Login using VAS only possible with userid in capital letters

August 30, 2013, 9:15 am

≫ Next: Configuring VSJ for multiple domains for a web/stand alone JAVA client.

Hi,

I have pretty new to VAS and we have an issue on one system where we are only able to log in using our userid in capital letters. On other systems we are perfectly able to login in using small cap.

Is this a config I can change or is this a known issue?

Thanks,

↧

Configuring VSJ for multiple domains for a web/stand alone JAVA client.

February 7, 2012, 2:28 am

≫ Next: NFSv4 with KRB5 via VAS on Linux

≪ Previous: Login using VAS only possible with userid in capital letters

Back Ground:

We have an existing Kerberos utility (developed using sun GSS API), which can be used by either web application/a standalone java based application to accept service ticket for a specific service or delegate GSS credentials to fetch a service ticket for another service.

Requirement:

Since our utility was developed using sun GSS API, it only works if all the services exists in single domain as the sun GSS API cannot understand reference tickets generated for cross domain authentication.

We now have a plan to develop this utility that allows to communicate services exist in multiple domains, for this purpose we are planning to use VSJ. We still wanted the client remain the same(either web application or a standalone application) for this utility.

1. Is there a way to integrate VSJ with the existing Kerberos utility(just by providing the VSJ security provider), so that without changing the existing utility code the cross domain authentication is successful?

2. If step1 is not possible, What configuration steps/additional VSJ APIs need to be used to achieve cross functionality. If any specific guide/documentation/any pointers available please point me to the same.

Thanks,
Naga

↧

NFSv4 with KRB5 via VAS on Linux

July 7, 2010, 2:13 pm

≫ Next: QAS , NFS, KRB5, SSH

≪ Previous: Configuring VSJ for multiple domains for a web/stand alone JAVA client.

I've followed the the Solaris guide "http://rc.quest.com/topics/howto/nfs/solaris.php".

I've got two hosts nfsserver.domain.com and nfsclient.domain.com. Both running RHEL5.5 x86_64.

I've exported my volumes like so:

/data *(sec=krb5,rw,insecure,sync,wdelay,no_subtree_check,fsid=0)
/data/homes *(sec=krb5,rw,insecure,sync,wdelay,no_subtree_check,nohide,anonuid=65534,anongid=65534)
/data/shares *(sec=krb5,rw,insecure,sync,wdelay,no_subtree_check,nohide,anonuid=65534,anongid=65534)

I can mount them if I remove the krb5 option, so I know the syntax is correct.

here are my SPNs:

NFS Client:
nfs/nfsclient.domain.com
host/nfsclient.domain.com

NFS Server:
nfs/nfsserver.domain.com
host/nfsserver.domin.com

here are my UPNs:

for nfsserver.domain.com
nfs/nfsserver.domain.com@DOMAIN.COM

for nfsclient.domain.com
nfs/nfsclient.domain.com@DOMAIN.COM

I've symlinked vas.conf with krb5.conf and host.keytab with krb5.keytab.

rpc.gssd sees a valid ticket:
Credentials in CC 'MEMORY:/tmp/krb5cc_machine_DOMAIN.COM' are good until 1278569005

rpc.idmapd logging shows it detects domain.com as its domain, however I'm not getting any mapping. rpc.gssd logging in /var/log/messages shows the following whenever a user attempts to mount the export:

Jul 7 13:40:01 nfsclient rpc.gssd[2310]: rpcsec_gss: gss_init_sec_context: (major) Unspecified GSS failure. Minor code may provide more information - (minor) Unknown code krb5 7
Jul 7 13:40:01 nfsclient rpc.gssd[2310]: WARNING: Failed to create krb5 context for user with uid 0 for server nfsserver.domain.com
Jul 7 13:40:01 nfsclient rpc.gssd[2310]: WARNING: Failed to create krb5 context for user with uid 0 with credentials cache MEMORY:/tmp/krb5cc_machine_DOMAIN.COM for server nfsserver.domain.com
Jul 7 13:40:01 nfsclient rpc.gssd[2310]: WARNING: Failed to create krb5 context for user with uid 0 with any credentials cache for server nfsserver.domain.com

the mount command output is "permission denied".

Any help would be awesome!!!!!!!!!!

↧

QAS , NFS, KRB5, SSH

August 11, 2010, 1:37 pm

≫ Next: Couldn't create pid file /var/run/sshd-quest.pid

≪ Previous: NFSv4 with KRB5 via VAS on Linux

Going back to previous posts where our unix admin has exported the homedirs from our netapp filer with krb security, I have picked back up the lab image, and implemented src=krb5 in the fstab.

Now, when I ssh into the box, I get Could not chdir to home directory /xxxx/mikec: Permission denied

If I do a mount, the box has mounted the export

server:/xxx/xxxx/export/home on /xxxxx type nfs (rw,nosuid,nodev,noatime,sec=krb5,rsize=32768,wsize=32768,intr,tcp,addr=x.x.x.x)

I assume this is because no kinit has been performed, and therefor no valid kerberos credentials exist to get into the home directory?

So, I tried to get credentials :-

mikec@pc:/$ /opt/quest/bin/vastool kinit mikec
Password for mikec@domain:

mikec@pc:/$ /opt/quest/bin/vastool klist
Credentials cache: FILE:/tmp/krb5cc_1672
Principal: mikec@domain

Issued Expires Principal
Aug 11 21:02:05 Aug 12 07:02:05 pc-LNX$@realm
Aug 11 21:06:15 Aug 12 07:06:15 krbtgt/realm@realm

you will see that a ticket was obtained, but when I try and go back into the home directory, it is still denied, even though credentials now exist.

mikec@pc:/$ cd
-bash: cd: /xxxx/mikec: Permission denied

If I do an actual kinit, which I got from the krb5-user package

mikec@pc:/$ kinit
Password for mikec@realm:
kinit: KDC has no support for encryption type while getting initial credentials
mikec@pc:~$ kinit
Password for mikec@realm:

first time the error regarding encryption,second time straight through, and then success

mikec@pc:~$ cd
mikec@pc:~$ pwd
/xxxx/mikec

Any ideas why the vastool kinit is not working but the standard kinit is?

I know I have removed certain personal information regarding domain names etc, but please feel free to ask me to any questions if it helps to offer me a solution, because this seems very strange to me.

↧

Couldn't create pid file /var/run/sshd-quest.pid

August 21, 2012, 7:58 am

≫ Next: wyse T50 problem with key "." layout pt-BR keyboard ABNT2

≪ Previous: QAS , NFS, KRB5, SSH

Hi. Anybody knows what could be the reason for this errot in authlog?
I do not have /var/run on the AIX host. Is that something created on the fly?

