Training and Tutorials Learn how to master Tableau's products with our on-demand, live or class room training. Thoughts? In a shell with a valid ticket cache, curl --negotiate -u:
You’ll be auto redirected in 1 second. Often a generic message will be presented at the user interface. What was causing it was an entry in /etc/hosts with the host name of my test site and the loopback address (127.0.0.1); this was causing GSSAPI to request a service ticket KRB5_KT_TYPE_EXISTS -1765328192L 192 Key table type is already registered. http://juqenz.myfirewall.org/G-Qt
Generated Mon, 31 Oct 2016 04:49:55 GMT by s_mf18 (squid/3.5.20) TechNet Products Products Windows Windows Server System Center Browser Office Office 365 Exchange Server SQL Server SharePoint Products Skype wojnosystems commented Jun 18, 2014 klist -kt /usr/local/nginx/conf/hr.keytab Keytab name: FILE:/usr/local/nginx/conf/hr.keytab KVNO Timestamp Principal ---- ---------------- --------------------------------------------------------- 5 31/12/1969 17:00 [email protected] I did ensure it was owned by the nginx user. I started on it but timed out today.
Even if it's me being stupid, there's something wrong with it not returning the debug logic, even if only stupid devops people like me will benefit ;). Windows-specific Responses Error Error Name Description 0x80000001 KDC_ERR_MORE_DATA More data is available 0x80000002 KDC_ERR_NOT_RUNNING The Kerberos service is not running Top of page LDAP Error Messages This section lists errors seen That's what the diff does. Http Unauthorized Received On Kerberos Initialization hr.keytab is 400 and owned by the www-data user (the user nginx runs as). -r-------- 1 www-data webmasters 96 Jun 18 10:23 hr.keytab /usr/local/nginx/conf$ ktutil ktutil: read_kt /usr/local/nginx/conf/hr.keytab ktutil: list slot
Can it be an old timestamp, I wonder? Kerberos Message Types Information about Kerberos troubleshooting tools is also available in Appendix E: “Relevant Windows and UNIX Tools.” Table C.1. wojnosystems commented Jun 18, 2014 No, apparently Microsoft's ktpass sets the timestamp to 0. http://web.mit.edu/kerberos/krb5-1.5/krb5-1.5.4/doc/krb5-admin/Kerberos-V5-Library-Error-Codes.html Community Find and share solutions with our active community through forums, user groups and ideas.
For example, if an application attempts to transmit a message after a security context has expired, the GSS-API returns a major status code of GSS_S_CONTEXT_EXPIRED. Kerberos 5 Invalid Argument (error 22) KRB5_CC_IO -1765328191L 193 Credentials cache I/O operation failed XXX KRB5_FCC_PERM -1765328190L 194 Credentials cache permissions incorrect KRB5_FCC_NOFILE -1765328189L 195 No credentials cache found KRB5_FCC_INTERNAL -1765328188L 196 Internal credentials cache error KRB5_CC_WRITE CONFIG HERE ... wojnosystems commented Jun 25, 2014 Standard Debian libs (MIT).
OK... If the SRV record lookup fails, an error message will report that a KDC was not found. Kerberos Error Codes Personal Open source Business Explore Sign up Sign in Pricing Blog Support Search GitHub This repository Watch 16 Star 99 Fork 57 stnoonan/spnego-http-auth-nginx-module Code Issues 7 Pull requests 3 Projects Kerberos Error Code 13 Steps to reproduce Create a Service Host Principal in Active Directory (2008) Create a keytab for that SP Transfer the keytab to the webserver Configured KRB on the web server Configure
Owner stnoonan commented Jun 18, 2014 Can you show the output of klist -kt (feel free to anonymize it)? http://crimsonskysoftware.com/error-code/unknown-error-code-756.html This method cannot be used if the SRV lookup will fail or if the lookup is likely to return a server which is not actually reachable. 2. For more information, see Upgrading Tableau Desktop in the Tableau Knowledge Base. Major status codes relate to the behavior of the GSS-API itself. Kerberos Error Code 25
auth_gss on; auth_gss_keytab /PATH/TO/KEYTAB; auth_gss_realm REALM.NAME.TLD; auth_gss_service_name HTTP/hostname.name.tld; } Test: klist -k -t works (creates a tgt entry in klist) Restart Nginx Access the web server using Firefox or Chrome with More information about Kerberos error messages can be found in Appendix D: “Kerberos and LDAP Troubleshooting Tips,” of this guide and in the following document, “Troubleshooting Kerberos Errors,” available at http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/tkerberr.mspx. Sign in to comment Contact GitHub API Training Shop Blog About © 2016 GitHub, Inc. navigate here Minor status codes are returned by the underlying security mechanisms supported by a given implementation of the GSS-API.
The error codes are subject to change. Kdc Cannot Accommodate Requested Option KRB5_KT_TYPE_EXISTS: Key table type is already registered. Owner stnoonan commented Jun 18, 2014 Can you remove auth_gss_realm REALM.NAME.TLD; auth_gss_service_name HTTP/hostname.name.tld; from your config and try again?
Your diff got eaten by markdown. Your cache administrator is webmaster. These codes will not be returned in response to network requests. Krberror Error Code Is 25 I've removed them and the only 2 krb lines in the config are now are: auth_gss on; auth_gss_keytab /usr/local/nginx/conf/hr.keytab; Log results are slightly different, but the lack of messaging remains: 2014/06/18
Major status codes are listed in GSS-API Status Codes. wojnosystems commented Jun 25, 2014 Works with curl --negotiate on my Mac, not on windows with my workstation XO. Can you fix it to display the error returned by the kerberos libraries? http://crimsonskysoftware.com/error-code/unknown-error-in-outlook-for-mac.html The values are listed in hexadecimal.
The content you requested has been removed. Browser configs are always a can of worms. … On Jun 25, 2014 7:39 PM, "wojnosystems" ***@***.***> wrote: Works with curl --negotiate on my Mac, not on windows with my workstation Yes No Additional feedback? 1500 characters remaining Submit Skip this Thank you! Error codes 0x1 through 0x1E come only from the KDC in response to an AS_REQ or TGS_REQ.
Please try the request again. This RFC defines error codes in the number range of 1–61 (hex values 0x01 to 0x3D) and is available at http://www.ietf.org/rfc/rfc1510.txt. wojnosystems commented Jun 25, 2014 Changing it to be writable doesn't help me. Owner stnoonan commented Jun 25, 2014 It might also be useful to try curl rather than a web-browser.
You signed out in another tab or window.