Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Hyland Connect
- Enterprise Platforms
- Alfresco
- Alfresco Archive
- CIFS conf problem (KrbException: Identifier doesn'...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
CIFS conf problem (KrbException: Identifier doesn't match...
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-21-2008 07:18 PM
Hi everyone!
I have a little but very annoying problem with configuring CIFS on Alfresco Labs.
About the environment:
I have one computer to test this function with Windows XP on it (Computer name: va; Domain: mydom). I've decided to create a virtual PC and to install a Windows 2003 Server on it. This server (Computer name: va-virtserver; Domain: test2003.nyugi) is the AD server that I would like to configure to do the Kerbeos authentication for Alfresco CIFS. Unfortunately my PC and my new virtual server are in different domain, but if I understood right this should not be a problem. (But maybe this is the cause of my problems. … I hope not.)
About my installation and configuration process:
I have installed Alfresco Labs version 3.0.0 (b 1164) schema 131 (Alfresco-Labs-3b-OOo-Setup.exe) on my WinXP (d:\Alfresco). After that I followed the instructions of the Configuring the CIFS and web servers for Kerberos/AD integration wiki page. Since I belive I did everything by the 'manual' I will tell my every move step by step:
[size=85]
Later I tried to change the passwords:
[size=85]
——————————————-
Please somebody help me finding out the solution!
I have a little but very annoying problem with configuring CIFS on Alfresco Labs.
About the environment:
I have one computer to test this function with Windows XP on it (Computer name: va; Domain: mydom). I've decided to create a virtual PC and to install a Windows 2003 Server on it. This server (Computer name: va-virtserver; Domain: test2003.nyugi) is the AD server that I would like to configure to do the Kerbeos authentication for Alfresco CIFS. Unfortunately my PC and my new virtual server are in different domain, but if I understood right this should not be a problem. (But maybe this is the cause of my problems. … I hope not.)
About my installation and configuration process:
I have installed Alfresco Labs version 3.0.0 (b 1164) schema 131 (Alfresco-Labs-3b-OOo-Setup.exe) on my WinXP (d:\Alfresco). After that I followed the instructions of the Configuring the CIFS and web servers for Kerberos/AD integration wiki page. Since I belive I did everything by the 'manual' I will tell my every move step by step:
- On my virtual server (va-virtserver.test2003.nyugi) I've created the two user accounts (alfrescocifs, alfrescohttp) with password same as the account names, and with the desired settings: 'Password never expires' enabled, 'User must change password at next logon' disabled, 'Use DES encryption types for this account' and 'Do not require Kerberos preauthentication' options enabled.
- I used the ktpass utility om va-virtserver to generate key tables for the CIFS and web servers. I used these lines:
- I've created the Service Principal Names (SPN) for the Alfresco CIFS and web server using the setspn utility:
- I've copied the key table files to the installed Alfresco's etc subdir:
- I've created the Kerberos ini file in c:\WINDOWS\krb5.ini (later I've made a copy of it in a newly created C:\WINNT folder because an exception somewhere missed it from that path):
- I've created a Java login configuration file (c:\java\jdk1.5.0_07\jre\lib\security\java.login.config😞
- I've put this line into the Java security configuration file (c:\java\jdk1.5.0_07\jre\lib\security\java.security😞
- I've added this to d:\Alfresco\tomcat\webapps\alfresco\WEB-INF\classes\alfresco\file-servers.xml file:
- I've changed the default values to these in d:\Alfresco\tomcat\webapps\alfresco\WEB-INF\web.xml file:
ktpass -princ cifs/va.mydom@ALFTEST.NYUGI -pass alfcifs -mapuser TEST2003\alfrescocifs -crypto DES-CBC-MD5 -ptype KRB5_NT_PRINCIPAL -mapop set +desonly -out c:\temp\alfrescocifs.keytab
ktpass -princ HTTP/va.mydom@ALFTEST.NYUGI -pass alfhttp -mapuser TEST2003\alfrescohttp -crypto DES-CBC-MD5 -ptype KRB5_NT_PRINCIPAL -mapop set +desonly -out c:\temp\alfrescohttp.keytab
setspn -a cifs/va alfrescocifs
setspn -a cifs/va.mydom alfrescocifs
setspn -a http/va alfrescohttp
setspn -a http/va.mydom alfrescohttp
\\va-virtserver\c$\temp\alfrescocifs.keytab -> d$\Alfresco\etc\alfrescocifs.keytab
\\va-virtserver\c$\temp\alfrescohttp.keytab -> d$\Alfresco\etc\alfrescohttp.keytab
[libdefaults]
default_realm = ALFTEST.NYUGI
[realms]
ALFTEST.NYUGI = {
kdc = va-virtserver
admin_server = va-virtserver
}
[domain_realm]
va-virtserver = ALFTEST.NYUGI
.va-virtserver = ALFTEST.NYUGI
AlfrescoCIFS {
com.sun.security.auth.module.Krb5LoginModule required
storeKey=true
useKeyTab=true
keyTab="d:/Alfresco/etc/alfrescocifs.keytab"
principal="cifs/va.mydom";
};
AlfrescoHTTP {
com.sun.security.auth.module.Krb5LoginModule required
storeKey=true
useKeyTab=true
keyTab="d:/Alfresco/etc/alfrescohttp.keytab"
principal="HTTP/va.mydom";
};
…
login.config.url.1=file:${java.home}/lib/security/java.login.config
…
