You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by Ahmet Çağrı Şimşek <ac...@gmail.com> on 2012/01/04 17:28:26 UTC
Apache DS on Windows Server 2008 with Kerberos
Hello there,
I installed Apache DS 1.5.7 on Windows Server 2008 R2 with Kerberos enabled.
I followed the instructions here
http://directory.apache.org/apacheds/1.5/543-kerberos-in-apacheds-155.html.
I added the my users like the example ldif file of the official
instructions. Users got their krb keys.
But when i try to authenticate with Apache Directory Studio using Kerberos
authentication as told in the instructions.
I get ERROR 35 "Ticket isn't for us".
I tried googling this issuebut i couldnt solve it on my own.
Any help will be greatly appreciated.
Here is the server log
STATUS | wrapper | 2012/01/04 18:03:07 | --> Wrapper Started as Service
STATUS | wrapper | 2012/01/04 18:03:07 | Launching a JVM...
INFO | jvm 1 | 2012/01/04 18:03:09 | Wrapper (Version 3.2.3)
http://wrapper.tanukisoftware.org
INFO | jvm 1 | 2012/01/04 18:03:09 | Copyright 1999-2006 Tanuki
Software, Inc. All Rights Reserved.
INFO | jvm 1 | 2012/01/04 18:03:09 |
INFO | jvm 1 | 2012/01/04 18:03:09 | _
_ ____ ____
INFO | jvm 1 | 2012/01/04 18:03:09 | / \ _ __ ___ ___|
|__ ___| _ \/ ___|
INFO | jvm 1 | 2012/01/04 18:03:09 | / _ \ | '_ \ / _` |/ __|
'_ \ / _ \ | | \___ \
INFO | jvm 1 | 2012/01/04 18:03:09 | / ___ \| |_) | (_| | (__|
| | | __/ |_| |___) |
INFO | jvm 1 | 2012/01/04 18:03:09 | /_/ \_\ .__/
\__,_|\___|_| |_|\___|____/|____/
INFO | jvm 1 | 2012/01/04 18:03:09 | |_|
INFO | jvm 1 | 2012/01/04 18:03:09 |
INFO | jvm 1 | 2012/01/04 18:03:13 | [18:03:13] WARN
[org.apache.directory.shared.ldap.ldif.LdifReader] - No version information
: assuming version: 1
INFO | jvm 1 | 2012/01/04 18:03:16 | [18:03:16] WARN
[org.apache.directory.shared.ldap.ldif.LdifReader] - No version information
: assuming version: 1
INFO | jvm 1 | 2012/01/04 18:03:16 | [18:03:16] WARN
[org.apache.directory.shared.ldap.ldif.LdifReader] - No version information
: assuming version: 1
INFO | jvm 1 | 2012/01/04 18:03:16 | [18:03:16] WARN
[org.apache.directory.shared.ldap.ldif.LdifReader] - No version information
: assuming version: 1
INFO | jvm 1 | 2012/01/04 18:03:25 | [18:03:25] WARN
[org.apache.directory.shared.ldap.ldif.LdifReader] - No version information
: assuming version: 1
INFO | jvm 1 | 2012/01/04 18:03:25 | [18:03:25] WARN
[org.apache.directory.shared.ldap.ldif.LdifReader] - No version information
: assuming version: 1
INFO | jvm 1 | 2012/01/04 18:03:25 | [18:03:25] WARN
[org.apache.directory.shared.ldap.ldif.LdifReader] - No version information
: assuming version: 1
INFO | jvm 1 | 2012/01/04 18:03:25 | [18:03:25] WARN
[org.apache.directory.shared.ldap.ldif.LdifReader] - No version information
: assuming version: 1
INFO | jvm 1 | 2012/01/04 18:03:25 | [18:03:25] WARN
[org.apache.directory.shared.ldap.ldif.LdifReader] - No version information
: assuming version: 1
INFO | jvm 1 | 2012/01/04 18:03:25 | [18:03:25] WARN
[org.apache.directory.shared.ldap.ldif.LdifReader] - No version information
: assuming version: 1
INFO | jvm 1 | 2012/01/04 18:03:25 | [18:03:25] WARN
[org.apache.directory.shared.ldap.ldif.LdifReader] - No version information