↧

wyse T50 problem with key "." layout pt-BR keyboard ABNT2

February 18, 2013, 7:29 am

≫ Next: Integrating system's Samba on Linux host(s) running VAS

≪ Previous: Couldn't create pid file /var/run/sshd-quest.pid

I'm using Wyse T50 with brazilian ABNT2 keyboard(pt-BR) and the key "."(point) in numeric keyboard does work inside rdpclient. It works fine with console and other apps outside rdpclient but not inside. Using rdpclient with parameter --lx-debug helped to get the keycode 0x79 but I do not how to fix it. I installed Remmina/Rdesktop and all the keys works fine, so I guess the problem is with Wyse-rdpclient/RDP.

Any idea?

Thanks in advance

↧

Integrating system's Samba on Linux host(s) running VAS

March 24, 2009, 11:41 am

≫ Next: SSO with native Solaris 10 sshd

≪ Previous: wyse T50 problem with key "." layout pt-BR keyboard ABNT2

Hi,

I'm having some problems integrating the system's (EL5)Samba on a Linux host running VAS; I foundhttps://bugsrc.quest.com/show_bug.cgi?id=655 which reports a problemsimilar to what I'm seeing on the system, the i) SPNEGO login failedand ii) sh: /opt/quest/bin/vasidmap: Permission denied

Has anyone else experienced similar problems or has successfully integrated the system's Samba+VAS? I appreciate your comments.

Thanks in advance,

\\\\\\\\\ specs/info about the env \\\\\\\\\
Host:   <Linux i686>
VAS:    <3.3.2.139>
Domain: <ad.domain.com>
Result: <No tests failed> (06 seconds)

$ /opt/quest/bin/vastool klist
Credentials cache: FILE:/tmp/krb5cc_1050607
        Principal: bip@AD.DOMAIN.COM

Issued           Expires          Principal
Mar 24 11:17:18 Mar 24 21:17:18 GLUON$@AD.DOMAIN.COM
Mar 24 11:41:50 Mar 24 21:17:18 host/test.lan.domain.com@AD.DOMAIN.COM
Mar 24 11:37:36 Mar 24 21:17:18 cifs/sajama.lan.domain.com@AD.DOMAIN.COM
Mar 24 11:33:51 Mar 24 21:17:18 cifs/gluon.lan.domain.com@AD.DOMAIN.COM
Mar 24 11:17:18 Mar 24 21:17:18 krbtgt/AD.DOMAIN.COM@AD.DOMAIN.COM
Mar 24 12:17:37 Mar 24 21:17:18 host/gluon.lan.domain.com@AD.DOMAIN.COM

