Tr: CAS, Spnego and the "pre Windows 2000 logon name"
Arnaud Lesueur
arnaud.lesueur at gmail.com
Fri Jun 6 09:06:25 EDT 2008
On Fri, Jun 6, 2008 at 2:38 PM, Céline AUSSOURD <
celine.aussourd at ville-chateauroux.fr> wrote:
> <bean name="jcifsConfig"
class="org.jasig.cas.support.spnego.authentication.handler.support.JCIFSConfig">
> <property name="jcifsServicePrincipal" value="HTTP/
pronostix at VILLE-CHATEAUROUX.FR" />
> <property name="jcifsServicePassword" value="XXXX" />
> <property name="jcifsDomain" value="VILLE-CHATEAUROUX.FR"/>
> <property name="jcifsDomainController" value="
CETYUNIX.VILLE-CHATEAUROUX.FR"/>
> <property name="kerberosDebug" value="true" />
> <property name="kerberosRealm" value="VILLE-CHATEAUROUX.FR" />
> <property name="kerberosKdc" value="172.16.11.0" />
> <property name="loginConf"
value="/usr/local/liferay/webapps/cas/WEB-INF/login.conf" />
> </bean>
Céline,
You should use FQDN for CAS Server URL and SPN configuration. I mean :
CAS Server URL should be reached using : https://pronostix*.
ville-chateauroux.fr*/cas/login instead of https://pronostix/cas/login
You will also have to update the Service Principal name of the service
account in Active Directory. It should be HTTP/pronostix*.
ville-chateauroux.fr*@VILLE-CHATEAUROUX.FR instead of HTTP/
pronostix at VILLE-CHATEAUROUX.FR
Then update : your cas configuration to :
<property name="jcifsServicePrincipal" value="HTTP/pronostix*.
ville-chateauroux.fr*@VILLE-CHATEAUROUX.FR" />
If this is still not working, could you please check that you do have a
valid krbtgt (Kerberos Granting Ticket) on you client windows session ? To
check this, you can use :
- kerbtray.exe to see the tickets
- or klist.exe
Bon courage !
--
Arnaud Lesueur
LinkedIn: http://www.linkedin.com/in/lesueur
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20080606/760122f6/attachment.html
More information about the cas
mailing list