: assuming version: 1
INFO | jvm 1 | 2012/01/04 18:03:25 | [18:03:25] WARN
[org.apache.directory.shared.ldap.ldif.LdifReader] - No version information
: assuming version: 1
INFO | jvm 1 | 2012/01/04 18:03:25 | [18:03:25] WARN
[org.apache.directory.shared.ldap.ldif.LdifReader] - No version information
: assuming version: 1
INFO | jvm 1 | 2012/01/04 18:03:29 | [18:03:29] ERROR
[org.apache.directory.shared.ldap.entry.DefaultServerAttribute] - ERR_04450
The value {0} is incorrect, it hasnt been added
INFO | jvm 1 | 2012/01/04 18:03:29 | [18:03:29] ERROR
[org.apache.directory.shared.ldap.entry.DefaultServerAttribute] - ERR_04450
The value {0} is incorrect, it hasnt been added
INFO | jvm 1 | 2012/01/04 18:03:29 | [18:03:29] ERROR
[org.apache.directory.shared.ldap.entry.DefaultServerAttribute] - ERR_04450
The value {0} is incorrect, it hasnt been added
INFO | jvm 1 | 2012/01/04 18:03:29 | [18:03:29] ERROR
[org.apache.directory.shared.ldap.entry.DefaultServerAttribute] - ERR_04450
The value {0} is incorrect, it hasnt been added
INFO | jvm 1 | 2012/01/04 18:03:29 | [18:03:29] ERROR
[org.apache.directory.shared.ldap.entry.DefaultServerAttribute] - ERR_04450
The value {0} is incorrect, it hasnt been added
INFO | jvm 1 | 2012/01/04 18:03:29 | [18:03:29] ERROR
[org.apache.directory.shared.ldap.entry.DefaultServerAttribute] - ERR_04450
The value {0} is incorrect, it hasnt been added
INFO | jvm 1 | 2012/01/04 18:03:29 | [18:03:29] ERROR
[org.apache.directory.shared.ldap.entry.DefaultServerAttribute] - ERR_04450
The value {0} is incorrect, it hasnt been added
INFO | jvm 1 | 2012/01/04 18:03:29 | [18:03:29] ERROR
[org.apache.directory.shared.ldap.entry.DefaultServerAttribute] - ERR_04450
The value {0} is incorrect, it hasnt been added
INFO | jvm 1 | 2012/01/04 18:03:29 | [18:03:29] ERROR
[org.apache.directory.shared.ldap.entry.DefaultServerAttribute] - ERR_04450
The value {0} is incorrect, it hasnt been added
INFO | jvm 1 | 2012/01/04 18:03:29 | [18:03:29] ERROR
[org.apache.directory.shared.ldap.entry.DefaultServerAttribute] - ERR_04450
The value {0} is incorrect, it hasnt been added
INFO | jvm 1 | 2012/01/04 18:03:29 | [18:03:29] ERROR
[org.apache.directory.shared.ldap.entry.DefaultServerAttribute] - ERR_04450
The value {0} is incorrect, it hasnt been added
INFO | jvm 1 | 2012/01/04 18:03:29 | [18:03:29] ERROR
[org.apache.directory.shared.ldap.entry.DefaultServerAttribute] - ERR_04450
The value {0} is incorrect, it hasnt been added
INFO | jvm 1 | 2012/01/04 18:03:29 | Starting the Kerberos server
INFO | jvm 1 | 2012/01/04 18:03:29 | _
_ _ __ ____ ___
INFO | jvm 1 | 2012/01/04 18:03:29 | / \ _ __ ___ ___|
|__ ___| |/ /| _ \ / __|
INFO | jvm 1 | 2012/01/04 18:03:29 | / _ \ | '_ \ / _` |/ __|
'_ \ / _ \ ' / | | | / /
INFO | jvm 1 | 2012/01/04 18:03:29 | / ___ \| |_) | (_| | (__|
| | | __/ . \ | |_| \ \__
INFO | jvm 1 | 2012/01/04 18:03:29 | /_/ \_\ .__/
\__,_|\___|_| |_|\___|_|\_\|____/ \___|
INFO | jvm 1 | 2012/01/04 18:03:29 | |_|
INFO | jvm 1 | 2012/01/04 18:03:29 |
INFO | jvm 1 | 2012/01/04 18:03:29 | [18:03:29] INFO
[org.apache.directory.server.kerberos.kdc.KdcServer] - Kerberos service
started.
