RE: Error while authenticating using mod_auth_kerb module - Kerberos

This is a discussion on RE: Error while authenticating using mod_auth_kerb module - Kerberos ; Hi all, I have been able to authenticate the user based on the credentials provided but still not able to resolve the issue of NTLM based token from the browser. Following is the error message from apache web server for ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: RE: Error while authenticating using mod_auth_kerb module

  1. RE: Error while authenticating using mod_auth_kerb module

    Hi all,


    I have been able to authenticate the user based on the credentials provided
    but still not able to resolve the issue of NTLM based token from the
    browser.
    Following is the error message from apache web server for token processing
    Warning: received token seems to be NTLM, which isn't supported by the
    Kerberos module. Check your IE configuration.

    I tried with IE as well as MOzilla browser.
    I followed the respective configuration for IE and Mozilla but still not
    able to get the Kerberos token.

    It seems that there must be some configuration for the windows machine to
    send kerberos token instead of NTLM.

    Could someone please let me know the required configuration to fetch
    kerberos based token from the browser?

    Thanks,
    Vijay


    -----Original Message-----
    From: Vijay Jain [mailto:vijay_jain@persistent.co.in]
    Sent: Thursday, May 10, 2007 10:28 PM
    To: Gopalan, Sriram; kerberos@mit.edu
    Subject: RE: Error while authenticating using mod_auth_kerb module


    Hi Sriram,

    I am obliged by your eagerness to help me resolve my issue. Thank you very
    much.

    Please find attached mod_auth_kerb configuration doc containing the
    configuration details for the AD server and apache web server configuration.

    The document contains
    1) Snap shots of KERBTRAY.EXE
    2) APACHE error logs
    3) /etc/krb5.conf
    4) httpd.conf configuration for mod_auth_kerb
    5) ktpass.exe input paramters
    6) kinit command output etc..


    Please provide feedback, if any.

    Thanks,
    Vijay

    -----Original Message-----
    From: Gopalan, Sriram [mailto:sgopalan@etrade.com]
    Sent: Thursday, May 10, 2007 12:57 AM
    To: vijay_jain@persistent.co.in; kerberos@mit.edu
    Subject: RE: Error while authenticating using mod_auth_kerb module


    It should not be getting into basic auth. Still it should authenticate
    in basic mode, unless you type wrong password.
    So most likely it might be the issue with your httpd.conf or kerb5.conf.


    --Sriram

    -----Original Message-----
    From: kerberos-bounces@mit.edu [mailto:kerberos-bounces@mit.edu] On
    Behalf Of vijay_jain@persistent.co.in
    Sent: Wednesday, May 09, 2007 8:57 AM
    To: kerberos@mit.edu
    Subject: Error while authenticating using mod_auth_kerb module

    Hi All,

    I am using mod_auth_kerb module on Apache web server to authenitcate
    user based on the Windows login.

    The token based authentication is not sucessful and am getting
    "authorization required" message after providing credentials through
    pop-up three times.
    Basically teh issue is with the token povied by IE. It is NTLM instead
    of kerberos token.

    I googled on net and found the the issue is with IE settings.
    I followed the *resolutions* mentioned at the following link

    http://technet2.microsoft.com/window...1dce1-4ea8-4b4
    f-a9c1-23926ab6e8dd1033.mspx?mfr=true

    i.e enabling IWA through browser.
    Adding site to intranet list
    Disabling proxies

    But still not able to get Kerberos token from IE


    Following is the message in Apache log
    Warning: received token seems to be NTLM, which isn't supported by the
    Kerberos module. Check your IE configuration.


    Can someone help me resolve the issue?

    Thanks,
    Vijay

    DISCLAIMER
    ==========
    This e-mail may contain privileged and confidential information which is
    the property of Persistent Systems Pvt. Ltd. It is intended only for the
    use of the individual or entity to which it is addressed. If you are not
    the intended recipient, you are not authorized to read, retain, copy,
    print, distribute or use this message. If you have received this
    communication in error, please notify the sender and delete all copies
    of this message. Persistent Systems Pvt. Ltd. does not accept any
    liability for virus infected mails.
    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


    DISCLAIMER
    ==========
    This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails.
    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


  2. Re: Error while authenticating using mod_auth_kerb module

    On Fri, 11 May 2007 19:31:06 +0530
    "Vijay Jain" wrote:

    > Hi all,
    >
    >
    > I have been able to authenticate the user based on the credentials provided
    > but still not able to resolve the issue of NTLM based token from the
    > browser.
    > Following is the error message from apache web server for token processing
    > Warning: received token seems to be NTLM, which isn't supported by the
    > Kerberos module. Check your IE configuration.
    >
    > I tried with IE as well as MOzilla browser.
    > I followed the respective configuration for IE and Mozilla but still not
    > able to get the Kerberos token.
    >
    > It seems that there must be some configuration for the windows machine to
    > send kerberos token instead of NTLM.
    >
    > Could someone please let me know the required configuration to fetch
    > kerberos based token from the browser?


    Look at Issues 3 and 5 in the Possible Issues section of the following
    document:

    http://www.ioplex.com/d/Plexcel_Operators_Manual.pdf

    Note: Our product is not related to mod_auth_kerb but the protocol and
    client configuration is the same.

    Mike

    --
    Michael B Allen
    PHP Active Directory Kerberos SSO
    http://www.ioplex.com/
    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


  3. Re: Error while authenticating using mod_auth_kerb module

    Hi Vijay and Sriram,

    Client configuration and the service account all *looks* good.

    Now reboot the client and try again.

    If you ever get the Windows "Network Password Dialog" DO NOT enter
    anything into it. IE will remember the credentials and try to do NTLM
    for the remainder of your logon session.

    Get kerbtray.exe from the Resource Kit Tools package
    from MS' website and see if you're getting a ticket for
    HTTP/ps0749.persistent.co.in@OBPS0450.PERSISTENT.CO.IN.

    Also, your web server is in persistent.co.in domain but the HTTP service
    account was created in the child domain obps0450.persistent.co.in. Is
    there any reason why you did that? It should still work if there's a
    sufficient trust between the two domains but that might be related to
    your problem.

    Mike
    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


+ Reply to Thread