<config evaluator="string-compare" condition="Filesystem Security">
<authenticator type="enterprise">
<KDC>va-virtserver</KDC>
<Realm>ALFTEST.NYUGI</Realm>
<Password>alfrescocifs</Password>
<Principal>cifs/va.mydom@ALFTEST.NYUGI</Principal>
</authenticator>
</config>
<filter>
<filter-name>Authentication Filter</filter-name>
<filter-class>org.alfresco.web.app.servlet.KerberosAuthenticationFilter</filter-class>
<init-param>
<param-name>KDC</param-name>
<param-value>va-virtserver</param-value>
</init-param>
<init-param>
<param-name>Realm</param-name>
<param-value>ALFTEST.NYUGI</param-value>
</init-param>
<init-param>
<param-name>Password</param-name>
<param-value>alfrescocifs</param-value>
</init-param>
<init-param>
<param-name>Principal</param-name>
<param-value>cifs/va.mydom@ALFTEST.NYUGI</param-value>
</init-param>
</filter>
…
<filter>
<filter-name>WebDAV Authentication Filter</filter-name>
<filter-class>org.alfresco.repo.webdav.auth.KerberosAuthenticationFilter</filter-class>
<init-param>
<param-name>KDC</param-name>
<param-value>va-virtserver</param-value>
</init-param>
<init-param>
<param-name>Realm</param-name>
<param-value>ALFTEST.NYUGI</param-value>
</init-param>
<init-param>
<param-name>Password</param-name>
<param-value>alfrescohttp</param-value>
</init-param>
<init-param>
<param-name>Principal</param-name>
<param-value>HTTP/va.mydom@ALFTEST.NYUGI</param-value>
</init-param>
</filter>
[size=85]
09:01:07,139 ERROR [webdav.auth.KerberosAuthenticationFilter] HTTP Kerberos web filter error
javax.security.auth.login.LoginException: null (68)
at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:652)
at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:512)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at org.alfresco.repo.webdav.auth.KerberosAuthenticationFilter.init(KerberosAuthenticationFilter.java:340)
at org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilterConfig.java:221)
at org.apache.catalina.core.ApplicationFilterConfig.setFilterDef(ApplicationFilterConfig.java:302)
at org.apache.catalina.core.ApplicationFilterConfig.<init>(ApplicationFilterConfig.java:78)
at org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:3635)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:4222)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:760)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:740)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:544)
at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:825)
at org.apache.catalina.startup.HostConfig.deployWARs(HostConfig.java:714)
at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:490)
at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1138)
at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:120)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1022)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:736)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1014)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
at org.apache.catalina.core.StandardService.start(StandardService.java:448)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:700)
at org.apache.catalina.startup.Catalina.start(Catalina.java:552)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)
Caused by: KrbException: null (68)
at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:64)
at sun.security.krb5.KrbAsReq.getReply(KrbAsReq.java:345)
at sun.security.krb5.Credentials.acquireTGT(Credentials.java:370)
at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:642)
… 39 more
Caused by: KrbException: Identifier doesn't match expected value (906)
at sun.security.krb5.internal.KDCRep.init(KDCRep.java:133)
at sun.security.krb5.internal.ASRep.init(ASRep.java:58)
at sun.security.krb5.internal.ASRep.<init>(ASRep.java:53)
at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:50)
… 42 more
09:01:07,686 ERROR [[Catalina].[localhost].[/alfresco]] Exception starting filter WebDAV Authentication Filter
javax.servlet.ServletException: Failed to login HTTP server service
at org.alfresco.repo.webdav.auth.KerberosAuthenticationFilter.init(KerberosAuthenticationFilter.java:354)
at org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilterConfig.java:221)
at org.apache.catalina.core.ApplicationFilterConfig.setFilterDef(ApplicationFilterConfig.java:302)
at org.apache.catalina.core.ApplicationFilterConfig.<init>(ApplicationFilterConfig.java:78)
at org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:3635)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:4222)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:760)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:740)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:544)
at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:825)
at org.apache.catalina.startup.HostConfig.deployWARs(HostConfig.java:714)
at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:490)
at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1138)
at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:120)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1022)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:736)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1014)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
