Tranquil IT Forum

Contact us
at https://forum.tranquil.it/

[RESOLVED] Kerberos Authentication Failure - WAPT 1.8.1

https://forum.tranquil.it/viewtopic.php?t=2294

Page 1 of 1

[RESOLVED] Kerberos Authentication Failure - WAPT 1.8.1

Published: March 31, 2020 - 01:34
by nca
Good evening,

I am contacting you because I am experiencing a problem with Kerberos authentication with version 1.8.1 of WAPT ENTERPRISE.


On the server side, everything seems OK:



[root@myserver ~]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: myserver$@DOMAIN.LOCAL

Valid starting Expires Service principal
03/31/2020 00:09:20 03/31/2020 10:09:20 krbtgt/DOMAIN.LOCAL@DOMAIN.LOCALrenew
until 04/01/2020 00:09:20


[root@myserver ~]# kinit -5 -V -k -t /etc/nginx/http-krb5.keytab myserver$
Using default cache: /tmp/krb5cc_0
Using principal: myserver$@MYDOMAIN.LOCAL
Using keytab: /etc/nginx/http-krb5.keytab
Authenticated to Kerberos v5


On the client side, it's more complicated and I have a failure as soon as I launch wapt-get register via psexec from cmd.exe:

C:\Windows\system32>wapt-get register -l debug

Current loglevel: DEBUG
2020-03-31 00:46:29,872 DEBUG Default encoding: ascii
2020-03-31 00:46:29,872 DEBUG Setting encoding for stdout and stderr to cp850
2020-03-31 00:46:29,881 DEBUG Python path ['C:\\Program Files (x86)\\wapt', 'C:\\Program Files (x86)\\wapt', 'C:\\Program Files (x86)\wapt\python27.zip', 'C:\Program Files (x86)\\wapt\\DLLs', 'C:\\Program Files (x86)\\wapt\\lib', 'C:\\Program Files (x86)\\wapt\\lib\\plat-win', 'C:\\Program Files (x86)\\wapt\\lib\\li
b-tk', 'C:\\Program Files (x86)\\wapt', 'C:\\Program Files (x86)\\wapt\\lib\\site-packages', 'C:\\Program Files (x86)\\wapt\\lib\\site-packages\\pywin32-227-py2.7-win32.egg', 'C:\\Program Files (x86)\\wapt\\lib\\site-packages\\win32', 'C:\\Program Files (x86)\\wapt\\lib\\site-packages\\win32\\lib', 'C:\\Program Files (
x86)\\wapt\\lib\\site-packages\\Pythonwin']
2020-03-31 00:46:29,881 INFO Using local waptservice configuration C:\Program Files (x86)\wapt\wapt-get.ini
2020-03-31 00:46:29,881 DEBUG Config file: C:\Program Files (x86)\wapt\wapt-get.ini
Using config file: C:\Program Files (x86)\wapt\wapt-get.ini
2020-03-31 00:46:29,888 DEBUG Thread 11964 is connecting to wapt db
2020-03-31 00:46:29,891 DEBUG Using host certificate C:\Program Files (x86)\wapt\private\rnd-F83FD832-F054-4F38-99-95-EF-B2-75-54-F0-EF.pem for repo global auth
2020-03-31 00:46:29,892 DEBUG Thread 11964 is connecting to wapt db
2020-03-31 00:46:29,892 DEBUG DB Start transaction
2020-03-31 00:46:29,894 DEBUG DB commit
2020-03-31 00:46:29,898 DEBUG Using host certificate C:\Program Files (x86)\wapt\private\rnd-F83FD832-F054-4F38-99-95-EF-B2-75-54-F0-EF.pem for repo wapt auth
2020-03-31 00:46:29,900 INFO Main repository: https://monserveur.mondomaine.local/wapt
2020-03-31 00:46:29,904 DEBUG Using host certificate C:\Program Files (x86)\wapt\private\rnd-F83FD832-F054-4F38-99-95-EF-B2-75-54-F0-EF.pem for repo wapt-host auth
2020-03-31 00:46:29,905 INFO User Groups:[]
2020-03-31 00:46:29,907 DEBUG WAPT base directory: C:\Program Files (x86)\wapt
2020-03-31 00:46:29,907 DEBUG Package cache dir: C:\Program Files (x86)\wapt\cache
2020-03-31 00:46:29,907 DEBUG WAPT DB Structure version;: 20190606
Registering host against server: https://monserveur.mondomaine.local
2020-03-31 00:46:29,908 DEBUG DB Start transaction
2020-03-31 00:46:29,910 DEBUG DB commit
2020-03-31 00:46:29,921 DEBUG DB Start transaction
