Forum Tranquil IT

Contactez nous
https://forum.tranquil.it/

[RESOLU] Echec Authentification Kerberos - WAPT 1.8.1

https://forum.tranquil.it/viewtopic.php?t=2294

Page 1 sur 1

[RESOLU] Echec Authentification Kerberos - WAPT 1.8.1

Posté : 31 mars 2020 - 01:34
par nca
Bonsoir,

Je vous contacte car je rencontre un problème sur l'authentification Kerberos avec la version 1.8.1 de WAPT ENTERPRISE.


Côté serveur, tout semble OK :



[root@monserveur ~]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: monserveur$@DOMAINE.LOCAL

Valid starting Expires Service principal
03/31/2020 00:09:20 03/31/2020 10:09:20 krbtgt/DOMAINE.LOCAL@DOMAINE.LOCAL
renew until 04/01/2020 00:09:20


[root@monserveur ~]# kinit -5 -V -k -t /etc/nginx/http-krb5.keytab monserveur$
Using default cache: /tmp/krb5cc_0
Using principal: monserveur$@MONDOMAINE.LOCAL
Using keytab: /etc/nginx/http-krb5.keytab
Authenticated to Kerberos v5


Côté client, c'est plus compliqué et j'ai un échec dès que je lance le wapt-get register via psexec depuis le cmd.exe :

