Hi All,
Anyone out there can give me some help on this?
When I try to use SSO with spark2.5.4 and openfire 3.3.2, I encounter some problems. The problem is. that when I use a network sniffer, I found the KDC reply the client (spark) with a krb5kdc_err_s_principal_unknown.
Here is the basic description of my settings. More details can be provided upon your request.
KDC/AD and openfire on the same server. The server name is zeus. I did setup the reverse lookup, so the IP address can be resolved to zeus with nslookup.
I’ve created an account with the ID xmpp-zeus and used ktpass to map it.
I’ve added a spn with setspn -A zeus. When I tried setspn -L zeus, I see xmpp/zeus.domain in the list. (actually, I don’t understand this step, because I was given this error, so I tried whatever possible.)
The openfire.xml and gss.conf, I followed the “Configure kerberos for openfire” article.
When I do a klist of Microsoft resource tools, I see krbtgt/zeus, ldapzeus, host/zeus, but I don’t see xmpp/zeus, I don’t know whether this indicates that there’s a problem?
I presume that the encryption type things are not related to my problem (not yet). am I right.
There is another thing very strange is that for a while, I managed to get through this, but later this problem appears again next day.
I did the allowtgtsessionkey too. ( I presumed it should be configured on the openfire machine, right?) For the xmpp.fqdn, I don’t know how to change it, I login to the admin console, change the server setting properties. So in the xml packets, I did saw the from=“zeus.domain”.
Anything I missed out? Any help would be highly appreciated. Thanks.