I tried havign all of this in the xml file but in the logs it told me not to use that and to put them in the properties.
On the client anyone can log in if they type in their username (First Initial Last Name) and their AD password. While trying to get this working I have successfully broken fastpath and can’t seem to fix it either although I havn’t spent much time trying that as SSO is more important right now.
Same here…I am at a loss…I have tried everything andstill get the “Please check your principal and serversettings”. Very frustrating…can someone please shed light onthis…I also have a thread that I opend in may… http://community.igniterealtime.org/message/212953#212953
I have made some progress now. I have made it to the point of getting Checksum failed !
This is what I get when using the windows generated keytab:
Debug is true storeKey true useTicketCache false useKeyTab true doNotPrompt true ticketCache is null isInitiator false KeyTab is C:/Program Files (x86)/Openfire/resources/xmpp.keytab refreshKrb5Config is false principal is xmpp/gfim.georgefern.local@GEORGEFERN.LOCAL tryFirstPass is false useFirstPass is false storePass is false clearPass is false
principal’s key obtained from the keytab
principal is xmpp/gfim.georgefern.local@GEORGEFERN.LOCAL
EncryptionKey: keyType=23 keyBytes (hex dump)=0000: 4B 25 66 E2 91 D4 BC AE 86 A1 7B 90 76 5C 6F 31 K%f…v\o1
Added server’s keyKerberos Principal xmpp/gfim.georgefern.local@GEORGEFERN.LOCALKey Version 2key EncryptionKey: keyType=23 keyBytes (hex dump)=
0000: 4B 25 66 E2 91 D4 BC AE 86 A1 7B 90 76 5C 6F 31 K%f…v\o1
[Krb5LoginModule] added Krb5Principal xmpp/gfim.georgefern.local@GEORGEFERN.LOCAL to Subject
Commit Succeeded
Checksum failed !
This is what I get when using the java generated keytab:
Debug is true storeKey true useTicketCache false useKeyTab true doNotPrompt true ticketCache is null isInitiator false KeyTab is C:/Program Files (x86)/Openfire/resources/xmpp.keytab refreshKrb5Config is false principal is xmpp/gfim.georgefern.local@GEORGEFERN.LOCAL tryFirstPass is false useFirstPass is false storePass is false clearPass is false
principal’s key obtained from the keytab
principal is xmpp/gfim.georgefern.local@GEORGEFERN.LOCAL
EncryptionKey: keyType=23 keyBytes (hex dump)=0000: 4B 25 66 E2 91 D4 BC AE 86 A1 7B 90 76 5C 6F 31 K%f…v\o1
Added server’s keyKerberos Principal xmpp/gfim.georgefern.local@GEORGEFERN.LOCALKey Version 2key EncryptionKey: keyType=23 keyBytes (hex dump)=
0000: 4B 25 66 E2 91 D4 BC AE 86 A1 7B 90 76 5C 6F 31 K%f…v\o1
[Krb5LoginModule] added Krb5Principal xmpp/gfim.georgefern.local@GEORGEFERN.LOCAL to Subject
Commit Succeeded
Checksum failed !
The diffrence in the Openfire launch window is that with the java file in place all of it is in red and the windows file only Checksum failed ! is in red.
In previous versions I was able to sing in with SSO but when it came time for the user to change the pw in AD (we expire every 90 days) the sso failed. I was never working even though it appeard to be. with the SSO option checked. Let me know if you got it fully working…as I also trived the java key generator (bot ways logged into the PDC ad the domain admin account…
Don’t forget the client side registry key even on win 7. It will fail without it. No need to reboot after inserting it either just restart Spark Client.
I am at a loss…I have tried everything…I went through the doic again…from scratch…tried both the windows and jave keytab files…verified the KRB5.ini on both client/server…still get the Principal error…
Created a domain account xmpp-openfire and assigned it a password and made it part of the domain users group
From a dos prompt in RA the PDC I ran
a. setspn -A xmpp/Jabber.gsprecision.com@GSPRECISION.COM xmpp-openfire
b. ktpass -princ xmpp/``Jabber.gsprecision.com@GSPRECISION.COM`` -mapuser xmpp-openfire@AD_domain.com -pass * -ptype KRB5_NT_PRINCIPAL (using the password that I set for the xmpp-openfire domain user)
c. From the jre6/bin directory on RA
`ktab -k xmpp.keytab -a xmpp/Jabber.gsprecision.com@REALM.COM ``(using the password that I set for the xmpp-openfire domain user)```
Copied the xmpp.keytab to the resources directory on the open fire server
I do not get any error messaged in the listener (which I assume that is the main server window) other than starting Monitoring pluggin…Did I miss something?