no sorry i haven’t. i’ve got as far as running wireshark now - i can see the kerberos conversation going back and forth between the client and the server. what i haven’t been able to capture or identify is the openfire server itself talking to to the DC…
i feel i’m soooooo close to cracking this which is why its so frustrating.
Hi Speedy - thanks for taking the time to write the guide in the first place
the ldap all works fine and i’ve checked all the basic things.
i’ve even run some wireshark packet sniffing to try to watch what is going on - i can see the kerberos negotiation but i can’t tell at that level what the issue is. All i get in the logs are the errors i posted originally - i’m hoping someone can shed some light on what they mean? surely the spark debug log means that the negotiation has taken place, but something on the openfire server is not correct. is there no further logging that can be turned up on the openfire server?
my conf files are below but i dont think there is a problem with them…
try creating a new keytab file. use this command on your dc. This keytab file will not pass the kinit java test…so don’t worry about it, however try it in your resource folder anyway.
I found the problem here - once you have run the ktpass on the DC and set the password you then CANNOT log onto the domain as that account with the password you supplied in the ktpass command!
{input password you set with ktpass command earlier}
you get the error:
Exception: krb_error 0 Checksum failed No error
KrbException: Checksum failed…etc…
That originally made me think ok i’ll reset the password for the user account in AD (as i read that in another post). So i reset it back (to the password a choose for the ktpass command) and re-ran the above kinit command. The command now works! The trouble is by resetting the user account password AFTER you have run the ktpass command breaks the openfire authentication!! you then have to re-run the ktpass on the DC and copy back to the openfire server.
my test client is logging on like a charm - i’ll try this at work tomorrow to confirm all is now working as expected and report back… for those still struggling - don’t give up hope!
I have it working! As of yesturday! I will document how i did it with Windows 7 64-bit and Server 2008 R2 today and post back for everyone to see. It was a combination of Speedy’s and Slushpuppies guides as well as some of my own knowledge. I can see it is straight forward now but before I was lik st, fk, just work! Very happy!
Btw, i have posted your document here http://community.igniterealtime.org/docs/DOC-2706 I haven’t tried it, but it looks well written. Thanks for sharing. If you update your guide, you can change the attachment on that DOC.