C:\Windows\system32>wapt-get register -l debug

Current loglevel : DEBUG
2020-03-31 00:46:29,872 DEBUG Default encoding : ascii
2020-03-31 00:46:29,872 DEBUG Setting encoding for stdout and stderr to cp850
2020-03-31 00:46:29,881 DEBUG Python path ['C:\\Program Files (x86)\\wapt', 'C:\\Program Files (x86)\\wapt', 'C:\\Program Files (x86)\\wapt\\python27.zip', 'C:\\Program Files (x86)\\wapt\\DLLs', 'C:\\Program Files (x86)\\wapt\\lib', 'C:\\Program Files (x86)\\wapt\\lib\\plat-win', 'C:\\Program Files (x86)\\wapt\\lib\\li
b-tk', 'C:\\Program Files (x86)\\wapt', 'C:\\Program Files (x86)\\wapt\\lib\\site-packages', 'C:\\Program Files (x86)\\wapt\\lib\\site-packages\\pywin32-227-py2.7-win32.egg', 'C:\\Program Files (x86)\\wapt\\lib\\site-packages\\win32', 'C:\\Program Files (x86)\\wapt\\lib\\site-packages\\win32\\lib', 'C:\\Program Files (
x86)\\wapt\\lib\\site-packages\\Pythonwin']
2020-03-31 00:46:29,881 INFO Using local waptservice configuration C:\Program Files (x86)\wapt\wapt-get.ini
2020-03-31 00:46:29,881 DEBUG Config file: C:\Program Files (x86)\wapt\wapt-get.ini
Using config file: C:\Program Files (x86)\wapt\wapt-get.ini
2020-03-31 00:46:29,888 DEBUG Thread 11964 is connecting to wapt db
2020-03-31 00:46:29,891 DEBUG Using host certificate C:\Program Files (x86)\wapt\private\rnd-F83FD832-F054-4F38-99-95-EF-B2-75-54-F0-EF.pem for repo global auth
2020-03-31 00:46:29,892 DEBUG Thread 11964 is connecting to wapt db
2020-03-31 00:46:29,892 DEBUG DB Start transaction
2020-03-31 00:46:29,894 DEBUG DB commit
2020-03-31 00:46:29,898 DEBUG Using host certificate C:\Program Files (x86)\wapt\private\rnd-F83FD832-F054-4F38-99-95-EF-B2-75-54-F0-EF.pem for repo wapt auth
2020-03-31 00:46:29,900 INFO Main repository: https://monserveur.mondomaine.local/wapt
2020-03-31 00:46:29,904 DEBUG Using host certificate C:\Program Files (x86)\wapt\private\rnd-F83FD832-F054-4F38-99-95-EF-B2-75-54-F0-EF.pem for repo wapt-host auth
2020-03-31 00:46:29,905 INFO User Groups:[]
2020-03-31 00:46:29,907 DEBUG WAPT base directory : C:\Program Files (x86)\wapt
2020-03-31 00:46:29,907 DEBUG Package cache dir : C:\Program Files (x86)\wapt\cache
2020-03-31 00:46:29,907 DEBUG WAPT DB Structure version;: 20190606
Registering host against server: https://monserveur.mondomaine.local
2020-03-31 00:46:29,908 DEBUG DB Start transaction
2020-03-31 00:46:29,910 DEBUG DB commit
2020-03-31 00:46:29,921 DEBUG DB Start transaction
2020-03-31 00:46:29,921 DEBUG DB commit
2020-03-31 00:46:29,931 DEBUG DB Start transaction
2020-03-31 00:46:29,933 DEBUG DB commit
2020-03-31 00:46:30,733 DEBUG Unable to GET username from SID S-1-5-21-2332712988-1315460628-2325810761-7457 : (1332, 'LookupAccountSid', 'Le mappage entre les noms de compte et les ID de s\xe9curit\xe9 n\x92a pas \xe9t\xe9 effectu\xe9.'), using profile directory instead
2020-03-31 00:46:30,746 DEBUG Unable to GET username from SID S-1-5-21-3493027987-1627524558-665377110-1001 : (1332, 'LookupAccountSid', 'Le mappage entre les noms de compte et les ID de s\xe9curit\xe9 n\x92a pas \xe9t\xe9 effectu\xe9.'), using profile directory instead
2020-03-31 00:46:30,763 DEBUG Unable to GET username from SID S-1-5-21-2332712988-1315460628-2325810761-7457 : (1332, 'LookupAccountSid', 'Le mappage entre les noms de compte et les ID de s\xe9curit\xe9 n\x92a pas \xe9t\xe9 effectu\xe9.'), using profile directory instead
2020-03-31 00:46:30,763 DEBUG Unable to GET username from SID S-1-5-21-3493027987-1627524558-665377110-1001 : (1332, 'LookupAccountSid', 'Le mappage entre les noms de compte et les ID de s\xe9curit\xe9 n\x92a pas \xe9t\xe9 effectu\xe9.'), using profile directory instead
2020-03-31 00:46:30,826 DEBUG DB Start transaction
2020-03-31 00:46:30,828 DEBUG DB commit
2020-03-31 00:46:30,842 DEBUG Stores cert chain check in cache
2020-03-31 00:46:31,000 INFO Run "dmidecode -q"
2020-03-31 00:46:31,010 INFO dmidecode -q command returns code 0
System Power Controls
2020-03-31 00:46:36,707 DEBUG Loading ssl context with cert C:\Program Files (x86)\wapt\private\rnd-F83FD832-F054-4F38-99-95-EF-B2-75-54-F0-EF.crt and key C:\Program Files (x86)\wapt\private\rnd-F83FD832-F054-4F38-99-95-EF-B2-75-54-F0-EF.pem
2020-03-31 00:46:36,720 DEBUG Starting new HTTPS connection (1): monserveur.mondomaine.local:443
2020-03-31 00:46:36,819 DEBUG https://monserveur.mondomaine.local:443 "POST /add_host_kerberos HTTP/1.1" 401 179
2020-03-31 00:46:36,839 DEBUG https://monserveur.mondomaine.local:443 "POST /add_host_kerberos HTTP/1.1" 401 179
2020-03-31 00:46:36,842 DEBUG handle_401(): Handling: 401
2020-03-31 00:46:36,871 ERROR generate_request_header(): authGSSClientStep() failed:
Traceback (most recent call last):
File "C:\Program Files (x86)\wapt\lib\site-packages\requests_kerberos\kerberos_.py", line 227, in generate_request_header
channel_bindings=self.cbt_struct)
GSSError: SSPI: InitializeSecurityContext: La cible spécifiée est inconnue ou inaccessible