2020-03-31 00:46:29,921 DEBUG DB commit
2020-03-31 00:46:29,931 DEBUG DB Start transaction
2020-03-31 00:46:29,933 DEBUG DB commit
2020-03-31 00:46:30,733 DEBUG Unable to GET username from SID S-1-5-21-2332712988-1315460628-2325810761-7457 : (1332, 'LookupAccountSid', 'The mapping between account names and security IDs did not \xe9t\xe9 carried out\xe9.'), using profile directory instead
2020-03-31 00:46:30,746 DEBUG Unable to GET username from SID S-1-5-21-3493027987-1627524558-665377110-1001 : (1332, 'LookupAccountSid', 'The mapping between account names and account IDs security has not been performed.'), using profile directory instead
2020-03-31 00:46:30,763 DEBUG Unable to GET username from SID S-1-5-21-2332712988-1315460628-2325810761-7457: (1332, 'LookupAccountSid', 'The mapping between account names and security IDs was not performed.'), using profile directory instead
2020-03-31 00:46:30,763 DEBUG Unable to GET username from SID S-1-5-21-3493027987-1627524558-665377110-1001 : (1332, 'LookupAccountSid', 'The mapping between account names and security IDs was not performed.'), using profile directory instead
2020-03-31 00:46:30,826 DEBUG DB Start transaction
2020-03-31 00:46:30,828 DEBUG DB commit
2020-03-31 00:46:30,842 DEBUG Stores cert chain check in cache
2020-03-31 00:46:31,000 INFO Run "dmidecode -q"
2020-03-31 00:46:31,010 INFO dmidecode -q command returns code 0
System Power Controls
2020-03-31 00:46:36,707 DEBUG Loading ssl context with cert C:\Program Files (x86)\wapt\private\rnd-F83FD832-F054-4F38-99-95-EF-B2-75-54-F0-EF.crt and key C:\Program Files (x86)\wapt\private\rnd-F83FD832-F054-4F38-99-95-EF-B2-75-54-F0-EF.pem
2020-03-31 00:46:36,720 DEBUG Starting new HTTPS connection (1): myserver.mydomain.local:443
2020-03-31 00:46:36,819 DEBUG https://myserver.mydomain.local:443 "POST /add_host_kerberos HTTP/1.1" 401 179
2020-03-31 00:46:36,839 DEBUG https://myserver.mydomain.local:443 "POST /add_host_kerberos HTTP/1.1" 401 179
2020-03-31 00:46:36,842 DEBUG handle_401(): Handling: 401
2020-03-31 00:46:36,871 ERROR generate_request_header(): authGSSClientStep() failed:
Traceback (most recent call last):
File "C:\Program Files (x86)\wapt\lib\site-packages\requests_kerberos\kerberos_.py", line 227, in generate_request_header
channel_bindings=self.cbt_struct)
GSSError: SSPI: InitializeSecurityContext: The target specified is unknown or inaccessible

Traceback (most recent call last):
File "C:\Program Files (x86)\wapt\lib\logging\__init__.py", line 868, in emit
msg = self.format(record)
File "C:\Program Files (x86)\wapt\lib\logging\__init__.py", line 741, in format
return fmt.format(record)
File "C:\Program Files (x86)\wapt\lib\logging\__init__.py", line 476, in format
raise e
UnicodeDecodeError: 'ascii' codec can't decode byte 0xe9 in position 44: ordinal not in range(128)
Logged from file kerberos_.py, line 243
2020-03-31 00:46:36,877 DEBUG handle_401(): returning
2020-03-31 00:46:36,877 DEBUG handle_response(): returning
2020-03-31 00:46:36,877 DEBUG handle_response() has seen 0 401 responses
2020-03-31 00:46:36,878 DEBUG handle_401(): Handling: 401
2020-03-31 00:46:36,878 ERROR generate_request_header(): authGSSClientStep() failed:
Traceback (most recent call last):
File "C:\Program Files (x86)\wapt\lib\site-packages\requests_kerberos\kerberos_.py", line 227, in generate_request_header
channel_bindings=self.cbt_struct)
GSSError: SSPI: InitializeSecurityContext: The specified target is unknown or inaccessible

