Hyland Connect

davetbo · ‎04-14-2009

All,

Here's my setup:
Alfresco Server running on CentOS 5.2, running 3.0 Stable.
Oracle 10gR2 database for Alfresco storage.
2 clients (both 32-bit): 1 running Vista SP1, one running XP SP3
Authentication using Kerberos to Microsoft AD on a Windows 2003 server.

I have been struggling to get Alfresco working with Kerberos. I have kerberos logins working for the WEB UI from both the Vista and XP clients, and I also have Kerberos authentication working for CIFS from XP, but not from Vista. I have enabled all the Kerberos and SMB debugging in log4j.properties. The odd part is that on both XP and Vista it looks like Kerberos successfully authenticates. The only difference is that on XP it then presents me the file share and on Vista it gives me an "unspecified error" (from Windows Explorer) or a "System error 58 has occurred. The specified server cannot perform the requested operation." if I do a net use * \\alfresco_server\alfresco.

Here's the debugging output from catalina.out for a successful CIFS connection on an XP client.


14:33:52,972 User:UserName DEBUG [smb.protocol.auth] NT Session setup SPNEGO, MID=8, UID=0, PID=65279
14:33:52,972 User:UserName DEBUG [smb.protocol.auth] Kerberos AP-REQ - [AP-REQ:APOptions=MutualAuth ,Ticket=Len=977,Authenticator=EncType=3,Kvno=-1,Len=176]
14:33:52,972 User:UserName DEBUG [smb.protocol.auth] Kerberos mutual auth required, parsing AP-REQ
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
Found key for cifs/alfresco-server.mydomain.com@MYDOMAIN.COM(3)
Entered Krb5Context.acceptSecContext with state=STATE_NEW
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
Using builtin default etypes for permitted_enctypes
default etypes for permitted_enctypes: 3 1 23 16 17.
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
>>> Config reset default kdc MYDOMAIN.COM
object 0: 1239734033014/14274
object 0: 1239734033014/14274
replay cache found.
>>> KrbApReq: authenticate succeed.
Krb5Context setting peerSeqNumber to: 260683064
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
Krb5Context setting mySeqNumber to: 520862752
14:33:52,974 User:UserName DEBUG [smb.protocol.auth] Using OID MS Kerberos5 for NegTokenTarg
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
14:33:52,974 User:UserName DEBUG [smb.protocol.auth] Created NegTokenTarg using updated AP-REP, added subkey
14:33:52,974 User:UserName DEBUG [smb.protocol.auth] Machine account logon, VISTA-CLIENT$, as null logon
14:33:52,974 User:UserName DEBUG [smb.protocol.auth] Logged on using Kerberos, user VISTA-CLIENT$
14:33:52,976 User:UserName DEBUG [smb.protocol.auth] User  logged on  (type Null)
14:33:52,976 User:UserName DEBUG [smb.protocol.auth] Allocated UID=0 for VC=[0:0,[:null,Windows 2002 Service Pack 3 2600,Windows 2002 5.1,10.136.96.10],Tree=0,Searches=0]
14:33:53,089 User:UserName DEBUG [smb.protocol.auth] NT Session setup SPNEGO, MID=32, UID=0, PID=65279
14:33:53,089 User:UserName DEBUG [smb.protocol.auth] Kerberos AP-REQ - [AP-REQ:APOptions=MutualAuth ,Ticket=Len=1113,Authenticator=EncType=3,Kvno=-1,Len=168]
14:33:53,089 User:UserName DEBUG [smb.protocol.auth] Kerberos mutual auth required, parsing AP-REQ
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
Found key for cifs/alfresco-server.mydomain.com@MYDOMAIN.COM(3)
Entered Krb5Context.acceptSecContext with state=STATE_NEW
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
Using builtin default etypes for permitted_enctypes
default etypes for permitted_enctypes: 3 1 23 16 17.
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
>>> Config reset default kdc MYDOMAIN.COM
object 0: 1239734033014/14276
object 1: 1239733767000/595
object 2: 1239733767000/594
object 0: 1239734033014/14276
object 1: 1239733767000/595
object 2: 1239733767000/594
replay cache found.
>>> KrbApReq: authenticate succeed.
Krb5Context setting peerSeqNumber to: 263898451
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
Krb5Context setting mySeqNumber to: 706729883
14:33:53,091 User:UserName DEBUG [smb.protocol.auth] Using OID MS Kerberos5 for NegTokenTarg
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
14:33:53,091 User:UserName DEBUG [smb.protocol.auth] Created NegTokenTarg using updated AP-REP, added subkey
14:33:53,092 User:UserName DEBUG [smb.protocol.auth] Logged on using Kerberos, user UserName
14:33:53,094 User:UserName DEBUG [smb.protocol.auth] User UserName@MYDOMAIN.COM logged on  (type Normal)
14:33:53,094 User:UserName DEBUG [smb.protocol.auth] Allocated UID=1 for VC=[1:1,[UserName@MYDOMAIN.COM:null,Windows 2002 Service Pack 3 2600,Windows 2002 5.1,10.136.96.10],Tree=0,Searches=0]
14:33:54,112 User:UserName DEBUG [smb.protocol.auth] NT Session setup SPNEGO, MID=8, UID=0, PID=65279
14:33:54,112 User:UserName DEBUG [smb.protocol.auth] Kerberos AP-REQ - [AP-REQ:APOptions=MutualAuth ,Ticket=Len=1113,Authenticator=EncType=3,Kvno=-1,Len=168]
14:33:54,112 User:UserName DEBUG [smb.protocol.auth] Kerberos mutual auth required, parsing AP-REQ
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
Found key for cifs/alfresco-server.mydomain.com@MYDOMAIN.COM(3)
Entered Krb5Context.acceptSecContext with state=STATE_NEW
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
Using builtin default etypes for permitted_enctypes
default etypes for permitted_enctypes: 3 1 23 16 17.
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
>>> Config reset default kdc MYDOMAIN.COM
object 0: 1239734034014/14277
object 1: 1239734033014/14276
object 2: 1239733767000/595
object 3: 1239733767000/594
object 0: 1239734034014/14277
object 1: 1239734033014/14276
object 2: 1239733767000/595
object 3: 1239733767000/594
replay cache found.
>>> KrbApReq: authenticate succeed.
Krb5Context setting peerSeqNumber to: 283090984
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
Krb5Context setting mySeqNumber to: 1045326895
14:33:54,114 User:UserName DEBUG [smb.protocol.auth] Using OID MS Kerberos5 for NegTokenTarg
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
14:33:54,115 User:UserName DEBUG [smb.protocol.auth] Created NegTokenTarg using updated AP-REP, added subkey
14:33:54,116 User:UserName DEBUG [smb.protocol.auth] Logged on using Kerberos, user UserName
14:33:54,118 User:UserName DEBUG [smb.protocol.auth] User UserName@MYDOMAIN.COM logged on  (type Normal)
14:33:54,118 User:UserName DEBUG [smb.protocol.auth] Allocated UID=0 for VC=[0:0,[UserName@MYDOMAIN.COM:null,Windows 2002 Service Pack 3 2600,Windows 2002 5.1,10.136.96.10],Tree=0,Searches=0]
14:33:54,138 User:UserName DEBUG [smb.protocol.auth] NT Session setup SPNEGO, MID=104, UID=0, PID=65279
14:33:54,138 User:UserName DEBUG [smb.protocol.auth] Kerberos AP-REQ - [AP-REQ:APOptions=MutualAuth ,Ticket=Len=977,Authenticator=EncType=3,Kvno=-1,Len=176]
14:33:54,138 User:UserName DEBUG [smb.protocol.auth] Kerberos mutual auth required, parsing AP-REQ
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
Found key for cifs/alfresco-server.mydomain.com@MYDOMAIN.COM(3)
Entered Krb5Context.acceptSecContext with state=STATE_NEW
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
Using builtin default etypes for permitted_enctypes
default etypes for permitted_enctypes: 3 1 23 16 17.
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
>>> Config reset default kdc MYDOMAIN.COM
object 0: 1239734034014/14278
object 1: 1239734033014/14274
object 0: 1239734034014/14278
object 1: 1239734033014/14274
replay cache found.
>>> KrbApReq: authenticate succeed.
Krb5Context setting peerSeqNumber to: 282723259
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
Krb5Context setting mySeqNumber to: 529854855
14:33:54,140 User:UserName DEBUG [smb.protocol.auth] Using OID MS Kerberos5 for NegTokenTarg
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
14:33:54,140 User:UserName DEBUG [smb.protocol.auth] Created NegTokenTarg using updated AP-REP, added subkey
14:33:54,140 User:UserName DEBUG [smb.protocol.auth] Machine account logon, VISTA-CLIENT$, as null logon
14:33:54,140 User:UserName DEBUG [smb.protocol.auth] Logged on using Kerberos, user VISTA-CLIENT$
14:33:54,141 User:UserName DEBUG [smb.protocol.auth] User  logged on  (type Null)
14:33:54,142 User:UserName DEBUG [smb.protocol.auth] Allocated UID=1 for VC=[1:1,[:null,Windows 2002 Service Pack 3 2600,Windows 2002 5.1,10.136.96.10],Tree=0,Searches=0]
‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

