0x39 0xA8 ...'
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5Key: '0x30 0x11 0xA0 0x03 0x02 0x01 0x03 0xA1 0x0A 0x04 0x08 0xEC 0xE0 0x98 0x6D 0x85 ...'
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5KeyVersionNumber: 3
INFO | jvm 1 | 2012/01/04 18:03:35 | cn: KDC Service
INFO | jvm 1 | 2012/01/04 18:03:35 | userPassword: '0x41 0x61 0x31 0x32 0x33 0x34 0x35 0x36 '
INFO | jvm 1 | 2012/01/04 18:03:35 | for kerberos principal name krbtgt/myrealm.org.tr@myrealm.org.tr
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService] - Ticket will be issued for access to krbtgt/myrealm.org.tr@myrealm.org.tr.
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService] - Monitoring Authentication Service (AS) context:
INFO | jvm 1 | 2012/01/04 18:03:35 |      clockSkew 300000
INFO | jvm 1 | 2012/01/04 18:03:35 |      clientAddress /192.168.27.110
INFO | jvm 1 | 2012/01/04 18:03:35 |      principal myuser@myrealm.org.tr
INFO | jvm 1 | 2012/01/04 18:03:35 |      cn null
INFO | jvm 1 | 2012/01/04 18:03:35 |      realm null
INFO | jvm 1 | 2012/01/04 18:03:35 |      principal myuser@myrealm.org.tr
INFO | jvm 1 | 2012/01/04 18:03:35 |      SAM type null
INFO | jvm 1 | 2012/01/04 18:03:35 |      principal krbtgt/myrealm.org.tr@myrealm.org.tr
INFO | jvm 1 | 2012/01/04 18:03:35 |      cn null
INFO | jvm 1 | 2012/01/04 18:03:35 |      realm null
INFO | jvm 1 | 2012/01/04 18:03:35 |      principal krbtgt/myrealm.org.tr@myrealm.org.tr
INFO | jvm 1 | 2012/01/04 18:03:35 |      SAM type null
INFO | jvm 1 | 2012/01/04 18:03:35 |      Request key type des-cbc-md5 (3)
INFO | jvm 1 | 2012/01/04 18:03:35 |      Client key version 0
INFO | jvm 1 | 2012/01/04 18:03:35 |      Server key version 0
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService] - Responding with Authentication Service (AS) reply:
INFO | jvm 1 | 2012/01/04 18:03:35 |      messageType: AS_REP
INFO | jvm 1 | 2012/01/04 18:03:35 |      protocolVersionNumber: 5
INFO | jvm 1 | 2012/01/04 18:03:35 |      nonce: 205129622
INFO | jvm 1 | 2012/01/04 18:03:35 |      clientPrincipal: myuser@myrealm.org.tr
INFO | jvm 1 | 2012/01/04 18:03:35 |      client realm: myrealm.org.tr
INFO | jvm 1 | 2012/01/04 18:03:35 |      serverPrincipal: krbtgt/myrealm.org.tr@myrealm.org.tr
INFO | jvm 1 | 2012/01/04 18:03:35 |      server realm: myrealm.org.tr
INFO | jvm 1 | 2012/01/04 18:03:35 |      auth time: 20120104160335Z
INFO | jvm 1 | 2012/01/04 18:03:35 |      start time: null
INFO | jvm 1 | 2012/01/04 18:03:35 |      end time: 20120105160335Z
INFO | jvm 1 | 2012/01/04 18:03:35 |      renew-till time: null
INFO | jvm 1 | 2012/01/04 18:03:35 |      hostAddresses: null
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /192.168.27.110:59505 SENT: org.apache.directory.server.kerberos.shared.messages.AuthenticationReply@14fa707
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /192.168.27.110:59506 CREATED: datagram
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /192.168.27.110:59506 OPENED
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /192.168.27.110:59506 RCVD: org.apache.directory.server.kerberos.shared.messages.KdcRequest@5eef81
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.kdc.ticketgrant.TicketGrantingService] - Received Ticket-Granting Service (TGS) request:
INFO | jvm 1 | 2012/01/04 18:03:35 |      messageType: TGS_REQ
INFO | jvm 1 | 2012/01/04 18:03:35 |      protocolVersionNumber: 5
INFO | jvm 1 | 2012/01/04 18:03:35 |      clientAddress: 192.168.27.110
INFO | jvm 1 | 2012/01/04 18:03:35 |      nonce: 263725163
INFO | jvm 1 | 2012/01/04 18:03:35 |      kdcOptions:
INFO | jvm 1 | 2012/01/04 18:03:35 |      clientPrincipal: null
INFO | jvm 1 | 2012/01/04 18:03:35 |      serverPrincipal: ldap/kys01.myrealm.org.tr@myrealm.org.tr
INFO | jvm 1 | 2012/01/04 18:03:35 |      encryptionType: des-cbc-crc (1), aes128-cts-hmac-sha1-96 (17), des-cbc-md5 (3), rc4-hmac (23), des3-cbc-sha1-kd (16)
INFO | jvm 1 | 2012/01/04 18:03:35 |      realm: myrealm.org.tr
INFO | jvm 1 | 2012/01/04 18:03:35 |      from time: null
INFO | jvm 1 | 2012/01/04 18:03:35 |      till time: 19700101000000Z
INFO | jvm 1 | 2012/01/04 18:03:35 |      renew-till time: null
INFO | jvm 1 | 2012/01/04 18:03:35 |      hostAddresses: null
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.kdc.ticketgrant.TicketGrantingService] - Session will use encryption type des-cbc-md5 (3).