Traceback (most recent call last):
File "C:\Program Files (x86)\wapt\lib\logging\__init__.py", line 868, in emit
msg = self.format(record)
File "C:\Program Files (x86)\wapt\lib\logging\__init__.py", line 741, in format
return fmt.format(record)
File "C:\Program Files (x86)\wapt\lib\logging\__init__.py", line 476, in format
raise e
UnicodeDecodeError: 'ascii' codec can't decode byte 0xe9 in position 44: ordinal not in range(128)
Logged from file kerberos_.py, line 243
2020-03-31 00:46:36,877 DEBUG handle_401(): returning <Response [401]>
2020-03-31 00:46:36,877 DEBUG handle_response(): returning <Response [401]>
2020-03-31 00:46:36,877 DEBUG handle_response() has seen 0 401 responses
2020-03-31 00:46:36,878 DEBUG handle_401(): Handling: 401
2020-03-31 00:46:36,878 ERROR generate_request_header(): authGSSClientStep() failed:
Traceback (most recent call last):
File "C:\Program Files (x86)\wapt\lib\site-packages\requests_kerberos\kerberos_.py", line 227, in generate_request_header
channel_bindings=self.cbt_struct)
GSSError: SSPI: InitializeSecurityContext: La cible spécifiée est inconnue ou inaccessible

Traceback (most recent call last):
File "C:\Program Files (x86)\wapt\lib\logging\__init__.py", line 868, in emit
msg = self.format(record)
File "C:\Program Files (x86)\wapt\lib\logging\__init__.py", line 741, in format
return fmt.format(record)
File "C:\Program Files (x86)\wapt\lib\logging\__init__.py", line 476, in format
raise e
UnicodeDecodeError: 'ascii' codec can't decode byte 0xe9 in position 44: ordinal not in range(128)
Logged from file kerberos_.py, line 243
2020-03-31 00:46:36,880 DEBUG handle_401(): returning <Response [401]>
2020-03-31 00:46:36,880 DEBUG handle_response(): returning <Response [401]>
2020-03-31 00:46:36,880 DEBUG handle_response() has seen 1 401 responses
2020-03-31 00:46:36,880 DEBUG handle_response(): returning 401 <Response [401]>
2020-03-31 00:46:36,900 DEBUG https://monserveur.mondomaine.local:443 "POST /add_host_kerberos HTTP/1.1" 401 179
2020-03-31 00:46:36,901 DEBUG handle_401(): Handling: 401
2020-03-31 00:46:36,903 ERROR generate_request_header(): authGSSClientStep() failed:
Traceback (most recent call last):
File "C:\Program Files (x86)\wapt\lib\site-packages\requests_kerberos\kerberos_.py", line 227, in generate_request_header
channel_bindings=self.cbt_struct)
GSSError: SSPI: InitializeSecurityContext: La cible spécifiée est inconnue ou inaccessible

Traceback (most recent call last):
File "C:\Program Files (x86)\wapt\lib\logging\__init__.py", line 868, in emit
msg = self.format(record)
File "C:\Program Files (x86)\wapt\lib\logging\__init__.py", line 741, in format
return fmt.format(record)
File "C:\Program Files (x86)\wapt\lib\logging\__init__.py", line 476, in format
raise e
UnicodeDecodeError: 'ascii' codec can't decode byte 0xe9 in position 44: ordinal not in range(128)
Logged from file kerberos_.py, line 243
2020-03-31 00:46:36,917 DEBUG handle_401(): returning <Response [401]>
2020-03-31 00:46:36,917 DEBUG handle_response(): returning <Response [401]>
2020-03-31 00:46:36,918 DEBUG handle_response() has seen 0 401 responses
2020-03-31 00:46:36,920 DEBUG handle_401(): Handling: 401
2020-03-31 00:46:36,921 ERROR generate_request_header(): authGSSClientStep() failed:
Traceback (most recent call last):
File "C:\Program Files (x86)\wapt\lib\site-packages\requests_kerberos\kerberos_.py", line 227, in generate_request_header
channel_bindings=self.cbt_struct)
GSSError: SSPI: InitializeSecurityContext: La cible spécifiée est inconnue ou inaccessible