INFO | jvm 1 | 2012/01/04 18:03:29 | Kerberos service started.
INFO | jvm 1 | 2012/01/04 18:03:29 | Kerberos server started
INFO | jvm 1 | 2012/01/04 18:03:29 | [18:03:29] ERROR
[org.apache.directory.shared.ldap.entry.DefaultServerAttribute] - ERR_04450
The value {0} is incorrect, it hasnt been added
INFO | jvm 1 | 2012/01/04 18:03:29 | [18:03:29] ERROR
[org.apache.directory.shared.ldap.entry.DefaultServerAttribute] - ERR_04450
The value {0} is incorrect, it hasnt been added
INFO | jvm 1 | 2012/01/04 18:03:29 | [18:03:29] ERROR
[org.apache.directory.shared.ldap.entry.DefaultServerAttribute] - ERR_04450
The value {0} is incorrect, it hasnt been added
INFO | jvm 1 | 2012/01/04 18:03:29 | [18:03:29] ERROR
[org.apache.directory.shared.ldap.entry.DefaultServerAttribute] - ERR_04450
The value {0} is incorrect, it hasnt been added
INFO | jvm 1 | 2012/01/04 18:03:29 | [18:03:29] ERROR
[org.apache.directory.shared.ldap.entry.DefaultServerAttribute] - ERR_04450
The value {0} is incorrect, it hasnt been added
INFO | jvm 1 | 2012/01/04 18:03:29 | [18:03:29] ERROR
[org.apache.directory.shared.ldap.entry.DefaultServerAttribute] - ERR_04450
The value {0} is incorrect, it hasnt been added
INFO | jvm 1 | 2012/01/04 18:03:29 | [18:03:29] ERROR
[org.apache.directory.shared.ldap.entry.DefaultServerAttribute] - ERR_04450
The value {0} is incorrect, it hasnt been added
INFO | jvm 1 | 2012/01/04 18:03:29 | [18:03:29] ERROR
[org.apache.directory.shared.ldap.entry.DefaultServerAttribute] - ERR_04450
The value {0} is incorrect, it hasnt been added
INFO | jvm 1 | 2012/01/04 18:03:29 | [18:03:29] ERROR
[org.apache.directory.shared.ldap.entry.DefaultServerAttribute] - ERR_04450
The value {0} is incorrect, it hasnt been added
INFO | jvm 1 | 2012/01/04 18:03:29 | [18:03:29] ERROR
[org.apache.directory.shared.ldap.entry.DefaultServerAttribute] - ERR_04450
The value {0} is incorrect, it hasnt been added
INFO | jvm 1 | 2012/01/04 18:03:29 | [18:03:29] ERROR
[org.apache.directory.shared.ldap.entry.DefaultServerAttribute] - ERR_04450
The value {0} is incorrect, it hasnt been added
INFO | jvm 1 | 2012/01/04 18:03:29 | [18:03:29] ERROR
[org.apache.directory.shared.ldap.entry.DefaultServerAttribute] - ERR_04450
The value {0} is incorrect, it hasnt been added
INFO | jvm 1 | 2012/01/04 18:03:29 | [18:03:29] ERROR
[org.apache.directory.server.Service] - Cannot start the server :
reuseAddress can't be set while the acceptor is bound.
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /
192.168.27.110:59504 CREATED: datagram
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /
192.168.27.110:59504 OPENED
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /
192.168.27.110:59504 RCVD:
org.apache.directory.server.kerberos.shared.messages.KdcRequest@65a608
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG
[org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService]
- Received Authentication Service (AS) request:
INFO | jvm 1 | 2012/01/04 18:03:35 | messageType: AS_REQ
INFO | jvm 1 | 2012/01/04 18:03:35 | protocolVersionNumber: 5
INFO | jvm 1 | 2012/01/04 18:03:35 | clientAddress:
192.168.27.110
INFO | jvm 1 | 2012/01/04 18:03:35 | nonce: 2070170438
INFO | jvm 1 | 2012/01/04 18:03:35 | kdcOptions:
INFO | jvm 1 | 2012/01/04 18:03:35 | clientPrincipal:
myuser@myrealm.org.tr
INFO | jvm 1 | 2012/01/04 18:03:35 | serverPrincipal: krbtgt/
myrealm.org.tr@myrealm.org.tr
INFO | jvm 1 | 2012/01/04 18:03:35 | encryptionType:
des-cbc-crc (1), aes128-cts-hmac-sha1-96 (17), des-cbc-md5 (3), rc4-hmac
(23), des3-cbc-sha1-kd (16)
INFO | jvm 1 | 2012/01/04 18:03:35 | realm:
myrealm.org.tr
INFO | jvm 1 | 2012/01/04 18:03:35 | from time: null
INFO | jvm 1 | 2012/01/04 18:03:35 | till time:
19700101000000Z
INFO | jvm 1 | 2012/01/04 18:03:35 | renew-till time: null
INFO | jvm 1 | 2012/01/04 18:03:35 | hostAddresses: null
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG
[org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService]
- Session will use encryption type des-cbc-md5 (3).
