Help

Alfresco CE 3.3 und Kerberos Authentifizierung gegen AD

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
dfuellgraf
Member II
‎25 May 2010 3:04 PM

Alfresco CE 3.3 und Kerberos Authentifizierung gegen AD

Hi

ich versuche z.Z. ein Alfresco 3.3 CE mit Single-Sign-On via Kerberos gegen eine Active-Directory. Ich bin 1 zu 1 dieser Anleitung gefolgt: http://wiki.alfresco.com/wiki/Alfresco_Authentication_Subsystems#Configuring_against_Active_Director...

Doch habe ich damit keinen Erfolg gehabt.

Jedesmal wenn ich versuche mich via IE per SSO anzumelden bekomme ich diese Fehlermeldung:

12:10:09,720 ERROR [org.alfresco.web.app.servlet.KerberosAuthenticationFilter] HTTP Kerberos web filter error
javax.security.auth.login.LoginException: Cannot get kdc for realm MYNETKOM.DE
   at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:696)
   at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:542)
   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
   at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
   at java.lang.reflect.Method.invoke(Method.java:597)
   at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
   at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
   at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
   at java.security.AccessController.doPrivileged(Native Method)
   at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
   at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
   at org.alfresco.repo.webdav.auth.BaseKerberosAuthenticationFilter.init(BaseKerberosAuthenticationFilter.java:168)
   at org.alfresco.web.app.servlet.KerberosAuthenticationFilter.init(KerberosAuthenticationFilter.java:72)
   at org.alfresco.repo.webdav.auth.BaseSSOAuthenticationFilter.afterPropertiesSet(BaseSSOAuthenticationFilter.java:127)
   at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1460)
   at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1398)
   at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:512)
   at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:450)
   at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:290)
   at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
   at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:287)
   at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:189)
   at org.springframework.context.support.AbstractApplicationContext.getBean(AbstractApplicationContext.java:1004)
   at org.alfresco.repo.management.subsystems.ChainingSubsystemProxyFactory$1.invoke(ChainingSubsystemProxyFactory.java:96)
   at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
   at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
   at $Proxy197.doFilter(Unknown Source)
   at org.alfresco.repo.web.filter.beans.BeanProxyFilter.doFilter(BeanProxyFilter.java:82)
   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
   at org.alfresco.repo.web.filter.beans.NullFilter.doFilter(NullFilter.java:68)
   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
   at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
   at java.lang.reflect.Method.invoke(Method.java:597)
   at org.alfresco.repo.management.subsystems.ChainingSubsystemProxyFactory$1.invoke(ChainingSubsystemProxyFactory.java:103)
   at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
   at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
   at $Proxy197.doFilter(Unknown Source)
   at org.alfresco.repo.web.filter.beans.BeanProxyFilter.doFilter(BeanProxyFilter.java:82)
   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
   at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
   at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
   at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
   at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
   at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
   at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
   at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845)
   at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
   at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
   at java.lang.Thread.run(Thread.java:619)
Caused by: KrbException: Cannot get kdc for realm MYNETKOM.DE
   at sun.security.krb5.KrbKdcReq.send(KrbKdcReq.java:133)
   at sun.security.krb5.KrbKdcReq.send(KrbKdcReq.java:106)
   at sun.security.krb5.KrbAsReq.send(KrbAsReq.java:434)
   at sun.security.krb5.Credentials.sendASRequest(Credentials.java:405)
   at sun.security.krb5.Credentials.acquireTGT(Credentials.java:355)
   at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:672)
   … 52 more

alfresco-global.properties (Kerberos-Abschnitt):

kerberos.authentication.realm=MYNETKOM.DE

kerberos.authentication.sso.enabled=true

kerberos.authentication.user.configEntryName=Alfresco

kerberos.authentication.cifs.configEntryName=AlfrescoCIFS

kerberos.authentication.http.configEntryName=AlfrescoHTTP

kerberos.authentication.cifs.password=passwort

kerberos.authentication.http.password=passwort

kerberos.authentication.defaultAdministratorUserNames=user1,user2

die java.login.config habe ich auch nach der Anleitung angelegt.

mfg
David Füllgraf
Labels
0 Kudos
7 Replies
bwerner
Member II
‎26 May 2010 4:34 PM

Re: Alfresco CE 3.3 und Kerberos Authentifizierung gegen AD

Hi David,

Kannst Du bitte mal Deine krb5.ini oder krb5.conf (je nach Betriebssystem) hier posten?