Traceback (most recent call last):
File "C:\Program Files (x86)\wapt\lib\logging\__init__.py", line 868, in emit
msg = self.format(record)
File "C:\Program Files (x86)\wapt\lib\logging\__init__.py", line 741, in format
return fmt.format(record)
File "C:\Program Files (x86)\wapt\lib\logging\__init__.py", line 476, in format
raise e
UnicodeDecodeError: 'ascii' codec can't decode byte 0xe9 in position 44: ordinal not in range(128)
Logged from file kerberos_.py, line 243
2020-03-31 00:46:36,880 DEBUG handle_401(): returning
2020-03-31 00:46:36,880 DEBUG handle_response(): returning
2020-03-31 00:46:36,880 DEBUG handle_response() has seen 1,401 responses
2020-03-31 00:46:36,880 DEBUG handle_response(): returning 401
2020-03-31 00:46:36,900 DEBUG https://myserver.mydomain.local:443 "POST /add_host_kerberos HTTP/1.1" 401 179
2020-03-31 00:46:36,901 DEBUG handle_401(): Handling: 401
2020-03-31 00:46:36,903 ERROR generate_request_header(): authGSSClientStep() failed:
Traceback (most recent call last):
File "C:\Program Files (x86)\wapt\lib\site-packages\requests_kerberos\kerberos_.py", line 227, in generate_request_header
channel_bindings=self.cbt_struct)
GSSError: SSPI: InitializeSecurityContext: The target specified is unknown or inaccessible

Traceback (most recent call last):
File "C:\Program Files (x86)\wapt\lib\logging\__init__.py", line 868, in emit
msg = self.format(record)
File "C:\Program Files (x86)\wapt\lib\logging\__init__.py", line 741, in format
return fmt.format(record)
File "C:\Program Files (x86)\wapt\lib\logging\__init__.py", line 476, in format
raise e
UnicodeDecodeError: 'ascii' codec can't decode byte 0xe9 in position 44: ordinal not in range(128)
Logged from file kerberos_.py, line 243
2020-03-31 00:46:36,917 DEBUG handle_401(): returning
2020-03-31 00:46:36,917 DEBUG handle_response(): returning
2020-03-31 00:46:36,918 DEBUG handle_response() has seen 0 401 responses
2020-03-31 00:46:36,920 DEBUG handle_401(): Handling: 401
2020-03-31 00:46:36,921 ERROR generate_request_header(): authGSSClientStep() failed:
Traceback (most recent call last):
File "C:\Program Files (x86)\wapt\lib\site-packages\requests_kerberos\kerberos_.py", line 227, in generate_request_header
channel_bindings=self.cbt_struct)
GSSError: SSPI: InitializeSecurityContext: The specified target is unknown or inaccessible

Traceback (most recent call last):
File "C:\Program Files (x86)\wapt\lib\logging\__init__.py", line 868, in emit
msg = self.format(record)
File "C:\Program Files (x86)\wapt\lib\logging\__init__.py", line 741, in format
return fmt.format(record)
File "C:\Program Files (x86)\wapt\lib\logging\__init__.py", line 476, in format
raise e
UnicodeDecodeError: 'ascii' codec can't decode byte 0xe9 in position 44: ordinal not in range(128)
Logged from file kerberos_.py, line 243
2020-03-31 00:46:36,938 DEBUG handle_401(): returning
2020-03-31 00:46:36,940 DEBUG handle_response(): returning
2020-03-31 00:46:36,940 DEBUG handle_response() has seen 1,401 responses
2020-03-31 00:46:36,941 DEBUG handle_response(): returning 401
FATAL ERROR: EWaptBadServerAuthentication: Authentication failed on server https://myserver.mydomain.local for action add_host_kerberos
Traceback (most recent call last):
File "
File "
File "C:\Program Files (x86)\wapt\common.py", line 5496, in register_computer
signe = self.get_host_certificate().cn
File "C:\Program Files (x86)\wapt\common.py", line 1924, in post
raise EWaptBadServerAuthentication('Authentication failed on server %s for action %s' % (self.server_url,action))
common.EWaptBadServerAuthentication: Authentication failed on server https://myserver.mydomain.local for action add_host_kerberos
Exception at 004426A0: EPyException:
EWaptBadServerAuthentication: Authentication failed on server https://myserver.mydomain.local for action add_host_kerberos.