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG
[org.apache.directory.server.kerberos.shared.store.operations.StoreUtils] -
Found entry ServerEntry
INFO | jvm 1 | 2012/01/04 18:03:35 | dn[n]:
uid=myuser,ou=people,o=myrealm,dc=myrealm,dc=org,dc=tr
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass:
organizationalPerson
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: person
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: krb5Principal
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: krb5KDCEntry
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: inetOrgPerson
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: top
INFO | jvm 1 | 2012/01/04 18:03:35 | uid: myuser
INFO | jvm 1 | 2012/01/04 18:03:35 | sn: mysurname
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5PrincipalName:
myuser@myrealm.org.tr
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5Key: '0x30 0x21 0xA0 0x03
0x02 0x01 0x10 0xA1 0x1A 0x04 0x18 0x6B 0x4C 0x3B 0x25 0x92 ...'
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5Key: '0x30 0x19 0xA0 0x03
0x02 0x01 0x11 0xA1 0x12 0x04 0x10 0x44 0x28 0x3A 0x44 0x47 ...'
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5Key: '0x30 0x19 0xA0 0x03
0x02 0x01 0x17 0xA1 0x12 0x04 0x10 0x47 0xBF 0x80 0x39 0xA8 ...'
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5Key: '0x30 0x11 0xA0 0x03
0x02 0x01 0x03 0xA1 0x0A 0x04 0x08 0xB9 0xFE 0xE9 0x45 0xB5 ...'
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5KeyVersionNumber: 4
INFO | jvm 1 | 2012/01/04 18:03:35 | cn: myname mysurname
INFO | jvm 1 | 2012/01/04 18:03:35 | userPassword: '0x41 0x61 0x31
0x32 0x33 0x34 0x35 0x36 '
INFO | jvm 1 | 2012/01/04 18:03:35 | for kerberos principal name
myuser@myrealm.org.tr
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG
[org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService]
- Verifying using SAM subsystem.
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG
[org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService]
- Verifying using encrypted timestamp.
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG
[org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService]
- Entry for client principal myuser@myrealm.org.tr has no SAM type.
Proceeding with standard pre-authentication.
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] WARN
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] -
Additional pre-authentication required (25)
INFO | jvm 1 | 2012/01/04 18:03:35 |
org.apache.directory.server.kerberos.shared.exceptions.KerberosException:
Additional pre-authentication required
INFO | jvm 1 | 2012/01/04 18:03:35 | at
org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService.verifyEncryptedTimestamp(AuthenticationService.java:269)
INFO | jvm 1 | 2012/01/04 18:03:35 | at
org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService.execute(AuthenticationService.java:107)
INFO | jvm 1 | 2012/01/04 18:03:35 | at
org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler.messageReceived(KerberosProtocolHandler.java:145)
INFO | jvm 1 | 2012/01/04 18:03:35 | at
org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:713)
INFO | jvm 1 | 2012/01/04 18:03:35 | at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
INFO | jvm 1 | 2012/01/04 18:03:35 | at
org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46)
INFO | jvm 1 | 2012/01/04 18:03:35 | at
org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:793)
INFO | jvm 1 | 2012/01/04 18:03:35 | at
org.apache.mina.filter.codec.ProtocolCodecFilter$ProtocolDecoderOutputImpl.flush(ProtocolCodecFilter.java:375)
INFO | jvm 1 | 2012/01/04 18:03:35 | at
org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:229)
INFO | jvm 1 | 2012/01/04 18:03:35 | at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