Traceback (most recent call last):
File "C:\Program Files (x86)\wapt\lib\logging\__init__.py", line 868, in emit
msg = self.format(record)
File "C:\Program Files (x86)\wapt\lib\logging\__init__.py", line 741, in format
return fmt.format(record)
File "C:\Program Files (x86)\wapt\lib\logging\__init__.py", line 476, in format
raise e
UnicodeDecodeError: 'ascii' codec can't decode byte 0xe9 in position 44: ordinal not in range(128)
Logged from file kerberos_.py, line 243
2020-03-31 00:46:36,938 DEBUG handle_401(): returning <Response [401]>
2020-03-31 00:46:36,940 DEBUG handle_response(): returning <Response [401]>
2020-03-31 00:46:36,940 DEBUG handle_response() has seen 1 401 responses
2020-03-31 00:46:36,941 DEBUG handle_response(): returning 401 <Response [401]>
FATAL ERROR : EWaptBadServerAuthentication: Authentication failed on server https://monserveur.mondomaine.local for action add_host_kerberos
Traceback (most recent call last):
File "<string>", line 1431, in <module>
File "<string>", line 1213, in main
File "C:\Program Files (x86)\wapt\common.py", line 5496, in register_computer
signer = self.get_host_certificate().cn
File "C:\Program Files (x86)\wapt\common.py", line 1924, in post
raise EWaptBadServerAuthentication('Authentication failed on server %s for action %s' % (self.server_url,action))
common.EWaptBadServerAuthentication: Authentication failed on server https://monserveur.mondomaine.local for action add_host_kerberos
Exception at 004426A0: EPyException:
EWaptBadServerAuthentication: Authentication failed on server https://monserveur.mondomaine.local for action add_host_kerberos.




Voici le contenu du wapt-get.ini côté client :

[global]
repo_url=https://monserveur.mondomaine.local/wapt
send_usage_report=1
use_hostpackages=1
wapt_server=https://monserveur.mondomaine.local
use_kerberos=1
check_certificates_validity=1
verify_cert=1
uuid=rnd-F83FD832-F054-4F38-99-95-EF-B2-75-54-F0-EF
dnsdomain=mondomaine.local
max_gpo_script_wait=180
pre_shutdown_timeout=180
hiberboot_enabled=0
host_profiles=
use_repo_rules=0
waptaudit_task_period=120m
[wapt-templates]
repo_url=https://store.wapt.fr/wapt
verify_cert=1
[waptwua]
enabled=true
default_allow=true
install_at_shutdown=true
download_scheduling=7d
allow_direct_download=true


Ca fait plusieurs heures que je tourne en rond sans réussir à solutionner ...
Auriez-vous une idée pour m'aider à solutionner cela ??

Merci beaucoup !!

Re: Echec Authentification Kerberos - WAPT 1.8.1

Posté : 31 mars 2020 - 08:57
par sfonteneau
Bonjour

Pouvez-vous me dire si (dans un psexec un klist) donne bien un ticket ?

Vous pouvez également suivre ce sujet : viewtopic.php?f=13&t=2198

suite a la lecture du poste, pouvez-vous me dire si lorsque vous visitez https://srvwapt.mydomain.lan/add_host_kerberos le message est bien "Method Not Allowed"

Simon

Re: Echec Authentification Kerberos - WAPT 1.8.1

Posté : 31 mars 2020 - 10:00
par nca
Bonjour,

Après avoir purgé tous les tickets et relancé le register via psexec, j'obtiens bien un nouveau ticket

C:\Windows\system32>klist

LogonId est 0:0x3e7

Tickets mis en cache : (1)