at org.apache.catalina.core.StandardService.start(StandardService.java:448)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:700)
at org.apache.catalina.startup.Catalina.start(Catalina.java:552)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)
09:01:07,748 ERROR [app.servlet.KerberosAuthenticationFilter] HTTP Kerberos web filter error
javax.security.auth.login.LoginException: null (68)
at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:652)
at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:512)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at org.alfresco.web.app.servlet.KerberosAuthenticationFilter.init(KerberosAuthenticationFilter.java:366)
at org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilterConfig.java:221)
at org.apache.catalina.core.ApplicationFilterConfig.setFilterDef(ApplicationFilterConfig.java:302)
at org.apache.catalina.core.ApplicationFilterConfig.<init>(ApplicationFilterConfig.java:78)
at org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:3635)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:4222)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:760)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:740)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:544)
at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:825)
at org.apache.catalina.startup.HostConfig.deployWARs(HostConfig.java:714)
at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:490)
at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1138)
at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:120)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1022)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:736)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1014)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
at org.apache.catalina.core.StandardService.start(StandardService.java:448)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:700)
at org.apache.catalina.startup.Catalina.start(Catalina.java:552)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)
Caused by: KrbException: null (68)
at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:64)
at sun.security.krb5.KrbAsReq.getReply(KrbAsReq.java:345)
at sun.security.krb5.Credentials.acquireTGT(Credentials.java:370)
at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:642)
… 39 more
Caused by: KrbException: Identifier doesn't match expected value (906)
at sun.security.krb5.internal.KDCRep.init(KDCRep.java:133)
at sun.security.krb5.internal.ASRep.init(ASRep.java:58)
at sun.security.krb5.internal.ASRep.<init>(ASRep.java:53)
at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:50)
… 42 more
09:01:07,748 ERROR [[Catalina].[localhost].[/alfresco]] Exception starting filter Authentication Filter
javax.servlet.ServletException: Failed to login HTTP server service
at org.alfresco.web.app.servlet.KerberosAuthenticationFilter.init(KerberosAuthenticationFilter.java:380)
at org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilterConfig.java:221)
at org.apache.catalina.core.ApplicationFilterConfig.setFilterDef(ApplicationFilterConfig.java:302)
at org.apache.catalina.core.ApplicationFilterConfig.<init>(ApplicationFilterConfig.java:78)
at org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:3635)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:4222)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:760)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:740)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:544)
at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:825)
at org.apache.catalina.startup.HostConfig.deployWARs(HostConfig.java:714)
at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:490)
at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1138)
at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:120)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1022)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:736)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1014)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
at org.apache.catalina.core.StandardService.start(StandardService.java:448)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:700)
at org.apache.catalina.startup.Catalina.start(Catalina.java:552)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)
2008.09.19. 9:01:07 org.apache.catalina.core.StandardContext start
SEVERE: Error filterStart
2008.09.19. 9:01:07 org.apache.catalina.core.StandardContext start
SEVERE: Context [/alfresco] startup failed due to previous errors
Later I tried to change the passwords:
ktpass -princ cifs/va.mydom@ALFTEST.NYUGI -pass alfrescocifs -mapuser TEST2003\alfrescocifs -crypto DES-CBC-MD5 -ptype KRB5_NT_PRINCIPAL -mapop set +desonly -out c:\temp\alfrescocifs.keytab
ktpass -princ HTTP/va.mydom@ALFTEST.NYUGI -pass alfrescohttp -mapuser TEST2003\alfrescohttp -crypto DES-CBC-MD5 -ptype KRB5_NT_PRINCIPAL -mapop set +desonly -out c:\temp\alfrescohttp.keytab
[size=85]
2008.09.19. 23:19:47 org.apache.coyote.http11.Http11BaseProtocol init
INFO: Initializing Coyote HTTP/1.1 on http-8080