$ /opt/quest/bin/vasidmap 'ADS\bip'
bip

\\\\\\\\\\ smbclient in debug mode \\\\\\\\
$ smbclient -d5 -k //gluon.lan.domain.com/bip
INFO: Current debug levels:
all: True/5
tdb: False/0
printdrivers: False/0
lanman: False/0
smb: False/0
rpc_parse: False/0
rpc_srv: False/0
rpc_cli: False/0
passdb: False/0
sam: False/0
auth: False/0
winbind: False/0
vfs: False/0
idmap: False/0
quota: False/0
acls: False/0
locking: False/0
msdfs: False/0
dmapi: False/0
lp_load: refreshing parameters
Initialising global parameters
params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
Processing section "[global]"
doing parameter workgroup = ADS
doing parameter realm = ADS.DOMAIN.COM
doing parameter security = ads
doing parameter domain master = no
doing parameter domain logons = no
doing parameter use kerberos keytab = yes
doing parameter machine password timeout = 0
doing parameter obey pam restrictions = yes
doing parameter winbind nested groups = no
doing parameter ldap admin dn = CN=VasIdmapAdmin
doing parameter idmap backend = ldap:ldap://localhost
doing parameter idmap uid = 1-2147483647
doing parameter idmap gid = 1-2147483647
doing parameter idmap cache time = 300
doing parameter winbind use default domain = yes
doing parameter server string = Samba Server on GLUON
doing parameter log level = 3
doing parameter use spnego = yes
doing parameter encrypt passwords = yes
doing parameter preferred master = no
doing parameter local master = no
doing parameter username map script = /opt/quest/bin/vasidmap
doing parameter valid users = bip@ads.domain.com
doing parameter hosts allow = 192.168.3. 127.0.0.1
doing parameter load printers = No
doing parameter show add printer wizard = No
doing parameter disable spoolss = Yes
doing parameter socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192
pm_process() returned Yes
Attempting to register new charset UCS-2LE
Registered charset UCS-2LE
Attempting to register new charset UTF-16LE
Registered charset UTF-16LE
Attempting to register new charset UCS-2BE
Registered charset UCS-2BE
Attempting to register new charset UTF-16BE
Registered charset UTF-16BE
Attempting to register new charset UTF8
Registered charset UTF8
Attempting to register new charset UTF-8
Registered charset UTF-8
Attempting to register new charset ASCII
Registered charset ASCII
Attempting to register new charset 646
Registered charset 646
Attempting to register new charset ISO-8859-1
Registered charset ISO-8859-1
Attempting to register new charset UCS2-HEX
Registered charset UCS2-HEX
Substituting charset 'ISO-8859-1' for LOCALE
Substituting charset 'ISO-8859-1' for LOCALE
Substituting charset 'ISO-8859-1' for LOCALE
Substituting charset 'ISO-8859-1' for LOCALE
Substituting charset 'ISO-8859-1' for LOCALE
Substituting charset 'ISO-8859-1' for LOCALE
Substituting charset 'ISO-8859-1' for LOCALE
Substituting charset 'ISO-8859-1' for LOCALE
Substituting charset 'ISO-8859-1' for LOCALE
Substituting charset 'ISO-8859-1' for LOCALE
Substituting charset 'ISO-8859-1' for LOCALE
Substituting charset 'ISO-8859-1' for LOCALE
Substituting charset 'ISO-8859-1' for LOCALE
Substituting charset 'ISO-8859-1' for LOCALE
Substituting charset 'ISO-8859-1' for LOCALE
Substituting charset 'ISO-8859-1' for LOCALE
Substituting charset 'ISO-8859-1' for LOCALE
Substituting charset 'ISO-8859-1' for LOCALE
Substituting charset 'ISO-8859-1' for LOCALE
Substituting charset 'ISO-8859-1' for LOCALE
Substituting charset 'ISO-8859-1' for LOCALE
Substituting charset 'ISO-8859-1' for LOCALE
Substituting charset 'ISO-8859-1' for LOCALE
Substituting charset 'ISO-8859-1' for LOCALE
added interface ip=192.168.3.3 bcast=192.168.3.255 nmask=255.255.255.0
Netbios name list:-
my_netbios_names[0]="GLUON"
Client started (version 3.0.33-3.7.el5).
Opening cache file at /var/cache/samba/gencache.tdb
tdb(unnamed): tdb_open_ex: could not open file /var/cache/samba/gencache.tdb: Permission denied
gencache_init: Opening cache file /var/cache/samba/gencache.tdb read-only.
sitename_fetch: Returning sitename for ADS.DOMAIN.COM: "Downtown"
no entry for gluon.lan.domain.com#20 found.
resolve_lmhosts: Attempting lmhosts lookup for name gluon.lan.domain.com<0x20>
getlmhostsent: lmhost entry: 127.0.0.1 localhost
resolve_wins: Attempting wins lookup for name gluon.lan.domain.com<0x20>
resolve_wins: WINS server resolution selected and no WINS servers listed.
resolve_hosts: Attempting host lookup for name gluon.lan.domain.com<0x20>
namecache_store: storing 1 address for gluon.lan.domain.com#20: 192.168.3.3:0
Connecting to 192.168.3.3 at port 445
socket option SO_KEEPALIVE = 0
socket option SO_REUSEADDR = 0
socket option SO_BROADCAST = 0
socket option TCP_NODELAY = 1
socket option TCP_KEEPCNT = 9
socket option TCP_KEEPIDLE = 7200
socket option TCP_KEEPINTVL = 75
socket option IPTOS_LOWDELAY = 16
socket option IPTOS_THROUGHPUT = 16
socket option SO_SNDBUF = 16384
socket option SO_RCVBUF = 16384
socket option SO_SNDLOWAT = 1
socket option SO_RCVLOWAT = 1
socket option SO_SNDTIMEO = 0
socket option SO_RCVTIMEO = 0
session request ok
size=185
smb_com=0x72
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=0
smb_pid=7467
smb_uid=0
smb_mid=1
smt_wct=17
smb_vwv[ 0]=    8 (0x8)
smb_vwv[ 1]=12803 (0x3203)
smb_vwv[ 2]= 256 (0x100)
smb_vwv[ 3]= 1024 (0x400)
smb_vwv[ 4]=   65 (0x41)
smb_vwv[ 5]=    0 (0x0)
smb_vwv[ 6]= 256 (0x100)
smb_vwv[ 7]=11264 (0x2C00)
smb_vwv[ 8]=   29 (0x1D)
smb_vwv[ 9]=64768 (0xFD00)
smb_vwv[10]=33011 (0x80F3)
smb_vwv[11]=32896 (0x8080)
smb_vwv[12]=43120 (0xA870)
smb_vwv[13]=42143 (0xA49F)
smb_vwv[14]=51628 (0xC9AC)
smb_vwv[15]=61441 (0xF001)
smb_vwv[16]=    0 (0x0)
smb_bcc=116
size=185
smb_com=0x72
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=0
smb_pid=7467
smb_uid=0
smb_mid=1
smt_wct=17
smb_vwv[ 0]=    8 (0x8)
smb_vwv[ 1]=12803 (0x3203)
smb_vwv[ 2]= 256 (0x100)
smb_vwv[ 3]= 1024 (0x400)
smb_vwv[ 4]=   65 (0x41)
smb_vwv[ 5]=    0 (0x0)
smb_vwv[ 6]= 256 (0x100)
smb_vwv[ 7]=11264 (0x2C00)
smb_vwv[ 8]=   29 (0x1D)
smb_vwv[ 9]=64768 (0xFD00)
smb_vwv[10]=33011 (0x80F3)
smb_vwv[11]=32896 (0x8080)
smb_vwv[12]=43120 (0xA870)
smb_vwv[13]=42143 (0xA49F)
smb_vwv[14]=51628 (0xC9AC)
smb_vwv[15]=61441 (0xF001)
smb_vwv[16]=    0 (0x0)
smb_bcc=116
Doing spnego session setup (blob length=116)
got OID=1 2 840 113554 1 2 2
got OID=1 2 840 48018 1 2 2
got OID=1 3 6 1 4 1 311 2 2 10
got principal=cifs/gluon.lan.domain.com@ADS.DOMAIN.COM
Doing kerberos session setup
ads_cleanup_expired_creds: Ticket in ccache[FILE:/tmp/krb5cc_1050607] expiration Tue, 24 Mar 2009 21:17:18 EDT
size=35
smb_com=0x73
smb_rcls=109
smb_reh=0
smb_err=49152
smb_flg=136
smb_flg2=51201
smb_tid=0
smb_pid=7467
smb_uid=100
smb_mid=2
smt_wct=0
smb_bcc=0
size=35
smb_com=0x73
smb_rcls=109
smb_reh=0
smb_err=49152
smb_flg=136
smb_flg2=51201
smb_tid=0
smb_pid=7467
smb_uid=100
smb_mid=2
smt_wct=0
smb_bcc=0
cli_session_setup_blob: recieve failed (NT_STATUS_LOGON_FAILURE)
SPNEGO login failed: Logon failure
session setup failed: NT_STATUS_LOGON_FAILURE