#0> Client : tech-fc7ghm2$ @ MONDOMAINE.LOCAL
Serveur : krbtgt/MONDOMAINE.LOCAL @ MONDOMAINE.LOCAL
Type de chiffrement KerbTicket : RSADSI RC4-HMAC(NT)
Indicateurs de tickets 0x40e10000 -> forwardable renewable initial pre_authent name_canonicalize
Heure de démarrage : 3/31/2020 9:48:37 (Local)
Heure de fin : 3/31/2020 19:48:37 (Local)
Heure de renouvellement : 4/7/2020 9:48:37 (Local)
Type de clé de session : AES-256-CTS-HMAC-SHA1-96
Indicateurs de cache : 0x1 -> PRIMARY
KDC appelé : AD.MONDOMAINE.LOCAL


l'accès au /add_host_kerberos me donne un popup, si je tente une authentification, je finis par obtenir une erreur 403 "Forbidden"

Dans les logs que j'ai activé sur le serveur, j'obtiens cela :


2020/03/31 09:53:47 [debug] 1230#0: *330 write new buf t:1 f:0 000055AD6C9FECE0,
pos 000055AD6C9FECE0, size: 221 file: 0, size: 0
2020/03/31 09:53:47 [debug] 1230#0: *330 http write filter: l:0 f:0 s:221
2020/03/31 09:53:47 [debug] 1230#0: *330 http output filter "/add_host_kerberos?
"
2020/03/31 09:53:47 [debug] 1230#0: *330 http copy filter: "/add_host_kerberos?"
2020/03/31 09:53:47 [debug] 1230#0: *330 image filter
2020/03/31 09:53:47 [debug] 1230#0: *330 xslt filter body
2020/03/31 09:53:47 [debug] 1230#0: *330 http postpone filter "/add_host_kerbero
s?" 000055AD6CA9EEF0
2020/03/31 09:53:47 [debug] 1230#0: *330 write old buf t:1 f:0 000055AD6C9FECE0,
pos 000055AD6C9FECE0, size: 221 file: 0, size: 0
2020/03/31 09:53:47 [debug] 1230#0: *330 write new buf t:0 f:0 0000000000000000,
pos 000055AD6B945660, size: 126 file: 0, size: 0
2020/03/31 09:53:47 [debug] 1230#0: *330 write new buf t:0 f:0 0000000000000000,
pos 000055AD6B945C40, size: 53 file: 0, size: 0
2020/03/31 09:53:47 [debug] 1230#0: *330 http write filter: l:1 f:0 s:400
2020/03/31 09:53:47 [debug] 1230#0: *330 http write filter limit 0
2020/03/31 09:53:47 [debug] 1230#0: *330 malloc: 000055AD6CA9FA10:16384
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL buf copy: 221
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL buf copy: 126
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL buf copy: 53
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL to write: 400
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_write: 400
2020/03/31 09:53:47 [debug] 1230#0: *330 http write filter 0000000000000000
2020/03/31 09:53:47 [debug] 1230#0: *330 http copy filter: 0 "/add_host_kerberos
?"
2020/03/31 09:53:47 [debug] 1230#0: *330 http finalize request: 0, "/add_host_ke
rberos?" a:1, c:2
2020/03/31 09:53:47 [debug] 1230#0: *330 event timer add: 6: 5000:31381964
2020/03/31 09:53:47 [debug] 1230#0: *330 http request count:2 blk:0
2020/03/31 09:53:47 [debug] 1230#0: *330 http run request: "/add_host_kerberos?"
2020/03/31 09:53:47 [debug] 1230#0: *330 http read discarded body
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_read: -1
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_get_error: 2
2020/03/31 09:53:47 [debug] 1230#0: *330 event timer: 6, old: 31381964, new: 313
81966
2020/03/31 09:53:47 [debug] 1230#0: *330 http run request: "/add_host_kerberos?"
2020/03/31 09:53:47 [debug] 1230#0: *330 http read discarded body
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_read: -1
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_get_error: 2
2020/03/31 09:53:47 [debug] 1230#0: *330 event timer: 6, old: 31381964, new: 313
81966
2020/03/31 09:53:47 [debug] 1230#0: *330 http run request: "/add_host_kerberos?"
2020/03/31 09:53:47 [debug] 1230#0: *330 http read discarded body
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_read: -1
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_get_error: 2
2020/03/31 09:53:47 [debug] 1230#0: *330 event timer: 6, old: 31381964, new: 313
81966
2020/03/31 09:53:47 [debug] 1230#0: *330 http run request: "/add_host_kerberos?"
2020/03/31 09:53:47 [debug] 1230#0: *330 http read discarded body
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_read: -1
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_get_error: 2
2020/03/31 09:53:47 [debug] 1230#0: *330 event timer: 6, old: 31381964, new: 313
81966
2020/03/31 09:53:47 [debug] 1230#0: *330 http run request: "/add_host_kerberos?"
2020/03/31 09:53:47 [debug] 1230#0: *330 http read discarded body
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_read: -1
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_get_error: 2