Vielen Dank!

Beste Grüße,
Bernhard
0 Kudos
dfuellgraf
Member II
‎27 May 2010 7:43 AM

Re: Alfresco CE 3.3 und Kerberos Authentifizierung gegen AD

hi

hier die krb5.ini:

[libdefaults]
 default_realm = MYNETKOM.DE
 default_tkt_enctypes = rc4-hmac
 default_tgs_enctypes = rc4-hmac 


[realms]
 ALFRESCO.ORG = {
  kdc = xpalfresco.mynetkom.de
  admin_server = xpalfresco.mynetkom.de
 }


[domain_realm]
 xpalfresco.mynetkom.de = MYNETKOM.DE
 .xpalfresco.mynetkom.de = MYNETKOM.DE

und dieser Fehler wird mir im Internet Explorer angezeigt:

org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'authenticationFilter' defined in file [C:\Alfresco\tomcat\webapps\alfresco\WEB-INF\classes\alfresco\subsystems\Authentication\kerberos\kerberos-filter-context.xml]: Invocation of init method failed; nested exception is javax.servlet.ServletException: Failed to login HTTP server service
caused by:
javax.servlet.ServletException: Failed to login HTTP server service
0 Kudos
dfuellgraf
Member II
‎28 May 2010 1:08 PM

Re: Alfresco CE 3.3 und Kerberos Authentifizierung gegen AD

Keiner eine Idee? Ich verzweifel langsam  Smiley Indifferent
0 Kudos
sfreeper_9742
Member II
‎31 May 2010 7:29 AM

Re: Alfresco CE 3.3 und Kerberos Authentifizierung gegen AD

Solltest du nicht ein [realm] definieren, dass MYNETKOM.DE heisst?

also so:
[libdefaults]
default_realm = MYNETKOM.DE
default_tkt_enctypes = rc4-hmac
default_tgs_enctypes = rc4-hmac


[realms]
MYNETKOM.DE = {                                  <————————- Die Änderung!
  kdc = xpalfresco.mynetkom.de
  admin_server = xpalfresco.mynetkom.de
}


[domain_realm]
xpalfresco.mynetkom.de = MYNETKOM.DE
.xpalfresco.mynetkom.de = MYNETKOM.DE

Nur so eine Idee…

Gruß,
Markus
0 Kudos
dfuellgraf
Member II
‎31 May 2010 8:21 AM

Re: Alfresco CE 3.3 und Kerberos Authentifizierung gegen AD

Hi,

danke für den Tipp. Manchmal sieht man den Wald vor lauter Bäumen nicht mehr Smiley Wink

Doch nun bekomme ich diese Fehlermeldung:

09:15:03,946 ERROR [org.alfresco.web.app.servlet.KerberosAuthenticationFilter] HTTP Kerberos web filter error
javax.security.auth.login.LoginException: Receive timed out
   at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:700)
   at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:542)
   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
   at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
   at java.lang.reflect.Method.invoke(Method.java:597)
   at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
   at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
   at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
   at java.security.AccessController.doPrivileged(Native Method)
   at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
   at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
   at org.alfresco.repo.webdav.auth.BaseKerberosAuthenticationFilter.init(BaseKerberosAuthenticationFilter.java:168)
   at org.alfresco.web.app.servlet.KerberosAuthenticationFilter.init(KerberosAuthenticationFilter.java:72)
   at org.alfresco.repo.webdav.auth.BaseSSOAuthenticationFilter.afterPropertiesSet(BaseSSOAuthenticationFilter.java:127)
   at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1460)
   at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1398)
   at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:512)
   at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:450)
   at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:290)
   at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
   at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:287)
   at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:189)
   at org.springframework.context.support.AbstractApplicationContext.getBean(AbstractApplicationContext.java:1004)
   at org.alfresco.repo.management.subsystems.ChainingSubsystemProxyFactory$1.invoke(ChainingSubsystemProxyFactory.java:96)
   at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
   at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
   at $Proxy203.doFilter(Unknown Source)
   at org.alfresco.repo.web.filter.beans.BeanProxyFilter.doFilter(BeanProxyFilter.java:82)
   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
   at org.alfresco.repo.web.filter.beans.NullFilter.doFilter(NullFilter.java:68)
   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
   at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
   at java.lang.reflect.Method.invoke(Method.java:597)
   at org.alfresco.repo.management.subsystems.ChainingSubsystemProxyFactory$1.invoke(ChainingSubsystemProxyFactory.java:103)
   at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
   at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
   at $Proxy203.doFilter(Unknown Source)
   at org.alfresco.repo.web.filter.beans.BeanProxyFilter.doFilter(BeanProxyFilter.java:82)
   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
   at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
   at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
   at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
   at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
   at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
   at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
   at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845)
   at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
   at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
   at java.lang.Thread.run(Thread.java:619)
Caused by: java.net.SocketTimeoutException: Receive timed out
   at java.net.PlainDatagramSocketImpl.receive0(Native Method)
   at java.net.PlainDatagramSocketImpl.receive(PlainDatagramSocketImpl.java:136)
   at java.net.DatagramSocket.receive(DatagramSocket.java:712)
   at sun.security.krb5.internal.UDPClient.receive(UDPClient.java:77)
   at sun.security.krb5.KrbKdcReq$KdcCommunication.run(KrbKdcReq.java:279)
   at java.security.AccessController.doPrivileged(Native Method)
   at sun.security.krb5.KrbKdcReq.send(KrbKdcReq.java:195)
   at sun.security.krb5.KrbKdcReq.send(KrbKdcReq.java:140)
   at sun.security.krb5.KrbKdcReq.send(KrbKdcReq.java:106)
   at sun.security.krb5.KrbAsReq.send(KrbAsReq.java:434)
   at sun.security.krb5.Credentials.sendASRequest(Credentials.java:405)
   at sun.security.krb5.Credentials.acquireTGT(Credentials.java:355)
   at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:672)
   … 52 more
09:16:33,987 ERROR [org.alfresco.web.app.servlet.KerberosAuthenticationFilter] HTTP Kerberos web filter error
javax.security.auth.login.LoginException: Receive timed out
   at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:700)
   at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:542)
   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
   at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
   at java.lang.reflect.Method.invoke(Method.java:597)
   at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
   at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
   at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
   at java.security.AccessController.doPrivileged(Native Method)
   at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
   at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
   at org.alfresco.repo.webdav.auth.BaseKerberosAuthenticationFilter.init(BaseKerberosAuthenticationFilter.java:168)
   at org.alfresco.web.app.servlet.KerberosAuthenticationFilter.init(KerberosAuthenticationFilter.java:72)
   at org.alfresco.repo.webdav.auth.BaseSSOAuthenticationFilter.afterPropertiesSet(BaseSSOAuthenticationFilter.java:127)
   at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1460)
   at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1398)
   at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:512)
   at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:450)
   at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:290)
   at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
   at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:287)
   at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:189)
   at org.springframework.context.support.AbstractApplicationContext.getBean(AbstractApplicationContext.java:1004)
   at org.alfresco.repo.management.subsystems.ChainingSubsystemProxyFactory$1.invoke(ChainingSubsystemProxyFactory.java:96)
   at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
   at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
   at $Proxy203.doFilter(Unknown Source)
   at org.alfresco.repo.web.filter.beans.BeanProxyFilter.doFilter(BeanProxyFilter.java:82)
   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
   at org.alfresco.repo.web.filter.beans.NullFilter.doFilter(NullFilter.java:68)
   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
   at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
   at java.lang.reflect.Method.invoke(Method.java:597)
   at org.alfresco.repo.management.subsystems.ChainingSubsystemProxyFactory$1.invoke(ChainingSubsystemProxyFactory.java:103)
   at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
   at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
   at $Proxy203.doFilter(Unknown Source)
   at org.alfresco.repo.web.filter.beans.BeanProxyFilter.doFilter(BeanProxyFilter.java:82)
   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
   at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
   at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
   at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
   at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
   at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
   at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
   at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845)
   at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
   at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
   at java.lang.Thread.run(Thread.java:619)
Caused by: java.net.SocketTimeoutException: Receive timed out
   at java.net.PlainDatagramSocketImpl.receive0(Native Method)
   at java.net.PlainDatagramSocketImpl.receive(PlainDatagramSocketImpl.java:136)
   at java.net.DatagramSocket.receive(DatagramSocket.java:712)
   at sun.security.krb5.internal.UDPClient.receive(UDPClient.java:77)
   at sun.security.krb5.KrbKdcReq$KdcCommunication.run(KrbKdcReq.java:279)
   at java.security.AccessController.doPrivileged(Native Method)
   at sun.security.krb5.KrbKdcReq.send(KrbKdcReq.java:195)
   at sun.security.krb5.KrbKdcReq.send(KrbKdcReq.java:140)
   at sun.security.krb5.KrbKdcReq.send(KrbKdcReq.java:106)
   at sun.security.krb5.KrbAsReq.send(KrbAsReq.java:434)
   at sun.security.krb5.Credentials.sendASRequest(Credentials.java:405)
   at sun.security.krb5.Credentials.acquireTGT(Credentials.java:355)
   at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:672)
   … 52 more