Here's the debugging output from catalina.out for an UNSUCCESSFUL attempt from Vista. Note that it looks like it is saying successful, but Vista comes back with an error anyway.

14:41:59,098 User:UserName DEBUG [smb.protocol.auth] NT Session setup SPNEGO, MID=8, UID=0, PID=65279
14:41:59,099 User:UserName DEBUG [smb.protocol.auth] Kerberos AP-REQ - [AP-REQ:APOptions=MutualAuth ,Ticket=Len=1201,Authenticator=EncType=3,Kvno=-1,Len=216]
14:41:59,099 User:UserName DEBUG [smb.protocol.auth] Kerberos mutual auth required, parsing AP-REQ
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
Found key for cifs/alfresco-server.mydomain.com@MYDOMAIN.COM(3)
Entered Krb5Context.acceptSecContext with state=STATE_NEW
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
Using builtin default etypes for permitted_enctypes
default etypes for permitted_enctypes: 3 1 23 16 17.
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
>>> Config reset default kdc MYDOMAIN.COM
object 0: 1239734518000/608
object 1: 1239734422000/606
object 2: 1239734422000/605
object 3: 1239734422000/604
object 4: 1239734422000/603
object 5: 1239734422000/602
object 6: 1239734422000/601
object 7: 1239734422000/600
object 8: 1239734422000/599
object 9: 1239734421000/598
object 10: 1239734421000/597
object 0: 1239734518000/608
object 1: 1239734422000/606
object 2: 1239734422000/605
object 3: 1239734422000/604
object 4: 1239734422000/603
object 5: 1239734422000/602
object 6: 1239734422000/601
object 7: 1239734422000/600
object 8: 1239734422000/599
object 9: 1239734421000/598
object 10: 1239734421000/597
replay cache found.
>>> KrbApReq: authenticate succeed.
Krb5Context setting peerSeqNumber to: 902048570
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
Krb5Context setting mySeqNumber to: 787154794
14:41:59,100 User:UserName DEBUG [smb.protocol.auth] Using OID MS Kerberos5 for NegTokenTarg
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
14:41:59,101 User:UserName DEBUG [smb.protocol.auth] Created NegTokenTarg using updated AP-REP, added subkey
14:41:59,102 User:UserName DEBUG [smb.protocol.auth] Logged on using Kerberos, user UserName
14:41:59,104 User:UserName DEBUG [smb.protocol.auth] User UserName@MYDOMAIN.COM logged on  (type Normal)
14:41:59,104 User:UserName DEBUG [smb.protocol.auth] Allocated UID=0 for VC=[0:0,[UserName@MYDOMAIN.COM:null,,,10.136.96.39],Tree=0,Searches=0]
14:41:59,106 User:UserName DEBUG [smb.protocol.auth] NT Session setup SPNEGO, MID=16, UID=0, PID=65279
14:41:59,106 User:UserName DEBUG [smb.protocol.auth] Kerberos AP-REQ - [AP-REQ:APOptions=MutualAuth ,Ticket=Len=1201,Authenticator=EncType=3,Kvno=-1,Len=216]
14:41:59,106 User:UserName DEBUG [smb.protocol.auth] Kerberos mutual auth required, parsing AP-REQ
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
Found key for cifs/alfresco-server.mydomain.com@MYDOMAIN.COM(3)
Entered Krb5Context.acceptSecContext with state=STATE_NEW
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
Using builtin default etypes for permitted_enctypes
default etypes for permitted_enctypes: 3 1 23 16 17.
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
>>> Config reset default kdc MYDOMAIN.COM
object 0: 1239734518000/609
object 1: 1239734518000/608
object 2: 1239734422000/606
object 3: 1239734422000/605
object 4: 1239734422000/604
object 5: 1239734422000/603
object 6: 1239734422000/602
object 7: 1239734422000/601
object 8: 1239734422000/600
object 9: 1239734422000/599
object 10: 1239734421000/598
object 11: 1239734421000/597
object 0: 1239734518000/609
object 1: 1239734518000/608
object 2: 1239734422000/606
object 3: 1239734422000/605
object 4: 1239734422000/604
object 5: 1239734422000/603
object 6: 1239734422000/602
object 7: 1239734422000/601
object 8: 1239734422000/600
object 9: 1239734422000/599
object 10: 1239734421000/598
object 11: 1239734421000/597
replay cache found.
>>> KrbApReq: authenticate succeed.
Krb5Context setting peerSeqNumber to: 902501280
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
Krb5Context setting mySeqNumber to: 807451295
14:41:59,108 User:UserName DEBUG [smb.protocol.auth] Using OID MS Kerberos5 for NegTokenTarg
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
14:41:59,108 User:UserName DEBUG [smb.protocol.auth] Created NegTokenTarg using updated AP-REP, added subkey
14:41:59,110 User:UserName DEBUG [smb.protocol.auth] Logged on using Kerberos, user UserName
14:41:59,111 User:UserName DEBUG [smb.protocol.auth] User UserName@MYDOMAIN.COM logged on  (type Normal)
14:41:59,111 User:UserName DEBUG [smb.protocol.auth] Allocated UID=1 for VC=[0:1,[UserName@MYDOMAIN.COM:null,,,10.136.96.39],Tree=0,Searches=0]
14:41:59,113 User:UserName DEBUG [smb.protocol.auth] NT Session setup SPNEGO, MID=24, UID=0, PID=65279
14:41:59,113 User:UserName DEBUG [smb.protocol.auth] Kerberos AP-REQ - [AP-REQ:APOptions=MutualAuth ,Ticket=Len=1201,Authenticator=EncType=3,Kvno=-1,Len=216]
14:41:59,113 User:UserName DEBUG [smb.protocol.auth] Kerberos mutual auth required, parsing AP-REQ
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