Here is the content of the client-side wapt-get.ini:

[global]
repo_url=https://monserveur.mondomaine.local/wapt
send_usage_report=1
use_hostpackages=1
wapt_server=https://monserveur.mondomaine.local
use_kerberos=1
check_certificates_validity=1
verify_cert=1
uuid=rnd-F83FD832-F054-4F38-99-95-EF-B2-75-54-F0-EF
dnsdomain=mydomain.local
max_gpo_script_wait=180
pre_shutdown_timeout=180
hiberboot_enabled=0
host_profiles=
use_repo_rules=0
waptaudit_task_period=120m
[wapt-templates]
repo_url=https://store.wapt.fr/wapt
verify_cert=1
[waptwua]
enabled=true
default_allow=true
install_at_shutdown=true
download_scheduling=7d
allow_direct_download=true


I've been going around in circles for hours without being able to solve this...
Do you have any ideas to help me fix this?

Thank you so much!

Re: Kerberos Authentication Failure - WAPT 1.8.1

Published: March 31, 2020 - 08:57
by sfonteneau
Hello

, can you tell me if (in a psexec or klist) a ticket is correctly generated?

You can also follow this thread: viewtopic.php?f=13&t=2198.

After reading the post, can you tell me if, when you visit https://srvwapt.mydomain.lan/add_host_kerberos, the message is indeed "Method Not Allowed"?

Simon

Re: Kerberos Authentication Failure - WAPT 1.8.1

Published: March 31, 2020 - 10:00 AM
by nca
Hello,

After purging all tickets and restarting the register via psexec, I do get a new ticket:

C:\Windows\system32>klist

LogonId is 0:0x3e7

Cached Tickets: (1)

#0> Client: tech-fc7ghm2$ @ MYDOMAIN.LOCAL
Server: krbtgt/MYDOMAIN.LOCAL @ MYDOMAIN.LOCAL
KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
Ticket Flags 0x40e10000 -> forwardable renewable initial pre_authent name_canonicalize
Start Time: 3/31/2020 9:48:37 (Local)
End Time: 3/31/2020 19:48:37 (Local)
Renewal Time: 4/7/2020 9:48:37 (Local)
Session Key Type: AES-256-CTS-HMAC-SHA1-96
Cache flags: 0x1 -> PRIMARY
KDC called: AD.MYDOMAIN.LOCAL


Accessing /add_host_kerberos gives me a popup; if I attempt authentication, I end up getting a 403 "Forbidden" error.

In the logs I've enabled on the server, I get this:


2020/03/31 09:53:47 [debug] 1230#0: *330 write new buf t:1 f:0 000055AD6C9FECE0,
pos 000055AD6C9FECE0, size: 221 file: 0, size: 0
2020/03/31 09:53:47 [debug] 1230#0: *330 http write filter: l:0 f:0 s:221
2020/03/31 09:53:47 [debug] 1230#0: *330 http output filter "/add_host_kerberos?
"
2020/03/31 09:53:47 [debug] 1230#0: *330 http copy filter: "/add_host_kerberos?"
2020/03/31 09:53:47 [debug] 1230#0: *330 image filter
2020/03/31 09:53:47 [debug] 1230#0: *330 xslt filter body
2020/03/31 09:53:47 [debug] 1230#0: *330 http postpone filter "/add_host_kerbero
s?" 000055AD6CA9EEF0
2020/03/31 09:53:47 [debug] 1230#0: *330 write old buf t:1 f:0 000055AD6C9FECE0,
pos 000055AD6C9FECE0, size: 221 file: 0, size: 0
2020/03/31 09:53:47 [debug] 1230#0: *330 write new buf t:0 f:0 0000000000000000,
pos 000055AD6B945660, size: 126 file: 0, size: 0
2020/03/31 09:53:47 [debug] 1230#0: *330 write new buf t:0 f:0 0000000000000000,
pos 000055AD6B945C40, size: 53 file: 0, size: 0
2020/03/31 09:53:47 [debug] 1230#0: *330 http write filter: l:1 f:0 s:400
2020/03/31 09:53:47 [debug] 1230#0: *330 http write filter limit 0
2020/03/31 09:53:47 [debug] 1230#0: *330 malloc: 000055AD6CA9FA10:16384
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL buf copy: 221
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL buf copy: 126
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL buf copy: 53
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL to write: 400
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_write: 400
2020/03/31 09:53:47 [debug] 1230#0: *330 http write filter 0000000000000000
2020/03/31 09:53:47 [debug] 1230#0: *330 http copy filter: 0 "/add_host_kerberos
?"
2020/03/31 09:53:47 [debug] 1230#0: *330 http finalize request: 0, "/add_host_ke
rberos?" a:1, c:2
2020/03/31 09:53:47 [debug] 1230#0: *330 event timer add: 6: 5000:31381964
2020/03/31 09:53:47 [debug] 1230#0: *330 http request count:2 blk:0
2020/03/31 09:53:47 [debug] 1230#0: *330 http run request: "/add_host_kerberos?"
2020/03/31 09:53:47 [debug] 1230#0: *330 http read discarded body
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_read: -1
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_get_error: 2
2020/03/31 09:53:47 [debug] 1230#0: *330 event timer: 6, old: 31381964, new: 313
81966
2020/03/31 09:53:47 [debug] 1230#0: *330 http run request: "/add_host_kerberos?"
2020/03/31 09:53:47 [debug] 1230#0: *330 http read discarded body
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_read: -1
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_get_error: 2
2020/03/31 09:53:47 [debug] 1230#0: *330 event timer: 6, old: 31381964, new: 313
81966
2020/03/31 09:53:47 [debug] 1230#0: *330 http run request: "/add_host_kerberos?"
2020/03/31 09:53:47 [debug] 1230#0: *330 http read discarded body
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_read: -1
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_get_error: 2
2020/03/31 09:53:47 [debug] 1230#0: *330 event timer: 6, old: 31381964, new: 313
81966
2020/03/31 09:53:47 [debug] 1230#0: *330 http run request: "/add_host_kerberos?"
2020/03/31 09:53:47 [debug] 1230#0: *330 http read discarded body
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_read: -1
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_get_error: 2
2020/03/31 09:53:47 [debug] 1230#0: *330 event timer: 6, old: 31381964, new: 313
81966
2020/03/31 09:53:47 [debug] 1230#0: *330 http run request: "/add_host_kerberos?"
2020/03/31 09:53:47 [debug] 1230#0: *330 http read discarded body
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_read: -1
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_get_error: 2
2020/03/31 09:53:47 [debug] 1230#0: *330 event timer: 6, old: 31381964, new: 313
81966
2020/03/31 09:53:47 [debug] 1230#0: *330 http run request: "/add_host_kerberos?"
2020/03/31 09:53:47 [debug] 1230#0: *330 http read discarded body
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_read: 4096
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_read: 4096
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_read: 4096
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_read: 4096
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_read: -1
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_get_error: 2
2020/03/31 09:53:47 [debug] 1230#0: *330 event timer: 6, old: 31381964, new: 313
81969
2020/03/31 09:53:47 [debug] 1230#0: *330 http run request: "/add_host_kerberos?"
2020/03/31 09:53:47 [debug] 1230#0: *330 http read discarded body
