I have searched the forums and there appears that there once was a nice “howto” on how to configure SSO on linux in the wiki. As the wiki no longer exist, does anyone know where I can find some documentation to configure SSO on openfire 3.6.4 running on debian with a mysql db and authenticating against W2k3 active directory?
This is also pretty much exactly my setup so I will give some details on what I did, especially since I could never really find a guide to match my setup when I did this. These are my notes and I wrote these while making sure I could reproduce my sso setup.
on debian server install krb5-config and krb5-client and samba (for time syncing)
in the above, debian.f.q.d.n is the fqdn of your linux server. and in my attached files, case does matter.
After that I used the spark.properties on my client machine to replace the existing spark.properties and then started spark up and am able to connect.
I make no guarantees that this will work for you. My openfire server is 3.5.1 and I am running debian etch. for kerberos, time is crucial as is dns entries. so the time on the server should be very close to your dc (thats why I sync it with cron daily). I also couldn’t get this to work when I had multiple dns names pointing to the same machine.
I did not. Its a trivial step beyond this config since I have several other debian servers joined to the domain. Its not needed for this configuration. The keytab is what allows the kerberos authentication to be successful. It has also been said that you should protect that file because of that (ie…don’t just leaving it in random unprotected folders)
Followed your instructions. When I add the entries into the openfire.xml file I am unable to login at all. I don’t think I am editing right. I just pasted everything from your file into mine and then changed the necessary paramaters as my file didn’t look anything like yours.
are you getting any errors in the logs and when you say you can’t login, is that spark and web administration? what version of openfire are you using? I have been playing around with upgrading my environment but haven’t had a real chance to try it. I could give it a try depending on your version.
I am using openfire version 3.6.4. FYI the location of the files on version 3.6.4 on debain are /usr/share/openfire. I believe I installed using the deb package though. What logs are you taking about? Are you talking about logs in the admin console or logs in /var/log. Incidently is that your complete openfire.xml?
my xml was was only additional parts. you need to merge that with yours. if the section exists just modify it. I was talking about the openfire logs, I am guessing /usr/share/openfire/logs ? and like I said above my configs are from 3.5.1 and I haven’t tested it above that
I apologize for not getting back sooner. I don’t see anything in the logs that would indicate a problem. Have you had a chance to try this on openfire 3.6.4?