\\\\\\\\\\\\\\\\\\\ /var/log/samba/smbd.log \\\\\\\\\\\\\\\\\\\\\\\

[2009/03/24 13:19:00, 3] smbd/oplock.c:init_oplocks(863)
init_oplocks: initializing messages.
[2009/03/24 13:19:00, 3] smbd/oplock_linux.c:linux_init_kernel_oplocks(234)
Linux kernel oplocks enabled
[2009/03/24 13:19:01, 3] lib/access.c:check_access(312)
check_access: no hostnames in host allow/deny list.
[2009/03/24 13:19:01, 2] lib/access.c:check_access(323)
Allowed connection from (132.206.35.172)
[2009/03/24 13:19:01, 3] smbd/process.c:process_smb(1069)
Transaction 0 of length 194
[2009/03/24 13:19:01, 3] smbd/process.c:switch_message(927)
switch message SMBnegprot (pid 7468) conn 0x0
[2009/03/24 13:19:01, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/03/24 13:19:01, 3] smbd/negprot.c:reply_negprot(505)
Requested protocol [PC NETWORK PROGRAM 1.0]
[2009/03/24 13:19:01, 3] smbd/negprot.c:reply_negprot(505)
Requested protocol [MICROSOFT NETWORKS 1.03]
[2009/03/24 13:19:01, 3] smbd/negprot.c:reply_negprot(505)
Requested protocol [MICROSOFT NETWORKS 3.0]
[2009/03/24 13:19:01, 3] smbd/negprot.c:reply_negprot(505)
Requested protocol [LANMAN1.0]
[2009/03/24 13:19:01, 3] smbd/negprot.c:reply_negprot(505)
Requested protocol [LM1.2X002]
[2009/03/24 13:19:01, 3] smbd/negprot.c:reply_negprot(505)
Requested protocol [DOS LANMAN2.1]
[2009/03/24 13:19:01, 3] smbd/negprot.c:reply_negprot(505)
Requested protocol [LANMAN2.1]
[2009/03/24 13:19:01, 3] smbd/negprot.c:reply_negprot(505)
Requested protocol [Samba]
[2009/03/24 13:19:01, 3] smbd/negprot.c:reply_nt1(364)
using SPNEGO
[2009/03/24 13:19:01, 3] smbd/negprot.c:reply_negprot(606)
Selected protocol NT LANMAN 1.0
[2009/03/24 13:19:01, 3] smbd/process.c:process_smb(1069)
Transaction 1 of length 2070
[2009/03/24 13:19:01, 3] smbd/process.c:switch_message(927)
switch message SMBsesssetupX (pid 7468) conn 0x0
[2009/03/24 13:19:01, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/03/24 13:19:01, 3] smbd/sesssetup.c:reply_sesssetup_and_X(1256)
wct=12 flg2=0xc801
[2009/03/24 13:19:01, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1038)
Doing spnego session setup
[2009/03/24 13:19:01, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1069)
NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[]
[2009/03/24 13:19:01, 3] smbd/sesssetup.c:reply_spnego_negotiate(697)
reply_spnego_negotiate: Got secblob of size 1930
[2009/03/24 13:19:01, 1] libads/kerberos_verify.c:ads_keytab_verify_ticket(96)
ads_keytab_verify_ticket: krb5_kt_start_seq_get failed (No such file or directory)
[2009/03/24 13:19:01, 3] libads/kerberos_verify.c:ads_keytab_verify_ticket(169)
ads_keytab_verify_ticket: no keytab principals matched expected file service name.
[2009/03/24 13:19:01, 3] smbd/sesssetup.c:reply_spnego_kerberos(321)
Ticket name is [bip@ADS.DOMAIN.COM]
sh: /opt/quest/bin/vasidmap: Permission denied
[2009/03/24 13:19:01, 1] smbd/sesssetup.c:reply_spnego_kerberos(439)
Username ADS\bip is invalid on this system
[2009/03/24 13:19:01, 3] smbd/error.c:error_packet_set(106)
error packet at smbd/sesssetup.c(444) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE
[2009/03/24 13:19:01, 3] smbd/process.c:timeout_processing(1329)
timeout_processing: End of file from client (client has disconnected).
[2009/03/24 13:19:01, 3] smbd/sec_ctx.c:set_sec_ctx(241)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/03/24 13:19:01, 3] smbd/connection.c:yield_connection(69)
Yielding connection to
[2009/03/24 13:19:01, 3] smbd/server.c:exit_server_common(768)
Server exit (normal exit)

↧

SSO with native Solaris 10 sshd

April 8, 2010, 10:55 am

≫ Next: VAS_ERR_DNS: Unable to look up any DNS SRV records for domain

≪ Previous: Integrating system's Samba on Linux host(s) running VAS

Has anybody managed to propertly set this up?
I got everything working except SSO.

Any pointers to docs etc. would be apreciated.

Regards
erwin

↧

VAS_ERR_DNS: Unable to look up any DNS SRV records for domain

September 22, 2008, 4:10 pm

≫ Next: Single Sign-On for Java 7 Not working

≪ Previous: SSO with native Solaris 10 sshd

Hi, I am running AIX5.3 with VAS agent 3.3.1.83. I get an error when running the join command to join the server to AD domain...

It takes a long time to check if the computer is already joined to a domain....and then gives the VAS_ERR_DNS error.

Any one run into this?

"
Checking whether computer is already joined to a domain ... no
ERROR: Could not join to the domain
VAS_ERR_DNS: Unable to look up any DNS SRV records for domain <domain-name>
"

Thanks,
Konti

↧

Single Sign-On for Java 7 Not working

August 26, 2013, 5:36 am

≫ Next: Dragon City Hack Online

≪ Previous: VAS_ERR_DNS: Unable to look up any DNS SRV records for domain

Hi,

We have been using winSSPI.dll on client side from 3.2 package. This dll is not working anymore in JDK 7.

The exception trace as follows :

[DEBUG] Mon Aug 26 14:30:10 CEST 2013 jcsi.kerberos: [init]: OS name = 'Windows 7', version = '6.1'

[DEBUG] Mon Aug 26 14:30:10 CEST 2013 jcsi.kerberos: [init]: isKerberosOS = true, isSessionKeySupported = true

[DEBUG] Mon Aug 26 14:30:10 CEST 2013 jcsi.kerberos: initialize: calling native method ...

[winSSPI.dll] initialize

[winSSPI.dll] initialize: done

[INFO] Mon Aug 26 14:30:10 CEST 2013 jcsi.kerberos: initialize: Successfully initialized Windows SSPI

[DEBUG] Mon Aug 26 14:30:10 CEST 2013 jcsi.kerberos: acquireCredentialsHandle: calling native method ...

[winSSPI.dll] acquireCredentialsHandle

[DEBUG] Mon Aug 26 14:30:10 CEST 2013 jcsi.kerberos: loadCredential: result = 0

Attempting initContext with principal: HTTP/appsec001.gaia.net.intra

initContext failed with principal: HTTP/appsec001.gaia.net.intra error: GSSException: com.dstc.security.kerberos.winSSPI.WinSSPIMechanismFactoryU2S configured by WinSSPIGSS for GSS-API Mechanism Factory cannot be created

Attempting initContext with principal: HOST/appsec001.gaia.net.intra

initContext failed with principal: HOST/appsec001.gaia.net.intra error: GSSException: com.dstc.security.kerberos.winSSPI.WinSSPIMechanismFactoryU2S configured by WinSSPIGSS for GSS-API Mechanism Factory cannot be created

initContext failed with all attempted principals

java.security.PrivilegedActionException: javax.security.auth.login.LoginException: LoginException: java.security.PrivilegedActionException: GSSException: com.dstc.security.kerberos.winSSPI.WinSSPIMechanismFactoryU2S configured by WinSSPIGSS for GSS-API Mechanism Factory cannot be created

at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:373)

at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146)

at weblogic.security.Security.runAs(Security.java:61)

at security.role.TestKerberosEJBCall.main(TestKerberosEJBCall.java:32)