Found key for cifs/alfresco-server.mydomain.com@MYDOMAIN.COM(3)
Entered Krb5Context.acceptSecContext with state=STATE_NEW
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
Using builtin default etypes for permitted_enctypes
default etypes for permitted_enctypes: 3 1 23 16 17.
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
>>> Config reset default kdc MYDOMAIN.COM
object 0: 1239734518000/610
object 1: 1239734518000/609
object 2: 1239734518000/608
object 3: 1239734422000/606
object 4: 1239734422000/605
object 5: 1239734422000/604
object 6: 1239734422000/603
object 7: 1239734422000/602
object 8: 1239734422000/601
object 9: 1239734422000/600
object 10: 1239734422000/599
object 11: 1239734421000/598
object 12: 1239734421000/597
object 0: 1239734518000/610
object 1: 1239734518000/609
object 2: 1239734518000/608
object 3: 1239734422000/606
object 4: 1239734422000/605
object 5: 1239734422000/604
object 6: 1239734422000/603
object 7: 1239734422000/602
object 8: 1239734422000/601
object 9: 1239734422000/600
object 10: 1239734422000/599
object 11: 1239734421000/598
object 12: 1239734421000/597
replay cache found.
>>> KrbApReq: authenticate succeed.
Krb5Context setting peerSeqNumber to: 902456687
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
Krb5Context setting mySeqNumber to: 62868259
14:41:59,115 User:UserName DEBUG [smb.protocol.auth] Using OID MS Kerberos5 for NegTokenTarg
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
14:41:59,115 User:UserName DEBUG [smb.protocol.auth] Created NegTokenTarg using updated AP-REP, added subkey
14:41:59,116 User:UserName DEBUG [smb.protocol.auth] Logged on using Kerberos, user UserName
14:41:59,118 User:UserName DEBUG [smb.protocol.auth] User UserName@MYDOMAIN.COM logged on  (type Normal)
14:41:59,118 User:UserName DEBUG [smb.protocol.auth] Allocated UID=2 for VC=[0:2,[UserName@MYDOMAIN.COM:null,,,10.136.96.39],Tree=0,Searches=0]
14:42:00,132 User:UserName DEBUG [smb.protocol.auth] NT Session setup SPNEGO, MID=32, UID=0, PID=65279
14:42:00,132 User:UserName DEBUG [smb.protocol.auth] Kerberos AP-REQ - [AP-REQ:APOptions=MutualAuth ,Ticket=Len=1201,Authenticator=EncType=3,Kvno=-1,Len=216]
14:42:00,132 User:UserName DEBUG [smb.protocol.auth] Kerberos mutual auth required, parsing AP-REQ
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
Found key for cifs/alfresco-server.mydomain.com@MYDOMAIN.COM(3)
Entered Krb5Context.acceptSecContext with state=STATE_NEW
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
Using builtin default etypes for permitted_enctypes
default etypes for permitted_enctypes: 3 1 23 16 17.
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
>>> Config reset default kdc MYDOMAIN.COM
object 0: 1239734519000/611
object 1: 1239734518000/610
object 2: 1239734518000/609
object 3: 1239734518000/608
object 4: 1239734422000/606
object 5: 1239734422000/605
object 6: 1239734422000/604
object 7: 1239734422000/603
object 8: 1239734422000/602
object 9: 1239734422000/601
object 10: 1239734422000/600
object 11: 1239734422000/599
object 12: 1239734421000/598
object 13: 1239734421000/597
object 0: 1239734519000/611
object 1: 1239734518000/610
object 2: 1239734518000/609
object 3: 1239734518000/608
object 4: 1239734422000/606
object 5: 1239734422000/605
object 6: 1239734422000/604
object 7: 1239734422000/603
object 8: 1239734422000/602
object 9: 1239734422000/601
object 10: 1239734422000/600
object 11: 1239734422000/599
object 12: 1239734421000/598
object 13: 1239734421000/597
replay cache found.
>>> KrbApReq: authenticate succeed.
Krb5Context setting peerSeqNumber to: 891739601
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
Krb5Context setting mySeqNumber to: 997828725
14:42:00,134 User:UserName DEBUG [smb.protocol.auth] Using OID MS Kerberos5 for NegTokenTarg
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
14:42:00,134 User:UserName DEBUG [smb.protocol.auth] Created NegTokenTarg using updated AP-REP, added subkey
14:42:00,136 User:UserName DEBUG [smb.protocol.auth] Logged on using Kerberos, user UserName
14:42:00,137 User:UserName DEBUG [smb.protocol.auth] User UserName@MYDOMAIN.COM logged on  (type Normal)
14:42:00,137 User:UserName DEBUG [smb.protocol.auth] Allocated UID=3 for VC=[0:3,[UserName@MYDOMAIN.COM:null,,,10.136.96.39],Tree=0,Searches=0]
14:42:00,140 User:UserName DEBUG [smb.protocol.auth] NT Session setup SPNEGO, MID=40, UID=0, PID=65279
14:42:00,140 User:UserName DEBUG [smb.protocol.auth] Kerberos AP-REQ - [AP-REQ:APOptions=MutualAuth ,Ticket=Len=1201,Authenticator=EncType=3,Kvno=-1,Len=216]
14:42:00,140 User:UserName DEBUG [smb.protocol.auth] Kerberos mutual auth required, parsing AP-REQ
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
Found key for cifs/alfresco-server.mydomain.com@MYDOMAIN.COM(3)
Entered Krb5Context.acceptSecContext with state=STATE_NEW
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
Using builtin default etypes for permitted_enctypes
default etypes for permitted_enctypes: 3 1 23 16 17.
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
>>> Config reset default kdc MYDOMAIN.COM
object 0: 1239734519000/612
