Typical, we had SSO (Windows AD, OpenFire 3.3.1, Spark 2.5.6, Win XP SP2) working fine for approx 30 users and yesterday suffered a catastrophic server crash. This wiped out the database and application (all on the same server) Luckily everything was backed up so I did the following:
old server: athena.emedia.co.uk, Win2003 Sp1, 4GB RAM,
new server: vm-athena.emedia.co.uk, Win2003 R2, 1Gb RAM
Built new server running, MS SQL 2000 sp4, restored program files\openfire folder, re-installed openfire service, restored database.
Restarted the app. First thing I noticed was that it detected the server name as 127.0.0.1 within OpenFire, set this to emedia.co.uk and all seemed fine. I then noticed all my groups had gone (weren’t they supposed to be in the database?) I recreated all the server side shared groups.
I was then able to manually log in using Spark with no other changes. However I could not log in via SSO.
OpenFire pulls all our users from Active Directory and about 3 months ago we got SSO working (after some pain)
I’ve now gone back through our SSO settings and followed the HowTo on this site but get the error: “Not Authorized” from Spark logs when trying to log in using SSO
I have copied the old AD user xmpp-athena to xmpp-vm-athena and set a new password
I have created a new jabber.keytab file using the command line:
ktpass -princ xmpp/vm-athena.emedia.co.uk@EMEDIA.CO.UK /mapuser xmpp-vm-athena -pass password -out jabber.keytab
all the DNS svr records pointed to im.emedia.co.uk which is a CNAME for vm-athena.emedia.co.uk, for good measure I’ve added a CNAME for the old server to point to the new server.
I have updated the GSSAPI.CONF file with the new principal details, as far as I can see I don’t think anything else needs to change.
What have I missed?
thanks
Steve
XMPPConnection.as (28800 Bytes)