Caused by: javax.security.auth.login.LoginException: LoginException: java.security.PrivilegedActionException: GSSException: com.dstc.security.kerberos.winSSPI.WinSSPIMechanismFactoryU2S configured by WinSSPIGSS for GSS-API Mechanism Factory cannot be created

at com.quest.vsj.weblogic.login.EjbClientKerberosLoginModule.login(EjbClientKerberosLoginModule.java:107)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at java.lang.reflect.Method.invoke(Method.java:606)

at javax.security.auth.login.LoginContext.invoke(LoginContext.java:784)

at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203)

at javax.security.auth.login.LoginContext$4.run(LoginContext.java:698)

at javax.security.auth.login.LoginContext$4.run(LoginContext.java:696)

at java.security.AccessController.doPrivileged(Native Method)

at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:695)

at javax.security.auth.login.LoginContext.login(LoginContext.java:594)

at security.role.TestKerberosEJBCall$1.run(TestKerberosEJBCall.java:35)

at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)

... 3 more

Any ideas if any newer version or patch is supporting both JDK 7 64 & 32 bit ?

Thanks in advance.

↧

Dragon City Hack Online

December 9, 2013, 8:02 am

≫ Next: Protecting a ScriptAlias'ed directory - get "Internal Server Error"

≪ Previous: Single Sign-On for Java 7 Not working

These are the exceptional celebrated mythical beasts that you can breed of dog applying rate three sorts. It will take earnings of 4 times to obtain these individuals. That features 2 days regarding propagation and a pair of times of crosshatch. Preferably, you will want to particular breed of dog the actual collection several multiple times to get one of those dragons. Please Follow this link to Dragon City Hack please click this to Dragon City Hack Online please follow to Dragon City Hack Tool please get online Dragon City Gems Hack please click here to Dragon City Hack For Mac please click here for Dragon City Hack Tool No Survey No Password please follow this link to Dragon City Hack Tool Download please follow to Dragon City Cheats please get here Dragon City Hack No Survey please get online Dragon City iPhone Hack Please Follow this link to Dack Dragon City 2013 On Facebook please click this to Dragon City Hack Gems Coins Food No Survey please follow to How To Hack Dragon City Without Jailbreak please get online Dragon City Cheats Without Jailbreak On iPhone, iPad And Android please click here to Dragon City Hack Gems Generator Download please click here for Dragon City Hack Gold Coins Food Gems please follow this link to Dragon City Cheats Gems Gold And Food Generator Hack Tool please follow to Dragon City Gems Cheats And Hack Free Dragons Tool please get here Dragon Hack Download please follow to Dragon City Hack Tool – Cheat Gems, Gold, Food in Dragon City please click here to Deer Hunter 2014 Hack & Cheats please click here for Deer Hunter 2014 Hack No Survey please follow this link to Deer Hunter 2014 Hack Tool please follow to Deer Hunter 2014 Download Free please get here Deer Hunter 2014 Game Online please follow to Deer Hunter 2014 APK Download

↧

Protecting a ScriptAlias'ed directory - get "Internal Server Error"

April 26, 2007, 2:07 pm

≫ Next: BMC Remedy ARS and Verifone PAYware CMS

≪ Previous: Dragon City Hack Online

Greetings,

I think I've tracked this down to a behavior that only seems to pop up when I'm using mod_auth_vas. I have a cgi-bin directory that I am protecting with a <Location> directive (tried using <Directory> too with the same result):

ScriptAlias "/test/cgi-bin" "/usr/src/test"
<Location "/test/cgi-bin">
    AuthName "Nagios"
    AuthType VAS
    AuthVasUseBasic on
    AuthVasLocalizeRemoteUser on
    Require group "UNIX-Administrators"
</Location>

The result I get is "Internal Server Error" and:

[Thu Apr 26 13:00:09 2007] [error] [client 170.54.111.28] Premature end of script headers: test.cgi

in the error log. When I comment out the <Location> stanza, the test.cgi script works. If I use another auth module, it works. mod_auth_vas works for directories that are not ScriptAliased. I'm stuck at this point. Any ideas?

Thanks.

↧

BMC Remedy ARS and Verifone PAYware CMS

May 7, 2009, 8:22 am

≫ Next: PAM error: PAM unable to dlopen(/lib/security/pam_vas3.so)

≪ Previous: Protecting a ScriptAlias'ed directory - get "Internal Server Error"

Hi Experts,

Do you know if Authentication Services works with BMC Remedy ARS and Verifone PAYware CMS ?

Thanks in Advance,

Eduardo Santi.

↧

PAM error: PAM unable to dlopen(/lib/security/pam_vas3.so)

September 7, 2011, 2:25 am

≫ Next: Problems Compiling MAV on AIX 6.1/XLC/IBMIHS 7.0.0.23

≪ Previous: BMC Remedy ARS and Verifone PAYware CMS

Hello,

In recent days, a server is installed QAS will not let me login.

checking logs in /var/log/messages, the following appears:

Sep 7 9:54:22 mutis2 su: PAM Unable to dlopen (/ lib/security/pam_vas3.so)
Sep 7 9:54:22 mutis2 su: PAM [dlerror: / lib/security/pam_vas3.so: undefined symbol: pam_vas_cleanup_user_state]
Sep 7 9:54:22 mutis2 su: PAM Adding faulty module: / lib/security/pam_vas3.so

With a local user I can login but with a user in Active Directory / LDAP I can't.

I have reinstalled QAS client but the problem persists .

Can anyone help me?

P.D: The server is a Fedora Core 4

↧

Problems Compiling MAV on AIX 6.1/XLC/IBMIHS 7.0.0.23

October 12, 2012, 5:22 am

≫ Next: Alternate way to supply vsj properties

≪ Previous: PAM error: PAM unable to dlopen(/lib/security/pam_vas3.so)

Greetings all.