object 1: 1239734519000/611
object 2: 1239734518000/610
object 3: 1239734518000/609
object 4: 1239734518000/608
object 5: 1239734422000/606
object 6: 1239734422000/605
object 7: 1239734422000/604
object 8: 1239734422000/603
object 9: 1239734422000/602
object 10: 1239734422000/601
object 11: 1239734422000/600
object 12: 1239734422000/599
object 13: 1239734421000/598
object 14: 1239734421000/597
object 0: 1239734519000/612
object 1: 1239734519000/611
object 2: 1239734518000/610
object 3: 1239734518000/609
object 4: 1239734518000/608
object 5: 1239734422000/606
object 6: 1239734422000/605
object 7: 1239734422000/604
object 8: 1239734422000/603
object 9: 1239734422000/602
object 10: 1239734422000/601
object 11: 1239734422000/600
object 12: 1239734422000/599
object 13: 1239734421000/598
object 14: 1239734421000/597
replay cache found.
>>> KrbApReq: authenticate succeed.
Krb5Context setting peerSeqNumber to: 891622721
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
Krb5Context setting mySeqNumber to: 953792882
14:42:00,142 User:UserName DEBUG [smb.protocol.auth] Using OID MS Kerberos5 for NegTokenTarg
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
14:42:00,142 User:UserName DEBUG [smb.protocol.auth] Created NegTokenTarg using updated AP-REP, added subkey
14:42:00,143 User:UserName DEBUG [smb.protocol.auth] Logged on using Kerberos, user UserName
14:42:00,145 User:UserName DEBUG [smb.protocol.auth] User UserName@MYDOMAIN.COM logged on  (type Normal)
14:42:00,145 User:UserName DEBUG [smb.protocol.auth] Allocated UID=4 for VC=[0:4,[UserName@MYDOMAIN.COM:null,,,10.136.96.39],Tree=0,Searches=0]
14:42:00,147 User:UserName DEBUG [smb.protocol.auth] NT Session setup SPNEGO, MID=48, UID=0, PID=65279
14:42:00,147 User:UserName DEBUG [smb.protocol.auth] Kerberos AP-REQ - [AP-REQ:APOptions=MutualAuth ,Ticket=Len=1201,Authenticator=EncType=3,Kvno=-1,Len=216]
14:42:00,147 User:UserName DEBUG [smb.protocol.auth] Kerberos mutual auth required, parsing AP-REQ
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
Found key for cifs/alfresco-server.mydomain.com@MYDOMAIN.COM(3)
Entered Krb5Context.acceptSecContext with state=STATE_NEW
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
Using builtin default etypes for permitted_enctypes
default etypes for permitted_enctypes: 3 1 23 16 17.
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
>>> Config reset default kdc MYDOMAIN.COM
object 0: 1239734519000/613
object 1: 1239734519000/612
object 2: 1239734519000/611
object 3: 1239734518000/610
object 4: 1239734518000/609
object 5: 1239734518000/608
object 6: 1239734422000/606
object 7: 1239734422000/605
object 8: 1239734422000/604
object 9: 1239734422000/603
object 10: 1239734422000/602
object 11: 1239734422000/601
object 12: 1239734422000/600
object 13: 1239734422000/599
object 14: 1239734421000/598
object 15: 1239734421000/597
object 0: 1239734519000/613
object 1: 1239734519000/612
object 2: 1239734519000/611
object 3: 1239734518000/610
object 4: 1239734518000/609
object 5: 1239734518000/608
object 6: 1239734422000/606
object 7: 1239734422000/605
object 8: 1239734422000/604
object 9: 1239734422000/603
object 10: 1239734422000/602
object 11: 1239734422000/601
object 12: 1239734422000/600
object 13: 1239734422000/599
object 14: 1239734421000/598
object 15: 1239734421000/597
replay cache found.
>>> KrbApReq: authenticate succeed.
Krb5Context setting peerSeqNumber to: 891553170
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
Krb5Context setting mySeqNumber to: 685705025
14:42:00,149 User:UserName DEBUG [smb.protocol.auth] Using OID MS Kerberos5 for NegTokenTarg
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
14:42:00,149 User:UserName DEBUG [smb.protocol.auth] Created NegTokenTarg using updated AP-REP, added subkey
14:42:00,150 User:UserName DEBUG [smb.protocol.auth] Logged on using Kerberos, user UserName
14:42:00,152 User:UserName DEBUG [smb.protocol.auth] User UserName@MYDOMAIN.COM logged on  (type Normal)
14:42:00,152 User:UserName DEBUG [smb.protocol.auth] Allocated UID=5 for VC=[0:5,[UserName@MYDOMAIN.COM:null,,,10.136.96.39],Tree=0,Searches=0]
14:42:00,155 User:UserName DEBUG [smb.protocol.auth] NT Session setup SPNEGO, MID=56, UID=0, PID=65279
14:42:00,155 User:UserName DEBUG [smb.protocol.auth] Kerberos AP-REQ - [AP-REQ:APOptions=MutualAuth ,Ticket=Len=1201,Authenticator=EncType=3,Kvno=-1,Len=216]
14:42:00,155 User:UserName DEBUG [smb.protocol.auth] Kerberos mutual auth required, parsing AP-REQ
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
Found key for cifs/alfresco-server.mydomain.com@MYDOMAIN.COM(3)
Entered Krb5Context.acceptSecContext with state=STATE_NEW
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
Using builtin default etypes for permitted_enctypes
default etypes for permitted_enctypes: 3 1 23 16 17.
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
>>> Config reset default kdc MYDOMAIN.COM
object 0: 1239734519000/614
object 1: 1239734519000/613
object 2: 1239734519000/612
object 3: 1239734519000/611
object 4: 1239734518000/610
object 5: 1239734518000/609
object 6: 1239734518000/608