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_read: -1
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_get_error: 2
2020/03/31 09:53:47 [debug] 1230#0: *330 event timer: 6, old: 31381964, new: 313
81970
2020/03/31 09:53:47 [debug] 1230#0: *330 http run request: "/add_host_kerberos?"
2020/03/31 09:53:47 [debug] 1230#0: *330 http read discarded body
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_read: -1
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_get_error: 2
2020/03/31 09:53:47 [debug] 1230#0: *330 event timer: 6, old: 31381964, new: 313
81977
2020/03/31 09:53:47 [debug] 1230#0: *330 http run request: "/add_host_kerberos?"
2020/03/31 09:53:47 [debug] 1230#0: *330 http read discarded body
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_read: -1
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_get_error: 2
2020/03/31 09:53:47 [debug] 1230#0: *330 event timer: 6, old: 31381964, new: 313
81977
2020/03/31 09:53:47 [debug] 1230#0: *330 http run request: "/add_host_kerberos?"
2020/03/31 09:53:47 [debug] 1230#0: *330 http read discarded body
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_read: -1
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_get_error: 2
2020/03/31 09:53:47 [debug] 1230#0: *330 event timer: 6, old: 31381964, new: 313
81977
2020/03/31 09:53:47 [debug] 1230#0: *330 http run request: "/add_host_kerberos?"
2020/03/31 09:53:47 [debug] 1230#0: *330 http read discarded body
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_read: 4096
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_read: 4096
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_read: 4096
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_read: 4096
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_read: -1
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_get_error: 2
2020/03/31 09:53:47 [debug] 1230#0: *330 event timer: 6, old: 31381964, new: 313
81978
2020/03/31 09:53:47 [debug] 1230#0: *330 http run request: "/add_host_kerberos?"
2020/03/31 09:53:47 [debug] 1230#0: *330 http read discarded body
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_read: 1302
2020/03/31 09:53:47 [debug] 1230#0: *330 http finalize request: -4, "/add_host_k
erberos?" a:1, c:1
2020/03/31 09:53:47 [debug] 1230#0: *330 set http keepalive handler
2020/03/31 09:53:47 [debug] 1230#0: *330 http close request
2020/03/31 09:53:47 [debug] 1230#0: *330 http log handler
2020/03/31 09:53:47 [debug] 1230#0: *330 free: 000055AD6C9FDDE0, unused: 0
2020/03/31 09:53:47 [debug] 1230#0: *330 free: 000055AD6CA9EA00, unused: 2621
2020/03/31 09:53:47 [debug] 1230#0: *330 free: 000055AD6C992CF0
2020/03/31 09:53:47 [debug] 1230#0: *330 hc free: 0000000000000000
2020/03/31 09:53:47 [debug] 1230#0: *330 hc busy: 0000000000000000 0
2020/03/31 09:53:47 [debug] 1230#0: *330 free: 000055AD6CA9FA10
2020/03/31 09:53:47 [debug] 1230#0: *330 reusable connection: 1
2020/03/31 09:53:47 [debug] 1230#0: *330 event timer del: 6: 31381964
2020/03/31 09:53:47 [debug] 1230#0: *330 event timer add: 6: 65000:31441978
2020/03/31 09:53:47 [debug] 1230#0: *330 post event 000055AD6CA6EC80
2020/03/31 09:53:47 [debug] 1230#0: *330 delete posted event 000055AD6CA6EC80
2020/03/31 09:53:47 [debug] 1230#0: *330 http keepalive handler
2020/03/31 09:53:47 [debug] 1230#0: *330 malloc: 000055AD6C992CF0:1024
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_read: -1
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_get_error: 2
2020/03/31 09:53:47 [debug] 1230#0: *330 free: 000055AD6C992CF0
2020/03/31 09:53:47 [debug] 1230#0: *330 http keepalive handler
2020/03/31 09:53:47 [debug] 1230#0: *330 malloc: 000055AD6C992CF0:1024
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_read: -1
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_get_error: 2
2020/03/31 09:53:47 [debug] 1230#0: *330 free: 000055AD6C992CF0
2020/03/31 09:53:47 [debug] 1230#0: *330 http keepalive handler
2020/03/31 09:53:47 [debug] 1230#0: *330 malloc: 000055AD6C992CF0:1024
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_read: -1
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_get_error: 2
2020/03/31 09:53:47 [debug] 1230#0: *330 free: 000055AD6C992CF0
2020/03/31 09:53:47 [debug] 1230#0: *330 http keepalive handler
2020/03/31 09:53:47 [debug] 1230#0: *330 malloc: 000055AD6C992CF0:1024
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_read: -1
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_get_error: 2