INFO | jvm 1 | 2012/01/04 18:03:35 | at
org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46)
INFO | jvm 1 | 2012/01/04 18:03:35 | at
org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:793)
INFO | jvm 1 | 2012/01/04 18:03:35 | at
org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:119)
INFO | jvm 1 | 2012/01/04 18:03:35 | at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
INFO | jvm 1 | 2012/01/04 18:03:35 | at
org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:426)
INFO | jvm 1 | 2012/01/04 18:03:35 | at
org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.readHandle(AbstractPollingConnectionlessIoAcceptor.java:436)
INFO | jvm 1 | 2012/01/04 18:03:35 | at
org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.processReadySessions(AbstractPollingConnectionlessIoAcceptor.java:407)
INFO | jvm 1 | 2012/01/04 18:03:35 | at
org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.access$600(AbstractPollingConnectionlessIoAcceptor.java:56)
INFO | jvm 1 | 2012/01/04 18:03:35 | at
org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor$Acceptor.run(AbstractPollingConnectionlessIoAcceptor.java:360)
INFO | jvm 1 | 2012/01/04 18:03:35 | at
org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)
INFO | jvm 1 | 2012/01/04 18:03:35 | at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
INFO | jvm 1 | 2012/01/04 18:03:35 | at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
INFO | jvm 1 | 2012/01/04 18:03:35 | at
java.lang.Thread.run(Thread.java:722)
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] -
Responding to request with error:
INFO | jvm 1 | 2012/01/04 18:03:35 | explanatory text: Additional
pre-authentication required
INFO | jvm 1 | 2012/01/04 18:03:35 | error code: 25
INFO | jvm 1 | 2012/01/04 18:03:35 | clientPrincipal: null
INFO | jvm 1 | 2012/01/04 18:03:35 | client time: null
INFO | jvm 1 | 2012/01/04 18:03:35 | serverPrincipal: krbtgt/
EXAMPLE.COM@EXAMPLE.COM
INFO | jvm 1 | 2012/01/04 18:03:35 | server time:
20120104160335Z
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /
192.168.27.110:59504 SENT:
org.apache.directory.server.kerberos.shared.messages.ErrorMessage@1878a17
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /
192.168.27.110:59505 CREATED: datagram
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /
192.168.27.110:59505 OPENED
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /
192.168.27.110:59505 RCVD:
org.apache.directory.server.kerberos.shared.messages.KdcRequest@e8df29
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG
[org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService]
- Received Authentication Service (AS) request:
INFO | jvm 1 | 2012/01/04 18:03:35 | messageType: AS_REQ
INFO | jvm 1 | 2012/01/04 18:03:35 | protocolVersionNumber: 5
INFO | jvm 1 | 2012/01/04 18:03:35 | clientAddress:
192.168.27.110
INFO | jvm 1 | 2012/01/04 18:03:35 | nonce: 205129622
INFO | jvm 1 | 2012/01/04 18:03:35 | kdcOptions:
INFO | jvm 1 | 2012/01/04 18:03:35 | clientPrincipal:
myuser@myrealm.org.tr
INFO | jvm 1 | 2012/01/04 18:03:35 | serverPrincipal: krbtgt/
myrealm.org.tr@myrealm.org.tr
INFO | jvm 1 | 2012/01/04 18:03:35 | encryptionType:
des-cbc-crc (1), aes128-cts-hmac-sha1-96 (17), des-cbc-md5 (3), rc4-hmac
(23), des3-cbc-sha1-kd (16)
INFO | jvm 1 | 2012/01/04 18:03:35 | realm:
myrealm.org.tr
INFO | jvm 1 | 2012/01/04 18:03:35 | from time: null
INFO | jvm 1 | 2012/01/04 18:03:35 | till time:
19700101000000Z
INFO | jvm 1 | 2012/01/04 18:03:35 | renew-till time: null
INFO | jvm 1 | 2012/01/04 18:03:35 | hostAddresses: null
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG
[org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService]
- Session will use encryption type des-cbc-md5 (3).