object 7: 1239734422000/606
object 8: 1239734422000/605
object 9: 1239734422000/604
object 10: 1239734422000/603
object 11: 1239734422000/602
object 12: 1239734422000/601
object 13: 1239734422000/600
object 14: 1239734422000/599
object 15: 1239734421000/598
object 16: 1239734421000/597
object 0: 1239734519000/614
object 1: 1239734519000/613
object 2: 1239734519000/612
object 3: 1239734519000/611
object 4: 1239734518000/610
object 5: 1239734518000/609
object 6: 1239734518000/608
object 7: 1239734422000/606
object 8: 1239734422000/605
object 9: 1239734422000/604
object 10: 1239734422000/603
object 11: 1239734422000/602
object 12: 1239734422000/601
object 13: 1239734422000/600
object 14: 1239734422000/599
object 15: 1239734421000/598
object 16: 1239734421000/597
replay cache found.
>>> KrbApReq: authenticate succeed.
Krb5Context setting peerSeqNumber to: 892034346
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
Krb5Context setting mySeqNumber to: 854614359
14:42:00,157 User:UserName DEBUG [smb.protocol.auth] Using OID MS Kerberos5 for NegTokenTarg
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
14:42:00,157 User:UserName DEBUG [smb.protocol.auth] Created NegTokenTarg using updated AP-REP, added subkey
14:42:00,158 User:UserName DEBUG [smb.protocol.auth] Logged on using Kerberos, user UserName
14:42:00,160 User:UserName DEBUG [smb.protocol.auth] User UserName@MYDOMAIN.COM logged on  (type Normal)
14:42:00,160 User:UserName DEBUG [smb.protocol.auth] Allocated UID=6 for VC=[0:6,[UserName@MYDOMAIN.COM:null,,,10.136.96.39],Tree=0,Searches=0]
14:42:00,162 User:UserName DEBUG [smb.protocol.auth] NT Session setup SPNEGO, MID=64, UID=0, PID=65279
14:42:00,162 User:UserName DEBUG [smb.protocol.auth] Kerberos AP-REQ - [AP-REQ:APOptions=MutualAuth ,Ticket=Len=1201,Authenticator=EncType=3,Kvno=-1,Len=216]
14:42:00,162 User:UserName DEBUG [smb.protocol.auth] Kerberos mutual auth required, parsing AP-REQ
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
Found key for cifs/alfresco-server.mydomain.com@MYDOMAIN.COM(3)
Entered Krb5Context.acceptSecContext with state=STATE_NEW
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
Using builtin default etypes for permitted_enctypes
default etypes for permitted_enctypes: 3 1 23 16 17.
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
>>> Config reset default kdc MYDOMAIN.COM
object 0: 1239734519000/615
object 1: 1239734519000/614
object 2: 1239734519000/613
object 3: 1239734519000/612
object 4: 1239734519000/611
object 5: 1239734518000/610
object 6: 1239734518000/609
object 7: 1239734518000/608
object 8: 1239734422000/606
object 9: 1239734422000/605
object 10: 1239734422000/604
object 11: 1239734422000/603
object 12: 1239734422000/602
object 13: 1239734422000/601
object 14: 1239734422000/600
object 15: 1239734422000/599
object 16: 1239734421000/598
object 17: 1239734421000/597
object 0: 1239734519000/615
object 1: 1239734519000/614
object 2: 1239734519000/613
object 3: 1239734519000/612
object 4: 1239734519000/611
object 5: 1239734518000/610
object 6: 1239734518000/609
object 7: 1239734518000/608
object 8: 1239734422000/606
object 9: 1239734422000/605
object 10: 1239734422000/604
object 11: 1239734422000/603
object 12: 1239734422000/602
object 13: 1239734422000/601
object 14: 1239734422000/600
object 15: 1239734422000/599
object 16: 1239734421000/598
object 17: 1239734421000/597
replay cache found.
>>> KrbApReq: authenticate succeed.
Krb5Context setting peerSeqNumber to: 891964814
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
Krb5Context setting mySeqNumber to: 816102127
14:42:00,164 User:UserName DEBUG [smb.protocol.auth] Using OID MS Kerberos5 for NegTokenTarg
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
14:42:00,164 User:UserName DEBUG [smb.protocol.auth] Created NegTokenTarg using updated AP-REP, added subkey
14:42:00,165 User:UserName DEBUG [smb.protocol.auth] Logged on using Kerberos, user UserName
14:42:00,167 User:UserName DEBUG [smb.protocol.auth] User UserName@MYDOMAIN.COM logged on  (type Normal)
14:42:00,167 User:UserName DEBUG [smb.protocol.auth] Allocated UID=7 for VC=[0:7,[UserName@MYDOMAIN.COM:null,,,10.136.96.39],Tree=0,Searches=0]
14:42:00,204 User:UserName DEBUG [smb.protocol.auth] NT Session setup SPNEGO, MID=72, UID=0, PID=65279
14:42:00,204 User:UserName DEBUG [smb.protocol.auth] Kerberos AP-REQ - [AP-REQ:APOptions=MutualAuth ,Ticket=Len=1201,Authenticator=EncType=3,Kvno=-1,Len=216]
14:42:00,204 User:UserName DEBUG [smb.protocol.auth] Kerberos mutual auth required, parsing AP-REQ
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
Found key for cifs/alfresco-server.mydomain.com@MYDOMAIN.COM(3)
Entered Krb5Context.acceptSecContext with state=STATE_NEW
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
Using builtin default etypes for permitted_enctypes
default etypes for permitted_enctypes: 3 1 23 16 17.
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
>>> Config reset default kdc MYDOMAIN.COM
object 0: 1239734519000/616
object 1: 1239734519000/615
object 2: 1239734519000/614
object 3: 1239734519000/613