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] WARN [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - The ticket isn't for us (35)
INFO | jvm 1 | 2012/01/04 18:03:35 | org.apache.directory.server.kerberos.shared.exceptions.KerberosException: The ticket isn't for us
INFO | jvm 1 | 2012/01/04 18:03:35 |      at org.apache.directory.server.kerberos.kdc.ticketgrant.TicketGrantingService.verifyTgt(TicketGrantingService.java:233)
INFO | jvm 1 | 2012/01/04 18:03:35 |      at org.apache.directory.server.kerberos.kdc.ticketgrant.TicketGrantingService.execute(TicketGrantingService.java:100)
INFO | jvm 1 | 2012/01/04 18:03:35 |      at org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler.messageReceived(KerberosProtocolHandler.java:158)
INFO | jvm 1 | 2012/01/04 18:03:35 |      at org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:713)
INFO | jvm 1 | 2012/01/04 18:03:35 |      at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
INFO | jvm 1 | 2012/01/04 18:03:35 |      at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46)
INFO | jvm 1 | 2012/01/04 18:03:35 |      at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:793)
INFO | jvm 1 | 2012/01/04 18:03:35 |      at org.apache.mina.filter.codec.ProtocolCodecFilter$ProtocolDecoderOutputImpl.flush(ProtocolCodecFilter.java:375)
INFO | jvm 1 | 2012/01/04 18:03:35 |      at org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:229)
INFO | jvm 1 | 2012/01/04 18:03:35 |      at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
INFO | jvm 1 | 2012/01/04 18:03:35 |      at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46)
INFO | jvm 1 | 2012/01/04 18:03:35 |      at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:793)
INFO | jvm 1 | 2012/01/04 18:03:35 |      at org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:119)
INFO | jvm 1 | 2012/01/04 18:03:35 |      at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
INFO | jvm 1 | 2012/01/04 18:03:35 |      at org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:426)
INFO | jvm 1 | 2012/01/04 18:03:35 |      at org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.readHandle(AbstractPollingConnectionlessIoAcceptor.java:436)
INFO | jvm 1 | 2012/01/04 18:03:35 |      at org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.processReadySessions(AbstractPollingConnectionlessIoAcceptor.java:407)
INFO | jvm 1 | 2012/01/04 18:03:35 |      at org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.access$600(AbstractPollingConnectionlessIoAcceptor.java:56)
INFO | jvm 1 | 2012/01/04 18:03:35 |      at org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor$Acceptor.run(AbstractPollingConnectionlessIoAcceptor.java:360)
INFO | jvm 1 | 2012/01/04 18:03:35 |      at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)
INFO | jvm 1 | 2012/01/04 18:03:35 |      at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
INFO | jvm 1 | 2012/01/04 18:03:35 |      at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
INFO | jvm 1 | 2012/01/04 18:03:35 |      at java.lang.Thread.run(Thread.java:722)
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - Responding to request with error:
INFO | jvm 1 | 2012/01/04 18:03:35 |      explanatory text: The ticket isn't for us
INFO | jvm 1 | 2012/01/04 18:03:35 |      error code: 35
INFO | jvm 1 | 2012/01/04 18:03:35 |      clientPrincipal: null
INFO | jvm 1 | 2012/01/04 18:03:35 |      client time: null
INFO | jvm 1 | 2012/01/04 18:03:35 |      serverPrincipal: krbtgt/EXAMPLE.COM@EXAMPLE.COM
INFO | jvm 1 | 2012/01/04 18:03:35 |      server time: 20120104160335Z
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /192.168.27.110:59506 SENT: org.apache.directory.server.kerberos.shared.messages.ErrorMessage@1c83981

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points