07-17-2014 02:50 AM
2014-07-17 09:48:03,169 DEBUG [app.servlet.KerberosAuthenticationFilter] [http-bio-8080-exec-2] New Kerberos auth request from 192.168.9.2 (192.168.9.2:50938)
2014-07-17 09:48:03,169 DEBUG [app.servlet.KerberosAuthenticationFilter] [http-bio-8080-exec-2] Issuing login challenge to browser.
2014-07-17 09:48:03,216 ERROR [org.alfresco.fileserver] [http-bio-8080-exec-3] Error from JLAN
GSSException: Failure unspecified at GSS-API level (Mechanism level: Checksum failed)
….
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:722)
Caused by: KrbException: Checksum failed
at sun.security.krb5.internal.crypto.ArcFourHmacEType.decrypt(ArcFourHmacEType.java:102)
at sun.security.krb5.internal.crypto.ArcFourHmacEType.decrypt(ArcFourHmacEType.java:94)
at sun.security.krb5.EncryptedData.decrypt(EncryptedData.java:177)
at sun.security.krb5.KrbApReq.authenticate(KrbApReq.java:278)
at sun.security.krb5.KrbApReq.<init>(KrbApReq.java:144)
at sun.security.jgss.krb5.InitSecContextToken.<init>(InitSecContextToken.java:108)
at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:771)
… 36 more
Caused by: java.security.GeneralSecurityException: Checksum failed
at sun.security.krb5.internal.crypto.dk.ArcFourCrypto.decrypt(ArcFourCrypto.java:408)
at sun.security.krb5.internal.crypto.ArcFourHmac.decrypt(ArcFourHmac.java:91)
at sun.security.krb5.internal.crypto.ArcFourHmacEType.decrypt(ArcFourHmacEType.java:100)
… 42 more
2014-07-17 09:48:03,217 DEBUG [app.servlet.KerberosAuthenticationFilter] [http-bio-8080-exec-3] No SPNEGO response, Kerberos logon failed
2014-07-17 09:48:03,218 DEBUG [app.servlet.KerberosAuthenticationFilter] [http-bio-8080-exec-3] Failed SPNEGO authentication.
2014-07-17 09:48:03,218 DEBUG [app.servlet.KerberosAuthenticationFilter] [http-bio-8080-exec-3] Clearing session.
2014-07-17 09:48:03,218 DEBUG [app.servlet.KerberosAuthenticationFilter] [http-bio-8080-exec-3] Issuing login challenge to browser.
2014-07-17 09:48:03,267 DEBUG [app.servlet.KerberosAuthenticationFilter] [http-bio-8080-exec-4] Login page requested, chaining …
root@gateway:~# cat /etc/nginx/conf.d-backup/alfresco.conf
proxy_cache_path /var/cache/nginx/alfresco levels=1 keys_zone=alfrescocache:256m max_size=512m inactive=1440m;
upstream alfresco {
server alfresco-prd.company.local:8080;
}
upstream sharepoint {
server alfresco-prd.company.local:7071;
}
server {
listen 80 ;
server_name portal.company.ru www.portal.company.ru
server_name_in_redirect off;
rewrite ^ https://$host$request_uri? permanent;
}
server {
listen 443 ssl;
server_name portal.company.ru www.portal.company.ru;
root /etc/nginx/conf.d/alfresco;
index index.html index.htm;
rewrite ^/$ /share;
ssl on;
ssl_certificate /etc/nginx/conf.d/alfresco/alfserver.crt;
ssl_certificate_key /etc/nginx/conf.d/alfresco/alfserver.key;
location /robots.txt {
alias /etc/nginx/conf.d/alfresco/robots.txt;
}
location / {
try_files $uri $uri/ /index.html;
}
error_page 502 503 504 /maintenance.html;
location = /maintenance.html {
root /etc/nginx/conf.d/alfresco;
}
location /alfresco {
client_max_body_size 0;
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_pass http://alfresco;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Server $host;
}
location /share {
client_max_body_size 0;
proxy_http_version 1.1;
proxy_pass http://alfresco;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Server $host;
}
location /share/proxy/alfresco {
client_max_body_size 0;
proxy_http_version 1.1;
proxy_pass http://alfresco;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-Server $host;
proxy_intercept_errors on;
error_page 502 503 504 =401 /maintenance.html;
}
location /share/res/ {
proxy_http_version 1.1;
proxy_pass http://alfresco;
proxy_set_header Host $http_host;
proxy_cache alfrescocache;
proxy_cache_min_uses 1;
proxy_cache_valid 200 302 1440m;
proxy_cache_valid 404 1m;
proxy_cache_use_stale updating error timeout invalid_header http_500 http_502 http_503 http_504;
}
}
server {
listen 7070 ssl;
server_name portal.company.ru;
ssl on;
ssl_certificate /etc/nginx/conf.d/alfresco/alfserver.crt;
ssl_certificate_key /etc/nginx/conf.d/alfresco/alfserver.key;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
client_max_body_size 0;
proxy_http_version 1.1;
proxy_buffering off;
proxy_pass http://sharepoint;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-Server $host;
}
}
09-19-2014 02:42 AM
10-07-2014 02:20 AM
10-15-2014 12:32 PM
10-17-2014 01:44 AM
<VirtualHost *:80>
ServerName test.company.ru
ServerAlias www.test.company.ru
Redirect / https://test.company.ru/share
</VirtualHost>
<virtualhost *:443>
ServerName test.company.ru
ServerAlias www.test.company.ru
SSLEngine On
SSLCertificateFile /etc/apache2/cert/test.company.ru.crt
SSLCertificateKeyFile /etc/apache2/cert/test.company.ru.key
SSLCACertificateFile /etc/apache2/cert/SSL123_CA_Bundle.pem
ErrorDocument 503 "/custom_errors/maintenance.html"
RedirectMatch ^/$ /share/
jkMount /alfresco ajp13_worker
jkMount /alfresco/* ajp13_worker
jkMount /share ajp13_worker
jkMount /share/* ajp13_worker
Tags
Find what you came for
We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.