object 4: 1239734519000/612
object 5: 1239734519000/611
object 6: 1239734518000/610
object 7: 1239734518000/609
object 8: 1239734518000/608
object 9: 1239734422000/606
object 10: 1239734422000/605
object 11: 1239734422000/604
object 12: 1239734422000/603
object 13: 1239734422000/602
object 14: 1239734422000/601
object 15: 1239734422000/600
object 16: 1239734422000/599
object 17: 1239734421000/598
object 18: 1239734421000/597
object 0: 1239734519000/616
object 1: 1239734519000/615
object 2: 1239734519000/614
object 3: 1239734519000/613
object 4: 1239734519000/612
object 5: 1239734519000/611
object 6: 1239734518000/610
object 7: 1239734518000/609
object 8: 1239734518000/608
object 9: 1239734422000/606
object 10: 1239734422000/605
object 11: 1239734422000/604
object 12: 1239734422000/603
object 13: 1239734422000/602
object 14: 1239734422000/601
object 15: 1239734422000/600
object 16: 1239734422000/599
object 17: 1239734421000/598
object 18: 1239734421000/597
replay cache found.
>>> KrbApReq: authenticate succeed.
Krb5Context setting peerSeqNumber to: 890474641
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
Krb5Context setting mySeqNumber to: 796334218
14:42:00,206 User:UserName DEBUG [smb.protocol.auth] Using OID MS Kerberos5 for NegTokenTarg
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
14:42:00,206 User:UserName DEBUG [smb.protocol.auth] Created NegTokenTarg using updated AP-REP, added subkey
14:42:00,207 User:UserName DEBUG [smb.protocol.auth] Logged on using Kerberos, user UserName
14:42:00,209 User:UserName DEBUG [smb.protocol.auth] User UserName@MYDOMAIN.COM logged on  (type Normal)
14:42:00,209 User:UserName DEBUG [smb.protocol.auth] Allocated UID=8 for VC=[0:8,[UserName@MYDOMAIN.COM:null,,,10.136.96.39],Tree=0,Searches=0]
14:42:00,212 User:UserName DEBUG [smb.protocol.auth] NT Session setup SPNEGO, MID=80, UID=0, PID=65279
14:42:00,212 User:UserName DEBUG [smb.protocol.auth] Kerberos AP-REQ - [AP-REQ:APOptions=MutualAuth ,Ticket=Len=1201,Authenticator=EncType=3,Kvno=-1,Len=216]
14:42:00,212 User:UserName DEBUG [smb.protocol.auth] Kerberos mutual auth required, parsing AP-REQ
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
Found key for cifs/alfresco-server.mydomain.com@MYDOMAIN.COM(3)
Entered Krb5Context.acceptSecContext with state=STATE_NEW
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
Using builtin default etypes for permitted_enctypes
default etypes for permitted_enctypes: 3 1 23 16 17.
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
>>> Config reset default kdc MYDOMAIN.COM
object 0: 1239734519000/617
object 1: 1239734519000/616
object 2: 1239734519000/615
object 3: 1239734519000/614
object 4: 1239734519000/613
object 5: 1239734519000/612
object 6: 1239734519000/611
object 7: 1239734518000/610
object 8: 1239734518000/609
object 9: 1239734518000/608
object 10: 1239734422000/606
object 11: 1239734422000/605
object 12: 1239734422000/604
object 13: 1239734422000/603
object 14: 1239734422000/602
object 15: 1239734422000/601
object 16: 1239734422000/600
object 17: 1239734422000/599
object 18: 1239734421000/598
object 19: 1239734421000/597
object 0: 1239734519000/617
object 1: 1239734519000/616
object 2: 1239734519000/615
object 3: 1239734519000/614
object 4: 1239734519000/613
object 5: 1239734519000/612
object 6: 1239734519000/611
object 7: 1239734518000/610
object 8: 1239734518000/609
object 9: 1239734518000/608
object 10: 1239734422000/606
object 11: 1239734422000/605
object 12: 1239734422000/604
object 13: 1239734422000/603
object 14: 1239734422000/602
object 15: 1239734422000/601
object 16: 1239734422000/600
object 17: 1239734422000/599
object 18: 1239734421000/598
object 19: 1239734421000/597
replay cache found.
>>> KrbApReq: authenticate succeed.
Krb5Context setting peerSeqNumber to: 890433677
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
Krb5Context setting mySeqNumber to: 219410625
14:42:00,214 User:UserName DEBUG [smb.protocol.auth] Using OID MS Kerberos5 for NegTokenTarg
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
14:42:00,214 User:UserName DEBUG [smb.protocol.auth] Created NegTokenTarg using updated AP-REP, added subkey
14:42:00,215 User:UserName DEBUG [smb.protocol.auth] Logged on using Kerberos, user UserName
14:42:00,217 User:UserName DEBUG [smb.protocol.auth] User UserName@MYDOMAIN.COM logged on  (type Normal)
14:42:00,217 User:UserName DEBUG [smb.protocol.auth] Allocated UID=9 for VC=[0:9,[UserName@MYDOMAIN.COM:null,,,10.136.96.39],Tree=0,Searches=0]
14:42:00,224 User:UserName DEBUG [smb.protocol.auth] NT Session setup SPNEGO, MID=88, UID=0, PID=65279
14:42:00,224 User:UserName DEBUG [smb.protocol.auth] Kerberos AP-REQ - [AP-REQ:APOptions=MutualAuth ,Ticket=Len=1201,Authenticator=EncType=3,Kvno=-1,Len=216]
14:42:00,224 User:UserName DEBUG [smb.protocol.auth] Kerberos mutual auth required, parsing AP-REQ
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
Found key for cifs/alfresco-server.mydomain.com@MYDOMAIN.COM(3)
Entered Krb5Context.acceptSecContext with state=STATE_NEW
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