2020/03/31 09:53:47 [debug] 1230#0: *330 free: 000055AD6C992CF0
2020/03/31 09:53:47 [debug] 1230#0: *330 http keepalive handler
2020/03/31 09:53:47 [debug] 1230#0: *330 malloc: 000055AD6C992CF0:1024
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_read: -1
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_get_error: 2
2020/03/31 09:53:47 [debug] 1230#0: *330 free: 000055AD6C992CF0
2020/03/31 09:53:47 [debug] 1230#0: *330 http keepalive handler
2020/03/31 09:53:47 [debug] 1230#0: *330 malloc: 000055AD6C992CF0:1024
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_read: -1
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_get_error: 2
2020/03/31 09:53:47 [debug] 1230#0: *330 free: 000055AD6C992CF0
2020/03/31 09:53:47 [debug] 1230#0: *330 http keepalive handler
2020/03/31 09:53:47 [debug] 1230#0: *330 malloc: 000055AD6C992CF0:1024
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_read: -1
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_get_error: 2
2020/03/31 09:53:47 [debug] 1230#0: *330 free: 000055AD6C992CF0
2020/03/31 09:53:47 [debug] 1230#0: *330 http keepalive handler
2020/03/31 09:53:47 [debug] 1230#0: *330 malloc: 000055AD6C992CF0:1024
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_read: -1
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_get_error: 2
2020/03/31 09:53:47 [debug] 1230#0: *330 free: 000055AD6C992CF0
2020/03/31 09:53:47 [debug] 1230#0: *330 http keepalive handler
2020/03/31 09:53:47 [debug] 1230#0: *330 malloc: 000055AD6C992CF0:1024
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_read: 1024
2020/03/31 09:53:47 [debug] 1230#0: *330 reusable connection: 0
2020/03/31 09:53:47 [debug] 1230#0: *330 posix_memalign: 000055AD6C9FDDE0:4096 @
16
2020/03/31 09:53:47 [debug] 1230#0: *330 http cl:49760 max:4294967296
2020/03/31 09:53:47 [debug] 1230#0: *330 rewrite phase: 3
2020/03/31 09:53:47 [debug] 1230#0: *330 post rewrite phase: 4
2020/03/31 09:53:47 [debug] 1230#0: *330 generic phase: 5
2020/03/31 09:53:47 [debug] 1230#0: *330 generic phase: 6
2020/03/31 09:53:47 [debug] 1230#0: *330 generic phase: 7
2020/03/31 09:53:47 [debug] 1230#0: *330 generic phase: 8
2020/03/31 09:53:47 [debug] 1230#0: *330 access phase: 9
2020/03/31 09:53:47 [debug] 1230#0: *330 SSO auth handling IN: token.len=0, head
=0, ret=401
2020/03/31 09:53:47 [debug] 1230#0: *330 Begin auth
2020/03/31 09:53:47 [debug] 1230#0: *330 Detect basic auth
2020/03/31 09:53:47 [debug] 1230#0: *330 Detect SPNEGO token
2020/03/31 09:53:47 [debug] 1230#0: *330 SSO auth handling OUT: token.len=0, hea
d=1, ret=401
2020/03/31 09:53:47 [debug] 1230#0: *330 http finalize request: 401, "/add_host_kerberos
?" a:1, c:1
2020/03/31 09:53:47 [debug] 1230#0: *330 http special response: 401, "/add_host_kerberos
?"
2020/03/31 09:53:47 [debug] 1230#0: *330 http set discarded body
2020/03/31 09:53:47 [debug] 1230#0: *330 http read discarded body
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_read: 4096
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_read: 4096
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_read: 4096
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_read: 3072
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_read: -1
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_get_error: 2
2020/03/31 09:53:47 [debug] 1230#0: *330 xslt filter header
2020/03/31 09:53:47 [debug] 1230#0: *330 HTTP/1.1 401 Unauthorized

Server: nginx/1.16.1
Date: Tue, 31 Mar 2020 07:53:47 GMT
Content-Type: text/html
Content-Length: 179
Connection: keep-alive
WWW-Authenticate: Negotiate
WWW-Authenticate: Basic realm=""



As for the rest, I have indeed already followed the thread of user Rebecca, who is also stuck on configuring this authentication, but I haven't been able to make any further progress...

(no time zone difference in particular...)

Re: Kerberos Authentication Failure - WAPT 1.8.1

Published: March 31, 2020 - 5:17 PM
by sfonteneau
Information for other forum users:

We contacted each other by phone (phone contact reserved for Wapt Enterprise customers).

We went through the entire process together, and it works. ;)

Re: [RESOLVED] Kerberos Authentication Failure - WAPT 1.8.1

Published: May 27, 2020 - 5:17 PM
by sfonteneau
I'm bumping the post because I just found a different solution

If you are on CentOS you can try to launch a

Code: Select all

restorecon -v -R /etc/nginx/
systemctl restart nginx
Time zone set to UTC+02:00
Page 1 of 1

Developed by phpBB® Forum Software © phpBB Limited

Official French translation © Qiaeru