I am trying to compile MAV 3.6.7 on AIX 6.1/XLC/IBMIHS 7.0.0.23.  I tried using the precompiled 3.6.4 module, but Apache doesn't like that. Here is the output from the configure script:

checking vas_gss.h usability... no
checking vas_gss.h presence... yes
configure: WARNING: vas_gss.h: present but cannot be compiled
configure: WARNING: vas_gss.h:     check for missing prerequisite headers?
configure: WARNING: vas_gss.h: see the Autoconf documentation
configure: WARNING: vas_gss.h:     section "Present But Cannot Be Compiled"
configure: WARNING: vas_gss.h: proceeding with the compiler's result
configure: WARNING:     ## -------------------------------------- ##
configure: WARNING:     ## Report this to David.Leonard@xxxyy.abc ##
configure: WARNING:     ## -------------------------------------- ##
checking for vas_gss.h... no
checking gssapi.h usability... no
checking gssapi.h presence... yes
configure: WARNING: gssapi.h: present but cannot be compiled
configure: WARNING: gssapi.h:     check for missing prerequisite headers?
configure: WARNING: gssapi.h: see the Autoconf documentation
configure: WARNING: gssapi.h:     section "Present But Cannot Be Compiled"
configure: WARNING: gssapi.h: proceeding with the compiler's result
configure: WARNING:     ## -------------------------------------- ##
configure: WARNING:     ## Report this to David.Leonard@xxxyy.abc ##
configure: WARNING:     ## -------------------------------------- ##
checking for gssapi.h... no
checking gssapi_krb5.h usability... no
checking gssapi_krb5.h presence... yes
configure: WARNING: gssapi_krb5.h: present but cannot be compiled
configure: WARNING: gssapi_krb5.h:     check for missing prerequisite headers?
configure: WARNING: gssapi_krb5.h: see the Autoconf documentation
configure: WARNING: gssapi_krb5.h:     section "Present But Cannot Be Compiled"
configure: WARNING: gssapi_krb5.h: proceeding with the compiler's result
configure: WARNING:     ## -------------------------------------- ##
configure: WARNING:     ## Report this to David.Leonard@xxxyy.abc ##
configure: WARNING:     ## -------------------------------------- ##
checking for gssapi_krb5.h... no

The configure script finishes, without error, but the compile fails with this:

/usr/include/unistd.h:924: error: expected ')' before '[' token
/usr/include/unistd.h:925: error: expected declaration specifiers or '...' before 'rid_t'
get.c: In function 'err_gss':
get.c:626: error: expected declaration specifiers before 'OM_uint32'
get.c:629: error: 'OM_uint32' undeclared (first use in this function)
get.c:629: error: (Each undeclared identifier is reported only once
get.c:629: error: for each function it appears in.)
get.c:629: error: expected ';' before 'ctx'
get.c:630: error: 'gss_buffer_desc' undeclared (first use in this function)
get.c:630: error: expected ';' before 'buf'
get.c:631: error: expected ';' before 'emajor'
get.c:635: error: 'emajor' undeclared (first use in this function)
get.c:635: error: 'eminor' undeclared (first use in this function)
get.c:635: error: 'GSS_C_GSS_CODE' undeclared (first use in this function)
get.c:636: error: 'GSS_C_NO_OID' undeclared (first use in this function)
get.c:636: error: 'ctx' undeclared (first use in this function)
get.c:636: error: 'buf' undeclared (first use in this function)
get.c:643: error: 'GSS_C_MECH_CODE' undeclared (first use in this function)
get.c: In function 'get_nego':
get.c:670: error: 'gss_name_t' undeclared (first use in this function)
get.c:670: error: expected ';' before 'target_name'
get.c:671: error: 'OM_uint32' undeclared (first use in this function)
get.c:671: error: expected ';' before 'major'
get.c:672: error: 'gss_ctx_id_t' undeclared (first use in this function)
get.c:672: error: expected ';' before 'gssctx'
get.c:716: error: 'gssctx' undeclared (first use in this function)
get.c:716: error: 'GSS_C_NO_CONTEXT' undeclared (first use in this function)
get.c:745: error: expected ';' before 'ret'
get.c:764: error: 'gss_buffer_desc' undeclared (first use in this function)
get.c:764: error: expected ';' before 'inbuf'
get.c:767: error: 'namebuf' undeclared (first use in this function)
get.c:769: error: 'major' undeclared (first use in this function)
get.c:769: error: 'minor' undeclared (first use in this function)
get.c:770: error: 'GSS_KRB5_NT_PRINCIPAL_NAME' undeclared (first use in this function)
get.c:770: error: 'target_name' undeclared (first use in this function)
get.c:779: error: 'inbuf' undeclared (first use in this function)
get.c:783: error: 'outbuf' undeclared (first use in this function)
get.c:786: error: 'GSS_C_NO_CREDENTIAL' undeclared (first use in this function)
get.c:789: error: 'GSS_C_NO_OID' undeclared (first use in this function)
get.c:791: error: 'GSS_C_INDEFINITE' undeclared (first use in this function)
get.c:792: error: 'GSS_C_NO_CHANNEL_BINDINGS' undeclared (first use in this function)
get.c:813: error: expected ';' before 'inbuf'
get.c:819: error: 'ret' undeclared (first use in this function)
get.c:823: error: 'VAS_GSS_SPNEGO_ENCODING_BASE64' undeclared (first use in this function)
get.c:824: error: 'GSS_C_NO_BUFFER' undeclared (first use in this function)
make[4]: *** [get.o] Error 1
make[4]: Leaving directory `/mnt/mod_auth_vas-3.6.7/test/http-get'
make[3]: *** [all] Error 2
make[3]: Leaving directory `/mnt/mod_auth_vas-3.6.7/test/http-get'
make[2]: *** [all-recursive] Error 1
make[2]: Leaving directory `/mnt/mod_auth_vas-3.6.7/test'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/mnt/mod_auth_vas-3.6.7'
make: *** [all] Error 2

I am using QAS 3.5.2.89.

My last round of compiling MAV was on AIX 5.3/XLC/IBMIHS 6.x, when I had to put a patch in for timeout problems.

Message was edited by: phscott

↧

Alternate way to supply vsj properties

March 4, 2013, 7:48 pm

≫ Next: Account Validation Failed - Rejecting User

≪ Previous: Problems Compiling MAV on AIX 6.1/XLC/IBMIHS 7.0.0.23

We are trying to use the vsj servlet filter in one of the vendor supplied web application, where we can not include vsj-federation.properties file as part of the deployments.
Is there alternate way of providing "fsProxy", "applicationUrl" and "fsCertificate" properties to the filter?

↧

Account Validation Failed - Rejecting User

August 14, 2007, 7:55 am

≫ Next: SPNEGO login failed: No such file or directory

≪ Previous: Alternate way to supply vsj properties

I have installed the quest-samba-3.0.25a_q213 rpm's under fedora core 7, followed the installation instructions running and ran the /opt/quest/bin/vas-samba-config , all worked fine.