2020/03/31 09:53:47 [debug] 1230#0: *330 event timer: 6, old: 31381964, new: 313
81966
2020/03/31 09:53:47 [debug] 1230#0: *330 http run request: "/add_host_kerberos?"
2020/03/31 09:53:47 [debug] 1230#0: *330 http read discarded body
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_read: 4096
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_read: 4096
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_read: 4096
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_read: 4096
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_read: -1
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_get_error: 2
2020/03/31 09:53:47 [debug] 1230#0: *330 event timer: 6, old: 31381964, new: 313
81969
2020/03/31 09:53:47 [debug] 1230#0: *330 http run request: "/add_host_kerberos?"
2020/03/31 09:53:47 [debug] 1230#0: *330 http read discarded body
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_read: -1
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_get_error: 2
2020/03/31 09:53:47 [debug] 1230#0: *330 event timer: 6, old: 31381964, new: 313
81970
2020/03/31 09:53:47 [debug] 1230#0: *330 http run request: "/add_host_kerberos?"
2020/03/31 09:53:47 [debug] 1230#0: *330 http read discarded body
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_read: -1
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_get_error: 2
2020/03/31 09:53:47 [debug] 1230#0: *330 event timer: 6, old: 31381964, new: 313
81977
2020/03/31 09:53:47 [debug] 1230#0: *330 http run request: "/add_host_kerberos?"
2020/03/31 09:53:47 [debug] 1230#0: *330 http read discarded body
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_read: -1
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_get_error: 2
2020/03/31 09:53:47 [debug] 1230#0: *330 event timer: 6, old: 31381964, new: 313
81977
2020/03/31 09:53:47 [debug] 1230#0: *330 http run request: "/add_host_kerberos?"
2020/03/31 09:53:47 [debug] 1230#0: *330 http read discarded body
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_read: -1
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_get_error: 2
2020/03/31 09:53:47 [debug] 1230#0: *330 event timer: 6, old: 31381964, new: 313
81977
2020/03/31 09:53:47 [debug] 1230#0: *330 http run request: "/add_host_kerberos?"
2020/03/31 09:53:47 [debug] 1230#0: *330 http read discarded body
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_read: 4096
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_read: 4096
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_read: 4096
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_read: 4096
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_read: -1
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_get_error: 2
2020/03/31 09:53:47 [debug] 1230#0: *330 event timer: 6, old: 31381964, new: 313
81978
2020/03/31 09:53:47 [debug] 1230#0: *330 http run request: "/add_host_kerberos?"
2020/03/31 09:53:47 [debug] 1230#0: *330 http read discarded body
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_read: 1302
2020/03/31 09:53:47 [debug] 1230#0: *330 http finalize request: -4, "/add_host_k
erberos?" a:1, c:1
2020/03/31 09:53:47 [debug] 1230#0: *330 set http keepalive handler
2020/03/31 09:53:47 [debug] 1230#0: *330 http close request
2020/03/31 09:53:47 [debug] 1230#0: *330 http log handler
2020/03/31 09:53:47 [debug] 1230#0: *330 free: 000055AD6C9FDDE0, unused: 0
2020/03/31 09:53:47 [debug] 1230#0: *330 free: 000055AD6CA9EA00, unused: 2621
2020/03/31 09:53:47 [debug] 1230#0: *330 free: 000055AD6C992CF0
2020/03/31 09:53:47 [debug] 1230#0: *330 hc free: 0000000000000000
2020/03/31 09:53:47 [debug] 1230#0: *330 hc busy: 0000000000000000 0
2020/03/31 09:53:47 [debug] 1230#0: *330 free: 000055AD6CA9FA10
2020/03/31 09:53:47 [debug] 1230#0: *330 reusable connection: 1
2020/03/31 09:53:47 [debug] 1230#0: *330 event timer del: 6: 31381964
2020/03/31 09:53:47 [debug] 1230#0: *330 event timer add: 6: 65000:31441978
2020/03/31 09:53:47 [debug] 1230#0: *330 post event 000055AD6CA6EC80
2020/03/31 09:53:47 [debug] 1230#0: *330 delete posted event 000055AD6CA6EC80
2020/03/31 09:53:47 [debug] 1230#0: *330 http keepalive handler
2020/03/31 09:53:47 [debug] 1230#0: *330 malloc: 000055AD6C992CF0:1024
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_read: -1
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_get_error: 2
