I have managed to solve that issue by adding the following to the
JCIFSConfig
p:jcifsDomain="devad.vu.edu.au"
p:jcifsDomainController="devaddc1.devad.vu.edu.au"
Question, Is the problem a domain issue.
As you can see by the above configuration. The domain controller
information is.
Domain: devad.vu.edu.au
Domain Controller: devaddc1.devad.vu.edu.au
But the CAS machine configuration is the following.
CAS Address: devportalweb1.vu.edu.au
Domain: vu.edu.au
The machine will need to connect to the devad.vu.edu.au domain correct?
On Monday, 25 July 2016 10:15:59 UTC+10, Colin Wilkinson wrote:
>
> Hi,
>
> No that is the weirdest thing the ip CAS machine.
>
> CAS Machine ip address is XX.XX.XX.XX
> DEVADDC ip address is YY.YY.YY.YY
>
> The JCIFS Config is as follows, I tried kerberosKdc with ip address and
> same results.
>
> <bean id="jcifsConfig"
>
> class="org.jasig.cas.support.spnego.authentication.handler.support.JCIFSConfig"
> p:jcifsServicePrincipal="HTTP/
> [email protected]"
> p:kerberosDebug="true"
> p:kerberosRealm="DEVAD.VU.EDU.AU <http://devad.vu.edu.au/>"
>
> p:kerberosConf="/var/lib/tomcat8/webapps/cas/WEB-INF/classes/vuProperties/caskrb5.conf"
> p:kerberosKdc="devaddc1.devad.vu.edu.au"
>
> p:loginConf="/var/lib/tomcat8/webapps/cas/WEB-INF/classes/vuProperties/login.conf"/>
>
> <bean id="spnegoAuthentication" class="jcifs.spnego.Authentication" />
>
> <bean id="spnegoHandler"
>
> class="org.jasig.cas.support.spnego.authentication.handler.support.JCIFSSpnegoAuthenticationHandler"
> p:authentication-ref="spnegoAuthentication"
> p:principalWithDomainName="false"
> p:NTLMallowed="true" />
>
> <bean id="spnegoPrincipalResolver"
>
> class="org.jasig.cas.support.spnego.authentication.principal.SpnegoPrincipalResolver"
>
> />
>
> caskrb5.conf is as follows,
>
> [logging]
> default = FILE:/var/log/krb5libs.log
> kdc = FILE:/var/log/krb5kdc.log
> admin_server = FILE:/var/log/kadmind.log
>
> [libdefaults]
> ticket_lifetime = 24000
> default_realm = DEVAD.VU.EDU.AU <http://devad.vu.edu.au/>
> default_keytab_name =
> /usr/share/tomcat8/webapps/cas/WEB-INF/classes/vuProperties/svc_casadsso.keytab
> dns_lookup_realm = false
> dns_lookup_kdc = false
> default_tkt_enctypes = rc4-hmac
> default_tgs_enctypes = rc4-hmac
>
> [realms]
> DEVAD.VU.EDU.AU <http://devad.vu.edu.au/> = {
> kdc = devaddc1.devad.vu.edu.au:88
> }
>
> [domain_realm]
> .devad.vu.edu.au = DEVAD.VU.EDU.AU
> <http://www.google.com/url?q=http%3A%2F%2FDEVAD.VU.EDU.AU&sa=D&sntz=1&usg=AFQjCNFvxr1ZUcuqEnIpYZBvNTSZ-aJ5jA>
> devad.vu.edu.au = DEVAD.VU.EDU.AU <http://devad.vu.edu.au/>
>
> On Friday, 22 July 2016 20:08:50 UTC+10, Stefan Paetow wrote:
>>
>> > 2016-07-22 14:22:03,728 DEBUG
>> [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] -
>> <JCIFSSpnegoAuthenticationHandler exception details: Error performing NTLM
>> authentication: jcifs.smb.SmbException: Failed to connect:
>> JCIFS192_30_1C<00>/XX.XX.XX.XX
>> > jcifs.util.transport.TransportException
>> > java.net.ConnectException: Connection refused
>>
>> Well, who does the IP that the above failure to connect refer to?
>> domaindc1.devad.cc.ee.aa?
>>
>> Basically Java is trying to make an SMB connection to the KDC server (the
>> domain controller) that is supposed to provide it with a ticket based on
>> your credential and it's getting a connection refused.
>>
>> Stefan Paetow
>> Moonshot Industry & Research Liaison Coordinator
>>
>> t: +44 (0)1235 822 125
>> gpg: 0x3FCE5142
>> xmpp: [email protected]
>> skype: stefan.paetow.janet
>>
>> jisc.ac.uk
>>
>> Jisc is a registered charity (number 1149740) and a company limited by
>> guarantee which is registered in England under Company No. 5747339, VAT No.
>> GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower Hill,
>> Bristol, BS2 0JA. T 0203 697 5800.
>>
>>
>>
>>
>>
--
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/514f0bdc-d8c5-42a1-8e14-f6c23fd9fbce%40apereo.org.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.