# /opt/quest/bin/vas-samba-config
Checking for VAS...
Stopping Samba services...
Checking /etc/opt/quest/samba/smb.conf...
/etc/opt/quest/samba/smb.conf: No changes required
Checking /etc/opt/quest/vas/vas.conf...
/etc/opt/quest/vas/vas.conf: No changes required

Samba can support NTLM (non-Kerberos) authentication for users,
but this requires that the local host password be renewed (set to
a new random string) during installation. Renewing the host
password is a normal operation that is performed periodically
by vasd.

Reset the local host key now for NTLM support? [yes]:

Detecting domain SID...
Renewing the computer account password...
Modified trust account password in secrets database
Join is OK
Starting Samba services...
Starting vasidmapd service:                                [ OK ]
Starting nmbd-quest service:                               [ OK ]
Starting smbd-quest service:                               [ OK ]
Starting winbindd-quest service:                           [ OK ]

Then tried a few things from the 'testing the samba server is properly confgured'

/opt/quest/bin/net rpc testjoin
Join to '###' is OK

/opt/quest/bin/net/ads testjoin
Join is OK

now, all going fine you might say, however ....

when I try and do the smbclient, all I get is smb_pam_accountcheck: PAM: Account Validation Failed - Rejecting User mikec!

I have tried the following

su - mikec
kinit mikec@MY.REALM
/opt/quest/bin/smbclient //leaf.mydomain/mikec -UMYDOMAIN/mikec

cli_session_setup_blob: recieve failed (NT_STATUS_LOGON_FAILURE)
session setup failed: NT_STATUS_LOGON_FAILURE

The error that keeps cropping up in /var/log/messages is

smbd[5910]:   smb_pam_accountcheck: PAM: Account Validation Failed - Rejecting User mikec!

can anyone shed any light?

regards
Mike

↧

SPNEGO login failed: No such file or directory

June 10, 2008, 2:02 pm

≫ Next: FATAL ERROR: Server unexpectedly closed network connection in using Plink

≪ Previous: Account Validation Failed - Rejecting User

When we try and run the smbclient command it fails with the following error.

[root@epicqaapp bin]# nslookup pvalentino

Server: 10.3.1.11

Address: 10.3.1.11#53

Name: pvalentino.ecmc.lan

Address: 10.3.8.64

[root@epicqaapp bin]# nslookup epicqaapp

Server: 10.3.1.11

Address: 10.3.1.11#53

Name: epicqaapp.ecmc.lan

Address: 10.3.17.183

# Do not remove the following line, or various programs

# that require network functionality will fail.

127.0.0.1 localhost.localdomain localhost

10.3.17.183 epicqaapp epicqaapp.ecmc.lan

10.3.17.185 epiclms

10.3.1.10 ecmc_dc7ecmc_dc7.ecmc.lan

10.3.1.11 ecmc_dc8ecmc_dc8.ecmc.lan

10.3.8.64 pvalentinopvalentino.ecmc.lan

Still get logon prompt if valid users stanza is enabled

[root@epicqaapp bin]# ./net ads testjoin

Join is OK

[root@epicqaapp bin]# ./net rpc testjoin

Join to 'ECMC_DOMAIN' is OK

[root@epicqaapp bin]# smbclient -d100 -L epicqaapp

INFO: Current debug levels:

all: True/100

tdb: False/0

printdrivers: False/0

lanman: False/0

smb: False/0

rpc_parse: False/0

rpc_srv: False/0

rpc_cli: False/0

passdb: False/0

sam: False/0

auth: False/0

winbind: False/0

vfs: False/0

idmap: False/0

quota: False/0

acls: False/0

locking: False/0

msdfs: False/0

dmapi: False/0

lp_load: refreshing parameters

Initialising global parameters

params.c:pm_process() - Processing configuration file "/etc/opt/quest/samba/smb.conf"

Processing section "[global]"

doing parameter workgroup = ECMC_DOMAIN

doing parameter server string = EPICQAAPP Samba Server

doing parameter log file = /var/opt/quest/log/samba/%m.log

doing parameter log level = 1

doing parameter max log size = 1000

doing parameter security = ads

doing parameter use spnego = yes

doing parameter use kerberos keytab = yes

doing parameter machine password timeout = 0

doing parameter encrypt passwords = yes

doing parameter domain logons = no

doing parameter domain master = no

doing parameter preferred master = no

doing parameter local master = no

doing parameter socket options = TCP_NODELAY SO_RCVBUF=8192SO_SNDBUF=8192

doing parameter wins server = 10.3.1.10 10.3.1.11

doing parameter realm = ECMC.LAN

doing parameter winbind nested groups = no

doing parameter ldap admin dn = CN=VasIdmapAdmin

doing parameter idmap backend = ldap:ldap://localhost

doing parameter idmap uid = 1-2147483647

doing parameter idmap gid = 1-2147483647

doing parameter idmap cache time = 300 # Expire the tdbcache every 5 minutes

doing parameter obey pam restrictions = yes

pm_process() returned Yes

lp_servicenumber: couldn't find homes

set_server_role: role = ROLE_DOMAIN_MEMBER

Attempting to register new charset UCS-2LE

Registered charset UCS-2LE

Attempting to register new charset UTF-16LE

Registered charset UTF-16LE

Attempting to register new charset UCS-2BE

Registered charset UCS-2BE

Attempting to register new charset UTF-16BE

Registered charset UTF-16BE

Attempting to register new charset UTF8

Registered charset UTF8

Attempting to register new charset UTF-8

Registered charset UTF-8

Attempting to register new charset ASCII

Registered charset ASCII

Attempting to register new charset 646

Registered charset 646

Attempting to register new charset ISO-8859-1

Registered charset ISO-8859-1

Attempting to register new charset UCS2-HEX

Registered charset UCS2-HEX

Substituting charset 'UTF-8' for LOCALE

added interface ip=10.3.17.183 bcast=10.3.17.255nmask=255.255.255.0

added interface ip=10.3.17.184 bcast=10.3.17.255nmask=255.255.255.0

added interface ip=10.3.17.185 bcast=10.3.17.255nmask=255.255.255.0

Netbios name list:-

my_netbios_names[0]="EPICQAAPP"

Client started (version 3.0.28-Quest-291).

Opening cache file at /var/opt/quest/lib/samba/gencache.tdb

Returning valid cache entry: key = AD_SITENAME/DOMAIN/ECMC.LAN,value = Minnesota,timeout = Mon Jan 18 21:14:07 2038

sitename_fetch: Returning sitename for ECMC.LAN: "Minnesota"

internal_resolve_name: looking up epicqaapp#20 (sitename Minnesota)

Returning valid cache entry: key = NBT/EPICQAAPP#20, value =10.3.17.185:0,10.3.17.184:0,10.3.17.183:0, timeout = Tue Jun 10 15:00:51 2008

name epicqaapp#20 found.