2020/03/31 09:53:47 [debug] 1230#0: *330 free: 000055AD6C992CF0
2020/03/31 09:53:47 [debug] 1230#0: *330 http keepalive handler
2020/03/31 09:53:47 [debug] 1230#0: *330 malloc: 000055AD6C992CF0:1024
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_read: -1
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_get_error: 2
2020/03/31 09:53:47 [debug] 1230#0: *330 free: 000055AD6C992CF0
2020/03/31 09:53:47 [debug] 1230#0: *330 http keepalive handler
2020/03/31 09:53:47 [debug] 1230#0: *330 malloc: 000055AD6C992CF0:1024
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_read: -1
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_get_error: 2
2020/03/31 09:53:47 [debug] 1230#0: *330 free: 000055AD6C992CF0
2020/03/31 09:53:47 [debug] 1230#0: *330 http keepalive handler
2020/03/31 09:53:47 [debug] 1230#0: *330 malloc: 000055AD6C992CF0:1024
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_read: -1
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_get_error: 2
2020/03/31 09:53:47 [debug] 1230#0: *330 free: 000055AD6C992CF0
2020/03/31 09:53:47 [debug] 1230#0: *330 http keepalive handler
2020/03/31 09:53:47 [debug] 1230#0: *330 malloc: 000055AD6C992CF0:1024
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_read: -1
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_get_error: 2
2020/03/31 09:53:47 [debug] 1230#0: *330 free: 000055AD6C992CF0
2020/03/31 09:53:47 [debug] 1230#0: *330 http keepalive handler
2020/03/31 09:53:47 [debug] 1230#0: *330 malloc: 000055AD6C992CF0:1024
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_read: -1
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_get_error: 2
2020/03/31 09:53:47 [debug] 1230#0: *330 free: 000055AD6C992CF0
2020/03/31 09:53:47 [debug] 1230#0: *330 http keepalive handler
2020/03/31 09:53:47 [debug] 1230#0: *330 malloc: 000055AD6C992CF0:1024
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_read: -1
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_get_error: 2
2020/03/31 09:53:47 [debug] 1230#0: *330 free: 000055AD6C992CF0
2020/03/31 09:53:47 [debug] 1230#0: *330 http keepalive handler
2020/03/31 09:53:47 [debug] 1230#0: *330 malloc: 000055AD6C992CF0:1024
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_read: -1
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_get_error: 2
2020/03/31 09:53:47 [debug] 1230#0: *330 free: 000055AD6C992CF0
2020/03/31 09:53:47 [debug] 1230#0: *330 http keepalive handler
2020/03/31 09:53:47 [debug] 1230#0: *330 malloc: 000055AD6C992CF0:1024
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_read: 1024
2020/03/31 09:53:47 [debug] 1230#0: *330 reusable connection: 0
2020/03/31 09:53:47 [debug] 1230#0: *330 posix_memalign: 000055AD6C9FDDE0:4096 @
16
2020/03/31 09:53:47 [debug] 1230#0: *330 http cl:49760 max:4294967296
2020/03/31 09:53:47 [debug] 1230#0: *330 rewrite phase: 3
2020/03/31 09:53:47 [debug] 1230#0: *330 post rewrite phase: 4
2020/03/31 09:53:47 [debug] 1230#0: *330 generic phase: 5
2020/03/31 09:53:47 [debug] 1230#0: *330 generic phase: 6
2020/03/31 09:53:47 [debug] 1230#0: *330 generic phase: 7
2020/03/31 09:53:47 [debug] 1230#0: *330 generic phase: 8
2020/03/31 09:53:47 [debug] 1230#0: *330 access phase: 9
2020/03/31 09:53:47 [debug] 1230#0: *330 SSO auth handling IN: token.len=0, head
=0, ret=401
2020/03/31 09:53:47 [debug] 1230#0: *330 Begin auth
2020/03/31 09:53:47 [debug] 1230#0: *330 Detect basic auth
2020/03/31 09:53:47 [debug] 1230#0: *330 Detect SPNEGO token
2020/03/31 09:53:47 [debug] 1230#0: *330 SSO auth handling OUT: token.len=0, hea
d=1, ret=401
2020/03/31 09:53:47 [debug] 1230#0: *330 http finalize request: 401, "/add_host_
kerberos?" a:1, c:1
2020/03/31 09:53:47 [debug] 1230#0: *330 http special response: 401, "/add_host_
kerberos?"
2020/03/31 09:53:47 [debug] 1230#0: *330 http set discard body
2020/03/31 09:53:47 [debug] 1230#0: *330 http read discarded body
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_read: 4096
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_read: 4096
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_read: 4096
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_read: 3072
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_read: -1
2020/03/31 09:53:47 [debug] 1230#0: *330 SSL_get_error: 2
2020/03/31 09:53:47 [debug] 1230#0: *330 xslt filter header
2020/03/31 09:53:47 [debug] 1230#0: *330 HTTP/1.1 401 Unauthorized

