linux - GSSAPI - Windows Active Directory Interoperability - error accepting context: Wrong principal in request -

-

we writing softwares run on both windows , linux, , plan use windows active directory authentication. struggling issues described below, , appreciate much:

domain name: corp.company.com

test programming running on 1 linux machine: host1.corp.company.com

the test program comes gss-sample krb5-1.11.3 downloaded files.

the server named "gssapitest".

based on "step-by-step guide kerberos 5(krb5 1.0) interoperability(from microsoft) ,

first create user "host1" in ad represent host host1.corp.company.com (the linux machine).

use ktpass generate keytab (run windows): ktpass /princ host/host1.corp.company.com@corp.company.com /mapuser host1 /pass hostpassword /out file1.keytab

now in ad, create domain user "gssapitest" represent test server program, , map user similarly: ktpass /princ gssapitest/host1.corp.company.com@corp.company.com /mapuser gssapitest /pass gssapitestpassword /out file2.keytab

copy file1.keytab , file2.keytab linux machine host1, , merge them /etc/krb5.keytab.

in linux, "ktutil" shows content of /etc/krb5.keytab following:

slot kvno principal 1 4 host/host1.corp.company.com@corp.company.com 2 5 gssapitest/host1.corp.company.com@corp.company.com

on windows, register service (using "setspn") linux server program result looks (2 entries, 1 mapped host name, other actual host name, testing purpose. if 1 entry, no matter one, result same):

registered serviceprincipalnames cn=xxxx,cn=users,dc=corp,dc=company,dc=com: gssapitest/host1:2001 gssapitest/host1.corp.company.com:2001

now start server way:

gss-server -port 2001 gssapitest

and start client terminal way:

gss-client -port 2001 -user xxxx -pass xxxxpassword host1.corp.company.com gssapitest "abcd"

the error shows on server side:

gss-api error accepting context: unspecified gss failure. minor code may provide more information gss-api error accepting context: wrong principal in request

what cause of this? i'd know if step outlined necessary. , 1 not needed @ or incorrect.

(note: have tried log in linux both local user account , domain account in corp.company.com, result shows same error. nslookup shows correct ip host mapping linux machine).

i did test runs, , in case, problem seems this: made changes mapped user, i.e., gssapitest (in "active directory users , computers", unchecked "use des encryption types account" under "account" tab user) after running "ktpass" , merged output file krb5.keytab in linux machine. fix problem, checked "use des encryptiuon types account" again inside active directory, go linux machine, run "kdestroy" before starting server , client programs. worked. if having similar problems, may want possible cause. thanks.


Comments

Post a Comment

Popular posts from this blog

javascript - how to protect a flash video from refresh? -

-
<!doctype html> <html> <head> <meta http-equiv="content-type" content="text/html; charset=utf-8"> <title>flash video refresh</title> </head> <body> <div id="playerzone"><embed height="496" width="580" flashvars="flvid=19742822&amp;createtime=2012-4-19 13:46:33" wmode="opaque" allowscriptaccess="always" allowfullscreen="true" quality="high" bgcolor="#000000" name="player" id="player" src="swf/mine.swf" type="application/x-shockwave-flash"></div> <a onclick="return test();" id="test">click me popup div,and hide scrollbar</a> </body> the code upon: for example,when click a#test button,popup div,it's no problem,but want hide scrollbar while div popup. i used $('html').css('overflow','hidden') in
Read more

android - Associate same looper with different threads -

-
Image
in application, want create multiple threads working on single queue. create queue know need call looper.prepare() . i want other threads create should associated looper created first thread, how can achieve this? use 1 of java thread safe queue class java.util.concurrent package instead of looper achieve goal. it's more common practice. share queue between threads , post task queue entry 1 thread can entry thread. blockingqueue can - in 1 thread call take() , block thread until thread put() entry queue. that's all. producer consumer pattern example blockingqueue or concurrentlinkedqueue about blockingqueue
Read more

visual studio 2010 - Connect to informix database windows form application -

-
i trying figure out how connect ibm informix database. have been doing research , have found threads 5 years ago examples not working. i have installed latest sdk ibm informix. i have included ibm.data.informix.dll references in project. i have included using ibm.data.informix; i adding button , on click testing conenction. debug error "sql0035n file "c:\users\adam\documents\visual studio 2010\projects\test\test\msg\en_us\db2nmp.xml" cannot opened." this file not exist , dont see anywhere in program files (x86)\ibm informix client sdk directory. my on click code is private void button1_click(object sender, eventargs e) { const string host = "192.168.obfuscated"; const string servicenum = "1525"; //port? const string server = "serverobfuscated"; const string database = "dbobfuscatedy"; const string user = "myusername"; const string password = &
Read more