2008.09.19. 23:19:48 org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 5187 ms
2008.09.19. 23:19:48 org.apache.catalina.core.StandardService start
INFO: Starting service Catalina
2008.09.19. 23:19:48 org.apache.catalina.core.StandardEngine start
INFO: Starting Servlet Engine: Apache Tomcat/5.5.23
2008.09.19. 23:19:48 org.apache.catalina.core.StandardHost start
INFO: XML validation disabled
2008.09.19. 23:19:57 org.apache.catalina.startup.HostConfig deployWAR
INFO: Deploying web application archive alfresco.war
23:22:16,837 INFO [config.xml.XMLConfigService$PropertyConfigurer] Loading properties file from class path resource [alfresco/file-servers
.properties]
23:23:22,974 INFO [domain.schema.SchemaBootstrap] Schema managed by database dialect org.hibernate.dialect.DerbyDialect.
23:23:23,005 INFO [domain.schema.SchemaBootstrap] Alfresco is using the Apache Derby default database. Please only use this while evaluati
ng Alfresco, it is NOT recommended for production or deployment!
23:23:40,333 INFO [domain.schema.SchemaBootstrap] No changes were made to the schema.
23:24:04,363 User:System INFO [repo.admin.ConfigurationChecker] The Alfresco root data directory ('dir.root') is: D:\Alfresco\alf_data
23:24:04,941 User:System INFO [admin.patch.PatchExecuter] Checking for patches to apply …
23:24:06,472 User:System INFO [admin.patch.PatchExecuter] No patches were required.
23:24:06,519 User:System INFO [repo.module.ModuleServiceImpl] Found 0 module(s).
23:24:22,393 User:System INFO [service.descriptor.DescriptorService] Alfresco JVM - v1.5.0_07-b03; maximum heap size 506,313MB
23:24:22,393 User:System INFO [service.descriptor.DescriptorService] Alfresco started (Labs): Current version 3.0.0 (b 1164) schema 131 - I
nstalled version 3.0.0 (b 1164) schema 131
23:24:24,284 User:System WARN [alfresco.linkvalidation.LinkValidationServiceImpl] LinkValidationService Update is not running (virtualizati
on server not registered or started)
23:25:11,484 ERROR [webdav.auth.KerberosAuthenticationFilter] HTTP Kerberos web filter error
javax.security.auth.login.LoginException: null (68)
at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:652)
at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:512)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at org.alfresco.repo.webdav.auth.KerberosAuthenticationFilter.init(KerberosAuthenticationFilter.java:340)
at org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilterConfig.java:221)
at org.apache.catalina.core.ApplicationFilterConfig.setFilterDef(ApplicationFilterConfig.java:302)
at org.apache.catalina.core.ApplicationFilterConfig.<init>(ApplicationFilterConfig.java:78)
at org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:3635)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:4222)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:760)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:740)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:544)
at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:825)
at org.apache.catalina.startup.HostConfig.deployWARs(HostConfig.java:714)
at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:490)
at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1138)
at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:120)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1022)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:736)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1014)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
at org.apache.catalina.core.StandardService.start(StandardService.java:448)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:700)
at org.apache.catalina.startup.Catalina.start(Catalina.java:552)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)
Caused by: KrbException: null (68)
at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:64)
at sun.security.krb5.KrbAsReq.getReply(KrbAsReq.java:345)
at sun.security.krb5.Credentials.acquireTGT(Credentials.java:370)
at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:642)
… 39 more
Caused by: KrbException: Identifier doesn't match expected value (906)
at sun.security.krb5.internal.KDCRep.init(KDCRep.java:133)
at sun.security.krb5.internal.ASRep.init(ASRep.java:58)
at sun.security.krb5.internal.ASRep.<init>(ASRep.java:53)
at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:50)
… 42 more
23:25:11,516 ERROR [[Catalina].[localhost].[/alfresco]] Exception starting filter WebDAV Authentication Filter
javax.servlet.ServletException: Failed to login HTTP server service
at org.alfresco.repo.webdav.auth.KerberosAuthenticationFilter.init(KerberosAuthenticationFilter.java:354)
at org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilterConfig.java:221)
at org.apache.catalina.core.ApplicationFilterConfig.setFilterDef(ApplicationFilterConfig.java:302)
at org.apache.catalina.core.ApplicationFilterConfig.<init>(ApplicationFilterConfig.java:78)
at org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:3635)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:4222)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:760)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:740)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:544)