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG
[org.apache.directory.server.kerberos.shared.store.operations.StoreUtils] -
Found entry ServerEntry
INFO | jvm 1 | 2012/01/04 18:03:35 | dn[n]:
uid=myuser,ou=people,o=myrealm,dc=myrealm,dc=org,dc=tr
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass:
organizationalPerson
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: person
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: krb5Principal
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: krb5KDCEntry
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: inetOrgPerson
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: top
INFO | jvm 1 | 2012/01/04 18:03:35 | uid: myuser
INFO | jvm 1 | 2012/01/04 18:03:35 | sn: mysurname
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5PrincipalName:
myuser@myrealm.org.tr
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5Key: '0x30 0x21 0xA0 0x03
0x02 0x01 0x10 0xA1 0x1A 0x04 0x18 0x6B 0x4C 0x3B 0x25 0x92 ...'
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5Key: '0x30 0x19 0xA0 0x03
0x02 0x01 0x11 0xA1 0x12 0x04 0x10 0x44 0x28 0x3A 0x44 0x47 ...'
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5Key: '0x30 0x19 0xA0 0x03
0x02 0x01 0x17 0xA1 0x12 0x04 0x10 0x47 0xBF 0x80 0x39 0xA8 ...'
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5Key: '0x30 0x11 0xA0 0x03
0x02 0x01 0x03 0xA1 0x0A 0x04 0x08 0xB9 0xFE 0xE9 0x45 0xB5 ...'
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5KeyVersionNumber: 4
INFO | jvm 1 | 2012/01/04 18:03:35 | cn: myname mysurname
INFO | jvm 1 | 2012/01/04 18:03:35 | userPassword: '0x41 0x61 0x31
0x32 0x33 0x34 0x35 0x36 '
INFO | jvm 1 | 2012/01/04 18:03:35 | for kerberos principal name
myuser@myrealm.org.tr
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG
[org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService]
- Verifying using SAM subsystem.
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG
[org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService]
- Verifying using encrypted timestamp.
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG
[org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService]
- Entry for client principal myuser@myrealm.org.tr has no SAM type.
Proceeding with standard pre-authentication.
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG
[org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService]
- Pre-authentication by encrypted timestamp successful for
myuser@myrealm.org.tr.
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG
[org.apache.directory.server.kerberos.shared.store.operations.StoreUtils] -
Found entry ServerEntry
INFO | jvm 1 | 2012/01/04 18:03:35 | dn[n]:
uid=krbtgt,ou=people,o=myrealm,dc=myrealm,dc=org,dc=tr
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass:
organizationalPerson
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: person
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: krb5Principal
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: gosaAccount
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: krb5KDCEntry
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: inetOrgPerson
INFO | jvm 1 | 2012/01/04 18:03:35 | objectClass: top
INFO | jvm 1 | 2012/01/04 18:03:35 | uid: krbtgt
INFO | jvm 1 | 2012/01/04 18:03:35 | sn: Service
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5PrincipalName: krbtgt/
myrealm.org.tr@myrealm.org.tr
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5Key: '0x30 0x21 0xA0 0x03
0x02 0x01 0x10 0xA1 0x1A 0x04 0x18 0x5E 0x10 0xEF 0xE9 0x83 ...'
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5Key: '0x30 0x19 0xA0 0x03
0x02 0x01 0x11 0xA1 0x12 0x04 0x10 0x18 0x85 0x5A 0xA3 0xC9 ...'
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5Key: '0x30 0x19 0xA0 0x03
0x02 0x01 0x17 0xA1 0x12 0x04 0x10 0x47 0xBF 0x80 0x39 0xA8 ...'
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5Key: '0x30 0x11 0xA0 0x03
0x02 0x01 0x03 0xA1 0x0A 0x04 0x08 0xEC 0xE0 0x98 0x6D 0x85 ...'
INFO | jvm 1 | 2012/01/04 18:03:35 | krb5KeyVersionNumber: 3
INFO | jvm 1 | 2012/01/04 18:03:35 | cn: KDC Service
INFO | jvm 1 | 2012/01/04 18:03:35 | userPassword: '0x41 0x61 0x31
0x32 0x33 0x34 0x35 0x36 '
INFO | jvm 1 | 2012/01/04 18:03:35 | for kerberos principal name
krbtgt/myrealm.org.tr@myrealm.org.tr
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG
[org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService]
- Ticket will be issued for access to krbtgt/myrealm.org.tr@myrealm.org.tr.