Server: nginx/1.16.1
Date: Tue, 31 Mar 2020 07:53:47 GMT
Content-Type: text/html
Content-Length: 179
Connection: keep-alive
WWW-Authenticate: Negotiate
WWW-Authenticate: Basic realm=""



Pour le reste, j'ai effectivement déjà suivi avec attention le topic de l'utilisatrice Rebecca bloqué également sur la configuration de cette authentification, mais je n'ai pas réussi à avancer plus ...

(aucun décalage horaire notamment...)

Re: Echec Authentification Kerberos - WAPT 1.8.1

Posté : 31 mars 2020 - 17:17
par sfonteneau
Information pour les autres utilisateurs du forum :

Nous nous sommes contactés par téléphone (contact téléphone réservé au client wapt entreprise),

Nous avons repris la procédure de bout en bout ensemble et cela fonctionne ;)

Re: [RESOLU] Echec Authentification Kerberos - WAPT 1.8.1

Posté : 27 mai 2020 - 17:17
par sfonteneau
Je réup le poste puisque je viens de trouver une solution différente

Si vous êtes sur centos vous povuez tenter de lancer un

Code : Tout sélectionner

restorecon -v -R /etc/nginx/
systemctl restart nginx
Heures au format UTC+02:00
Page 1 sur 1

Développé par phpBB® Forum Software © phpBB Limited

Traduit par phpBB-fr.com