at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:825)
at org.apache.catalina.startup.HostConfig.deployWARs(HostConfig.java:714)
at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:490)
at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1138)
at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:120)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1022)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:736)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1014)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
at org.apache.catalina.core.StandardService.start(StandardService.java:448)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:700)
at org.apache.catalina.startup.Catalina.start(Catalina.java:552)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)
23:25:11,703 ERROR [app.servlet.KerberosAuthenticationFilter] HTTP Kerberos web filter error
javax.security.auth.login.LoginException: null (68)
at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:652)
at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:512)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at org.alfresco.web.app.servlet.KerberosAuthenticationFilter.init(KerberosAuthenticationFilter.java:366)
at org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilterConfig.java:221)
at org.apache.catalina.core.ApplicationFilterConfig.setFilterDef(ApplicationFilterConfig.java:302)
at org.apache.catalina.core.ApplicationFilterConfig.<init>(ApplicationFilterConfig.java:78)
at org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:3635)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:4222)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:760)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:740)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:544)
at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:825)
at org.apache.catalina.startup.HostConfig.deployWARs(HostConfig.java:714)
at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:490)
at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1138)
at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:120)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1022)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:736)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1014)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
at org.apache.catalina.core.StandardService.start(StandardService.java:448)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:700)
at org.apache.catalina.startup.Catalina.start(Catalina.java:552)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)
Caused by: KrbException: null (68)
at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:64)
at sun.security.krb5.KrbAsReq.getReply(KrbAsReq.java:345)
at sun.security.krb5.Credentials.acquireTGT(Credentials.java:370)
at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:642)
… 39 more
Caused by: KrbException: Identifier doesn't match expected value (906)
at sun.security.krb5.internal.KDCRep.init(KDCRep.java:133)
at sun.security.krb5.internal.ASRep.init(ASRep.java:58)
at sun.security.krb5.internal.ASRep.<init>(ASRep.java:53)
at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:50)
… 42 more
23:25:11,953 ERROR [[Catalina].[localhost].[/alfresco]] Exception starting filter Authentication Filter
javax.servlet.ServletException: Failed to login HTTP server service
at org.alfresco.web.app.servlet.KerberosAuthenticationFilter.init(KerberosAuthenticationFilter.java:380)
at org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilterConfig.java:221)
at org.apache.catalina.core.ApplicationFilterConfig.setFilterDef(ApplicationFilterConfig.java:302)
at org.apache.catalina.core.ApplicationFilterConfig.<init>(ApplicationFilterConfig.java:78)
at org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:3635)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:4222)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:760)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:740)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:544)
at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:825)
at org.apache.catalina.startup.HostConfig.deployWARs(HostConfig.java:714)
at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:490)
at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1138)
at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:120)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1022)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:736)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1014)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
at org.apache.catalina.core.StandardService.start(StandardService.java:448)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:700)
at org.apache.catalina.startup.Catalina.start(Catalina.java:552)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)
2008.09.19. 23:25:12 org.apache.catalina.core.StandardContext start
SEVERE: Error filterStart
2008.09.19. 23:25:12 org.apache.catalina.core.StandardContext start
SEVERE: Context [/alfresco] startup failed due to previous errors
——————————————-
Please somebody help me finding out the solution!