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG
[org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService]
- Monitoring Authentication Service (AS) context:
INFO | jvm 1 | 2012/01/04 18:03:35 | clockSkew 300000
INFO | jvm 1 | 2012/01/04 18:03:35 | clientAddress /
192.168.27.110
INFO | jvm 1 | 2012/01/04 18:03:35 | principal
myuser@myrealm.org.tr
INFO | jvm 1 | 2012/01/04 18:03:35 | cn null
INFO | jvm 1 | 2012/01/04 18:03:35 | realm null
INFO | jvm 1 | 2012/01/04 18:03:35 | principal
myuser@myrealm.org.tr
INFO | jvm 1 | 2012/01/04 18:03:35 | SAM type null
INFO | jvm 1 | 2012/01/04 18:03:35 | principal krbtgt/
myrealm.org.tr@myrealm.org.tr
INFO | jvm 1 | 2012/01/04 18:03:35 | cn null
INFO | jvm 1 | 2012/01/04 18:03:35 | realm null
INFO | jvm 1 | 2012/01/04 18:03:35 | principal krbtgt/
myrealm.org.tr@myrealm.org.tr
INFO | jvm 1 | 2012/01/04 18:03:35 | SAM type null
INFO | jvm 1 | 2012/01/04 18:03:35 | Request key type
des-cbc-md5 (3)
INFO | jvm 1 | 2012/01/04 18:03:35 | Client key version 0
INFO | jvm 1 | 2012/01/04 18:03:35 | Server key version 0
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG
[org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService]
- Responding with Authentication Service (AS) reply:
INFO | jvm 1 | 2012/01/04 18:03:35 | messageType: AS_REP
INFO | jvm 1 | 2012/01/04 18:03:35 | protocolVersionNumber: 5
INFO | jvm 1 | 2012/01/04 18:03:35 | nonce: 205129622
INFO | jvm 1 | 2012/01/04 18:03:35 | clientPrincipal:
myuser@myrealm.org.tr
INFO | jvm 1 | 2012/01/04 18:03:35 | client realm:
myrealm.org.tr
INFO | jvm 1 | 2012/01/04 18:03:35 | serverPrincipal: krbtgt/
myrealm.org.tr@myrealm.org.tr
INFO | jvm 1 | 2012/01/04 18:03:35 | server realm:
myrealm.org.tr
INFO | jvm 1 | 2012/01/04 18:03:35 | auth time:
20120104160335Z
INFO | jvm 1 | 2012/01/04 18:03:35 | start time: null
INFO | jvm 1 | 2012/01/04 18:03:35 | end time:
20120105160335Z
INFO | jvm 1 | 2012/01/04 18:03:35 | renew-till time: null
INFO | jvm 1 | 2012/01/04 18:03:35 | hostAddresses: null
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /
192.168.27.110:59505 SENT:
org.apache.directory.server.kerberos.shared.messages.AuthenticationReply@14fa707
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /
192.168.27.110:59506 CREATED: datagram
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /
192.168.27.110:59506 OPENED
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /
192.168.27.110:59506 RCVD:
org.apache.directory.server.kerberos.shared.messages.KdcRequest@5eef81
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG
[org.apache.directory.server.kerberos.kdc.ticketgrant.TicketGrantingService]
- Received Ticket-Granting Service (TGS) request:
INFO | jvm 1 | 2012/01/04 18:03:35 | messageType: TGS_REQ
INFO | jvm 1 | 2012/01/04 18:03:35 | protocolVersionNumber: 5
INFO | jvm 1 | 2012/01/04 18:03:35 | clientAddress:
192.168.27.110
INFO | jvm 1 | 2012/01/04 18:03:35 | nonce: 263725163
INFO | jvm 1 | 2012/01/04 18:03:35 | kdcOptions:
INFO | jvm 1 | 2012/01/04 18:03:35 | clientPrincipal: null
INFO | jvm 1 | 2012/01/04 18:03:35 | serverPrincipal: ldap/
kys01.myrealm.org.tr@myrealm.org.tr
INFO | jvm 1 | 2012/01/04 18:03:35 | encryptionType:
des-cbc-crc (1), aes128-cts-hmac-sha1-96 (17), des-cbc-md5 (3), rc4-hmac
(23), des3-cbc-sha1-kd (16)
INFO | jvm 1 | 2012/01/04 18:03:35 | realm:
myrealm.org.tr
INFO | jvm 1 | 2012/01/04 18:03:35 | from time: null
INFO | jvm 1 | 2012/01/04 18:03:35 | till time:
19700101000000Z
INFO | jvm 1 | 2012/01/04 18:03:35 | renew-till time: null
INFO | jvm 1 | 2012/01/04 18:03:35 | hostAddresses: null
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG
[org.apache.directory.server.kerberos.kdc.ticketgrant.TicketGrantingService]
- Session will use encryption type des-cbc-md5 (3).