Using builtin default etypes for permitted_enctypes
default etypes for permitted_enctypes: 3 1 23 16 17.
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
>>> Config reset default kdc MYDOMAIN.COM
object 0: 1239734519000/618
object 1: 1239734519000/617
object 2: 1239734519000/616
object 3: 1239734519000/615
object 4: 1239734519000/614
object 5: 1239734519000/613
object 6: 1239734519000/612
object 7: 1239734519000/611
object 8: 1239734518000/610
object 9: 1239734518000/609
object 10: 1239734518000/608
object 11: 1239734422000/606
object 12: 1239734422000/605
object 13: 1239734422000/604
object 14: 1239734422000/603
object 15: 1239734422000/602
object 16: 1239734422000/601
object 17: 1239734422000/600
object 18: 1239734422000/599
object 19: 1239734421000/598
object 20: 1239734421000/597
object 0: 1239734519000/618
object 1: 1239734519000/617
object 2: 1239734519000/616
object 3: 1239734519000/615
object 4: 1239734519000/614
object 5: 1239734519000/613
object 6: 1239734519000/612
object 7: 1239734519000/611
object 8: 1239734518000/610
object 9: 1239734518000/609
object 10: 1239734518000/608
object 11: 1239734422000/606
object 12: 1239734422000/605
object 13: 1239734422000/604
object 14: 1239734422000/603
object 15: 1239734422000/602
object 16: 1239734422000/601
object 17: 1239734422000/600
object 18: 1239734422000/599
object 19: 1239734421000/598
object 20: 1239734421000/597
replay cache found.
>>> KrbApReq: authenticate succeed.
Krb5Context setting peerSeqNumber to: 890297143
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
Krb5Context setting mySeqNumber to: 744641020
14:42:00,226 User:UserName DEBUG [smb.protocol.auth] Using OID MS Kerberos5 for NegTokenTarg
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
14:42:00,226 User:UserName DEBUG [smb.protocol.auth] Created NegTokenTarg using updated AP-REP, added subkey
14:42:00,227 User:UserName DEBUG [smb.protocol.auth] Logged on using Kerberos, user UserName
14:42:00,229 User:UserName DEBUG [smb.protocol.auth] User UserName@MYDOMAIN.COM logged on  (type Normal)
14:42:00,229 User:UserName DEBUG [smb.protocol.auth] Allocated UID=10 for VC=[0:10,[UserName@MYDOMAIN.COM:null,,,10.136.96.39],Tree=0,Searches=0]
14:42:00,231 User:UserName DEBUG [smb.protocol.auth] NT Session setup SPNEGO, MID=96, UID=0, PID=65279
14:42:00,232 User:UserName DEBUG [smb.protocol.auth] Kerberos AP-REQ - [AP-REQ:APOptions=MutualAuth ,Ticket=Len=1201,Authenticator=EncType=3,Kvno=-1,Len=216]
14:42:00,232 User:UserName DEBUG [smb.protocol.auth] Kerberos mutual auth required, parsing AP-REQ
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
Found key for cifs/alfresco-server.mydomain.com@MYDOMAIN.COM(3)
Entered Krb5Context.acceptSecContext with state=STATE_NEW
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
Using builtin default etypes for permitted_enctypes
default etypes for permitted_enctypes: 3 1 23 16 17.
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
>>> Config reset default kdc MYDOMAIN.COM
object 0: 1239734519000/619
object 1: 1239734519000/618
object 2: 1239734519000/617
object 3: 1239734519000/616
object 4: 1239734519000/615
object 5: 1239734519000/614
object 6: 1239734519000/613
object 7: 1239734519000/612
object 8: 1239734519000/611
object 9: 1239734518000/610
object 10: 1239734518000/609
object 11: 1239734518000/608
object 12: 1239734422000/606
object 13: 1239734422000/605
object 14: 1239734422000/604
object 15: 1239734422000/603
object 16: 1239734422000/602
object 17: 1239734422000/601
object 18: 1239734422000/600
object 19: 1239734422000/599
object 20: 1239734421000/598
object 21: 1239734421000/597
object 0: 1239734519000/619
object 1: 1239734519000/618
object 2: 1239734519000/617
object 3: 1239734519000/616
object 4: 1239734519000/615
object 5: 1239734519000/614
object 6: 1239734519000/613
object 7: 1239734519000/612
object 8: 1239734519000/611
object 9: 1239734518000/610
object 10: 1239734518000/609
object 11: 1239734518000/608
object 12: 1239734422000/606
object 13: 1239734422000/605
object 14: 1239734422000/604
object 15: 1239734422000/603
object 16: 1239734422000/602
object 17: 1239734422000/601
object 18: 1239734422000/600
object 19: 1239734422000/599
object 20: 1239734421000/598
object 21: 1239734421000/597
replay cache found.
>>> KrbApReq: authenticate succeed.
Krb5Context setting peerSeqNumber to: 890761035
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
Krb5Context setting mySeqNumber to: 294385874
14:42:00,233 User:UserName DEBUG [smb.protocol.auth] Using OID MS Kerberos5 for NegTokenTarg
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
14:42:00,234 User:UserName DEBUG [smb.protocol.auth] Created NegTokenTarg using updated AP-REP, added subkey
14:42:00,235 User:UserName DEBUG [smb.protocol.auth] Logged on using Kerberos, user UserName
14:42:00,236 User:UserName DEBUG [smb.protocol.auth] User UserName@MYDOMAIN.COM logged on  (type Normal)
14:42:00,236 User:UserName DEBUG [smb.protocol.auth] Allocated UID=11 for VC=[0:11,[UserName@MYDOMAIN.COM:null,,,10.136.96.39],Tree=0,Searches=0]
‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