Labels:
- Labels:
-
Archive
14 REPLIES 14
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-05-2008 09:46 AM
Is there any news for this problem? I am receiving the same stacktrace when I try to login…
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-06-2009 12:34 PM
Not at all. I've been fighting with this issue for 2 weeks and gave up. Now I'm waiting for somebody from Alfresco to come in and to suggest a solution. Obviously they are not so eager to help. Which makes me draw conclusions about the product and the support.
Has your issue been resolved? If so, how? What configurations were necessary?
Are you now able to login to the Alfresco Web Interface via single sign-on AND map a network drive to the Alfresco CIFS server?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-07-2009 01:54 AM
Well, SSO/Kerberos is not a fairytale, it can work, and the supportguys/girls from alfresco where assistive enough though in the end it boils down to providing the right data.
We used Alf 2.2.1E, a win2k3 server with AD and a RHEL5 server with alfresco (not part of an AD domain), and XP domain-clients with FF and IE and windows explorer.
Actually followed the manual (the wiki page http://wiki.alfresco.com/wiki/Configuring_the_CIFS_and_web_servers_for_Kerberos/AD_integration) to the letter.
We ended up using the CIFS\principal (without domainname) in the file-server configuration file (the only difference to the wikipage).
We did use wireshark en kerberos utilities to figure out frequently were we where heading and what was working and what not, what kerberos handshakes were being made.
Depending on the type of networklease / static ip of the linuxserver , we also had issues using FQDN or short names, which of course influenced SSO/Kerberos working or not.
We used Alf 2.2.1E, a win2k3 server with AD and a RHEL5 server with alfresco (not part of an AD domain), and XP domain-clients with FF and IE and windows explorer.
Actually followed the manual (the wiki page http://wiki.alfresco.com/wiki/Configuring_the_CIFS_and_web_servers_for_Kerberos/AD_integration) to the letter.
We ended up using the CIFS\principal (without domainname) in the file-server configuration file (the only difference to the wikipage).
We did use wireshark en kerberos utilities to figure out frequently were we where heading and what was working and what not, what kerberos handshakes were being made.
Depending on the type of networklease / static ip of the linuxserver , we also had issues using FQDN or short names, which of course influenced SSO/Kerberos working or not.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-13-2009 10:25 AM
We ended up using the CIFS\principal (without domainname) in the file-server configuration file (the only difference to the wikipage).
Hi,
could you please post the config?
You're talking about the fiel file-servers.xml, the "Filesystem Security"-part, right?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-13-2009 03:42 PM
I have started a thread that I hope to eventually turn into a AlfrescoWiki page for how to configure Active Directory authentication for both CIFS and the Web Interface in Alfresco Labs 3c.
Please see my thread:
[ERROR]Alfresco Engineers: CIFS auth does not work. Sugg?
Please come join in the discussion, or at least subscribe to the thread. I want to try to get everyone having these types of issues into the thread so that we can get a large collection of experiences and configurations.
We WILL find the answer for how to enable Active Directory authentication with CIFS in Alfresco!!
Please see my thread:
[ERROR]Alfresco Engineers: CIFS auth does not work. Sugg?
Please come join in the discussion, or at least subscribe to the thread. I want to try to get everyone having these types of issues into the thread so that we can get a large collection of experiences and configurations.
We WILL find the answer for how to enable Active Directory authentication with CIFS in Alfresco!!
Getting started
Tags
Find what you came for
We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.