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] WARN
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] -
The ticket isn't for us (35)
INFO | jvm 1 | 2012/01/04 18:03:35 |
org.apache.directory.server.kerberos.shared.exceptions.KerberosException:
The ticket isn't for us
INFO | jvm 1 | 2012/01/04 18:03:35 | at
org.apache.directory.server.kerberos.kdc.ticketgrant.TicketGrantingService.verifyTgt(TicketGrantingService.java:233)
INFO | jvm 1 | 2012/01/04 18:03:35 | at
org.apache.directory.server.kerberos.kdc.ticketgrant.TicketGrantingService.execute(TicketGrantingService.java:100)
INFO | jvm 1 | 2012/01/04 18:03:35 | at
org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler.messageReceived(KerberosProtocolHandler.java:158)
INFO | jvm 1 | 2012/01/04 18:03:35 | at
org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:713)
INFO | jvm 1 | 2012/01/04 18:03:35 | at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
INFO | jvm 1 | 2012/01/04 18:03:35 | at
org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46)
INFO | jvm 1 | 2012/01/04 18:03:35 | at
org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:793)
INFO | jvm 1 | 2012/01/04 18:03:35 | at
org.apache.mina.filter.codec.ProtocolCodecFilter$ProtocolDecoderOutputImpl.flush(ProtocolCodecFilter.java:375)
INFO | jvm 1 | 2012/01/04 18:03:35 | at
org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:229)
INFO | jvm 1 | 2012/01/04 18:03:35 | at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
INFO | jvm 1 | 2012/01/04 18:03:35 | at
org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46)
INFO | jvm 1 | 2012/01/04 18:03:35 | at
org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:793)
INFO | jvm 1 | 2012/01/04 18:03:35 | at
org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:119)
INFO | jvm 1 | 2012/01/04 18:03:35 | at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
INFO | jvm 1 | 2012/01/04 18:03:35 | at
org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:426)
INFO | jvm 1 | 2012/01/04 18:03:35 | at
org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.readHandle(AbstractPollingConnectionlessIoAcceptor.java:436)
INFO | jvm 1 | 2012/01/04 18:03:35 | at
org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.processReadySessions(AbstractPollingConnectionlessIoAcceptor.java:407)
INFO | jvm 1 | 2012/01/04 18:03:35 | at
org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.access$600(AbstractPollingConnectionlessIoAcceptor.java:56)
INFO | jvm 1 | 2012/01/04 18:03:35 | at
org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor$Acceptor.run(AbstractPollingConnectionlessIoAcceptor.java:360)
INFO | jvm 1 | 2012/01/04 18:03:35 | at
org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)
INFO | jvm 1 | 2012/01/04 18:03:35 | at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
INFO | jvm 1 | 2012/01/04 18:03:35 | at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
INFO | jvm 1 | 2012/01/04 18:03:35 | at
java.lang.Thread.run(Thread.java:722)
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] -
Responding to request with error:
INFO | jvm 1 | 2012/01/04 18:03:35 | explanatory text: The ticket
isn't for us
INFO | jvm 1 | 2012/01/04 18:03:35 | error code: 35
INFO | jvm 1 | 2012/01/04 18:03:35 | clientPrincipal: null
INFO | jvm 1 | 2012/01/04 18:03:35 | client time: null
INFO | jvm 1 | 2012/01/04 18:03:35 | serverPrincipal: krbtgt/
EXAMPLE.COM@EXAMPLE.COM
INFO | jvm 1 | 2012/01/04 18:03:35 | server time:
20120104160335Z
INFO | jvm 1 | 2012/01/04 18:03:35 | [18:03:35] DEBUG
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - /
192.168.27.110:59506 SENT:
org.apache.directory.server.kerberos.shared.messages.ErrorMessage@1c83981
--
Ahmet Çağrı Şimşek <http://www.cs.bilkent.edu.tr/%7Easimsek/>