Note that, although it is MUCH longer output for the single attempt, the results look similar (note the "Logged on using Kerberos, user UserName" in both the Vista and XP output above). Also, on Vista a "klist tickets" illustrates that a ticket WAS granted successfully:


C:\Program Files\Resource Kit>klist tickets

Cached Tickets: (2)

   Server: krbtgt/MYDOMAIN.COM@MYDOMAIN.COM
      KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
      End Time: 4/15/2009 0:41:55
      Renew Time: 4/21/2009 14:41:55


   Server: cifs/alfresco-server.mydomain.com@MYDOMAIN.COM
      KerbTicket Encryption Type: Kerberos DES-CBC-MD5
      End Time: 4/15/2009 0:41:55
      Renew Time: 4/21/2009 14:41:55

‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

However, the result on Vista is an error box containing this:


Network Error
Windows cannot access \\alfresco-server.mydomain.com\alfresco
Check the spelling of the name. Otherwise, there might be a problem with your network.  To try to identify and resolve network problems, click Diagnose.

Details:
Error code: 0x80004005
Unspecified Error
‍‍‍‍‍‍‍‍‍

Also, if I try from the command prompt by issuing a "net use * \\alfresco-server.mydomain.com\alfresco" I get the following:


System error 58 has occurred.

The specified server cannot perform the requested operation.
‍‍‍‍‍

I am happy to provide further details to assist in troubleshooting this, but at this point I'm out of ideas. Also, I have tried the workaround stated here, but it didn't work either:
http://www.stacken.kth.se/lists/heimdal-discuss/2007-10/msg00018.html

I am also happy to share details about how I got it working this far if anyone needs help getting to the point where you're stuck where I am…=) Also, I have disabled NTLM using <disableNTLM/> in the kerberos <authenticator> section, to remove that as a possible source of confusion.

Thanks!
Dave

davetbo · ‎04-16-2009

One difference between the XP and Vista debugging info above is in the lines beginning with "[smb.protocol.auth] Allocated UID="…

The XP ones have operating system information in them ("Windows 2002 Service Pack 3 2600") and the Vista ones just have blank fields. Might that be a hint as to the trouble here?

Dave

kprice · ‎08-25-2009

I am in pretty much the same boat.

Alfresco is running on a Centos box, Kerberos auth and SSO works for HTTP, WebDAV and CIFS.

A Windows 2003 client can use CIFS to see \\ALFRESCO\Alfresco (actual server name changed), but a Vista or 2008 client cannot. I can see in the catalina.out log that the Vista/2008 client gets a successful kerberos auth and login, but it doesn't finish connecting to the share.

Given that it is getting a successful kerberos auth and login and a 2003 client can see the shares, I am at a loss as to what I can change/configure on the Alfresco server to allow the Vista/2008 clients to also see the shares.

Help ?!

kprice · ‎08-25-2009

Further possible clues:

2003 client connects it's workstation MACHINE$ account to IPC before connecting the user, 2008 client doesn't.
2003 client creates 1 VC (Virtual Circuit), 2008 client tries to create 10 VCs

Maybe it's a SMBv2 issue ?

Hyland Connect

Alfresco CIFS Kerberos Vista SP1 problem