Connecting to 10.3.17.185 at port 445

socket option SO_KEEPALIVE = 0

socket option SO_REUSEADDR = 0

socket option SO_BROADCAST = 0

socket option TCP_NODELAY = 1

socket option TCP_KEEPCNT = 9

socket option TCP_KEEPIDLE = 7200

socket option TCP_KEEPINTVL = 75

socket option IPTOS_LOWDELAY = 0

socket option IPTOS_THROUGHPUT = 0

socket option SO_SNDBUF = 16384

socket option SO_RCVBUF = 16384

socket option SO_SNDLOWAT = 1

socket option SO_RCVLOWAT = 1

socket option SO_SNDTIMEO = 0

socket option SO_RCVTIMEO = 0

session request ok

write_socket(5,194)

write_socket(5,194) wrote 194

got smb length of 177

size=177

smb_com=0x72

smb_rcls=0

smb_reh=0

smb_err=0

smb_flg=136

smb_flg2=51201

smb_tid=0

smb_pid=3529

smb_uid=0

smb_mid=1

smt_wct=17

smb_vwv[ 0]= 8 (0x8)

smb_vwv[ 1]=12803 (0x3203)

smb_vwv[ 2]= 256 (0x100)

smb_vwv[ 3]= 1024 (0x400)

smb_vwv[ 4]= 65 (0x41)

smb_vwv[ 5]= 0 (0x0)

smb_vwv[ 6]= 256 (0x100)

smb_vwv[ 7]=51712 (0xCA00)

smb_vwv[ 8]= 13 (0xD)

smb_vwv[ 9]=64768 (0xFD00)

smb_vwv[10]=33011 (0x80F3)

smb_vwv[11]=32896 (0x8080)

smb_vwv[12]=60039 (0xEA87)

smb_vwv[13]=13214 (0x339E)

smb_vwv[14]=51403 (0xC8CB)

smb_vwv[15]=11265 (0x2C01)

smb_vwv[16]= 1 (0x1)

smb_bcc=108

[000] 65 70 69 63 71 61 61 70 70 0000 00 00 00 00 00 epicqaap p.......

[010] 60 5A 06 06 2B 06 01 05 05 02A0 50 30 4E A0 24 `Z..+... ...P0N.$

[020] 30 22 06 09 2A 86 48 86 F7 1201 02 02 06 09 2A 0"..*.H. .......*

[030] 86 48 82 F7 12 01 02 02 06 0A2B 06 01 04 01 82 .H...... ..+.....

[040] 37 02 02 0A A3 26 30 24 A0 221B 20 63 69 66 73 7....&0$ .". cifs

[050] 2F 65 70 69 63 71 61 61 70 702E 65 63 6D 63 2E /epicqaa pp.ecmc.

[060] 6C 61 6E 40 45 43 4D 43 2E 4C414E lan@ECMC .LAN

size=177

smb_com=0x72

smb_rcls=0

smb_reh=0

smb_err=0

smb_flg=136

smb_flg2=51201

smb_tid=0

smb_pid=3529

smb_uid=0

smb_mid=1

smt_wct=17

smb_vwv[ 0]= 8 (0x8)

smb_vwv[ 1]=12803 (0x3203)

smb_vwv[ 2]= 256 (0x100)

smb_vwv[ 3]= 1024 (0x400)

smb_vwv[ 4]= 65 (0x41)

smb_vwv[ 5]= 0 (0x0)

smb_vwv[ 6]= 256 (0x100)

smb_vwv[ 7]=51712 (0xCA00)

smb_vwv[ 8]= 13 (0xD)

smb_vwv[ 9]=64768 (0xFD00)

smb_vwv[10]=33011 (0x80F3)

smb_vwv[11]=32896 (0x8080)

smb_vwv[12]=60039 (0xEA87)

smb_vwv[13]=13214 (0x339E)

smb_vwv[14]=51403 (0xC8CB)

smb_vwv[15]=11265 (0x2C01)

smb_vwv[16]= 1 (0x1)

smb_bcc=108

[000] 65 70 69 63 71 61 61 70 70 0000 00 00 00 00 00 epicqaap p.......

[010] 60 5A 06 06 2B 06 01 05 05 02A0 50 30 4E A0 24 `Z..+... ...P0N.$

[020] 30 22 06 09 2A 86 48 86 F7 1201 02 02 06 09 2A 0"..*.H. .......*

[030] 86 48 82 F7 12 01 02 02 06 0A2B 06 01 04 01 82 .H...... ..+.....

[040] 37 02 02 0A A3 26 30 24 A0 221B 20 63 69 66 73 7....&0$ .". cifs

[050] 2F 65 70 69 63 71 61 61 70 702E 65 63 6D 63 2E /epicqaa pp.ecmc.

[060] 6C 61 6E 40 45 43 4D 43 2E 4C414E lan@ECMC .LAN

Doing spnego session setup (blob length=108)

got OID=1 2 840 113554 1 2 2

got OID=1 2 840 48018 1 2 2

got OID=1 3 6 1 4 1 311 2 2 10

got principal=cifs/epicqaapp.ecmc.lan@ECMC.LAN

Doing kerberos session setup

ads_krb5_mk_req: krb5_cc_get_principal failed (No such file ordirectory)

cli_session_setup_kerberos: spnego_gen_negTokenTarg failed: No suchfile or directory

SPNEGO login failed: No such file or directory

lang_tdb_init: loading/var/opt/quest/lib/samba/lang_en_US.UTF-8.tdb

session setup failed: SUCCESS - 0

Has anyone seen this before?

↧

FATAL ERROR: Server unexpectedly closed network connection in using Plink

November 14, 2008, 4:41 am

≫ Next: Support for apache httpd 2.4?

≪ Previous: SPNEGO login failed: No such file or directory

Hi,

Could any one please let me know why this error is occuring randomly while using Plink? Some days it works fine and suddenly it stops to work with this error message.

FATAL ERROR: Server unexpectedly closed network connection

I am using below command

"C:\Program Files\PuTTY\plink.exe" -load MyProfile -ssh -x -a -t -l userID HostName Command

Thanks,
Megha

↧

Support for apache httpd 2.4?

March 1, 2012, 4:18 am

≫ Next: problem of vastool user checklogin

≪ Previous: FATAL ERROR: Server unexpectedly closed network connection in using Plink

Do you know if mod_auth_vas will work with Apache httpd 2.4? Or if there is any intention to support this, and if so what time frame this version is likely to be supported in?

Thanks,
Paul

↧