Deutet das darauf hin, dass KDC nicht auf dem AD-Server erreichbar ist, oder am Alfresco-Server?

mfg
David
0 Kudos
bwerner
Member II
‎31 May 2010 9:17 AM

Re: Alfresco CE 3.3 und Kerberos Authentifizierung gegen AD

Hi David,

Ist MYNETKOM.DE wirklich Deine AD Domain?
Falls es nur ein Platzhalter ist solltest Du das durch Deine reelle Domain ersetzten

Hier ein Artikel zu dem Thema (Step 4)
http://support.microsoft.com/kb/555092

Viele Grüße,
Bernhard
0 Kudos
dfuellgraf
Member II
‎31 May 2010 11:33 AM

Re: Alfresco CE 3.3 und Kerberos Authentifizierung gegen AD

Hi,

meintest du die Änderung in diesem Stil?

[libdefaults]
default_realm = MYNETKOM.DE
default_tkt_enctypes = rc4-hmac
default_tgs_enctypes = rc4-hmac


[realms]
MYNETKOM.DE = {
  kdc = ad.mynetkom.de:88                   
  admin_server = xpalfresco.mynetkom.de
}


[domain_realm]
xpalfresco.mynetkom.de = MYNETKOM.DE
.xpalfresco.mynetkom.de = MYNETKOM.DE

mfg
David

//edit:

jetzt funktioniert es! Smiley Happy

Vielen Dank für die Hilfe!
0 Kudos
German Archive

Archive content from product discussions in German.

This group is now closed and content is read-only.

We use cookies on this site to enhance your user experience

By using this site, you are agreeing to allow us to collect and use cookies as outlined in Alfresco’s Cookie Statement and Terms of Use (and you have a legitimate interest in Alfresco and our products, authorizing us to contact you in such methods).   If you are not ok with these terms, please do not use this website.