Hi to all.
I followed some guide on this forum, but i can’t get SSO working with the following configuration:
-
Openfire 4.0.2 on ubuntu 14.04 with JDK 1.8.0_77
-
Active Directory on a Win2008R2 server with 2008 compatibility
-
Miranda Client on a Win10 64bit
I started with this
Openfire: Enable Single Sign On (SSO) on Linux - Spiceworks
and readed on and on througout this forum.
Those are my configuration files:
# cat /etc/krb5.conf
[libdefaults] default_realm = TSDN.AD dsn_lookup_realm = true dns_lookup_kdc = true rdns = false [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [appdefaults] pam = {
debug = true
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
validate = true
}
# cat /etc/samba/smb.conf
[global]
workgroup = TSDN
security = ads
realm = TSDN.AD
kerberos method = secrets and keytab
password server = win2k8.tsdn.ad
# cat /etc/openfire/gss.conf
com.sun.security.jgss.accept {
com.sun.security.auth.module.Krb5LoginModule
required
storeKey=true
keyTab="/etc/openfire/krb5.xmpp.keytab"
doNotPrompt=true
useKeyTab=true
realm="TSDN.AD"
principal="xmpp/vm-gestsdn.tsdn.ad@TSDN.AD"
debug=true
isInitiator=false;
};
Content of /etc/openfire/krb5.xmpp.keytab
ktutil: rkt /etc/openfire/krb5.xmpp.keytab ktutil: l
slot KVNO Principal
---- ---- ---------------------------------------------------------------------
1 3 xmpp/vm-gestsdn.tsdn.ad@TSDN.AD
2 3 xmpp/vm-gestsdn.tsdn.ad@TSDN.AD
3 3 xmpp/vm-gestsdn.tsdn.ad@TSDN.AD
4 3 xmpp/vm-gestsdn.tsdn.ad@TSDN.AD
5 3 xmpp/vm-gestsdn.tsdn.ad@TSDN.AD
On Active Directory Server :
C:\>setspn -l tsdnservices
Registered ServicePrincipalNames for CN=TSDN Services,CN=Users,DC=tsdn,DC=ad:
xmpp/vm-gestsdn.tsdn.ad
If i try to login with username and password from a linux desktop (using pidgin) there’s no problem.
Then i try with Miranda, the client I use in my office, on a Win10 machine.
If I try to connect with username and password, no problem.
Then I configured it with :
Use Domain Login: checked Domain / Server: vm-gestsdn.tsdn.ad
And it doesn’t work.
I can see in XML Console that miranda try GSSAPI auth:
<auth mechanism="GSSAPI">SOME VERY LONG STRING</auth>
but the server respond with a
This is the log on the server:
2016.04.14 17:15:46 INFO [socket_c2s-thread-2]: org.jivesoftware.openfire.net.SASLAuthentication - User Login Failed. Failure to initialize security context
Where i have to break my head to try to solve this problem?
I think it’s Kerberos that doesn’t work, but how can i proceed?
Thanks a lot to everyone!
Updated style and syntax highlight