qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From eugene <eugen.ra...@gmail.com>
Subject qpidd 0.14 + Kerberos + Active Directory on Windows 2003 Server
Date Thu, 26 Jul 2012 12:48:55 GMT
Well the setup is pretty much in the subject of the message.

Here is what I did more:

0. Specify the needed params in krb5.conf (mainly the kdc and realms is
important), important here is that 
: kinit user@OURDOMAIN.COM works fine! I do get a Ticket Granting Ticket
(which I can see with klist).

1. On the AD side I mapped the user to the SPN. (setspn -A
qpidd/vmvmrg@OURDOMAIN.COM user)
2. Generated the keytab with ktpas on the AD box:

ktpass -out c:\temp\qpidd.keytab
-princ qpidd/vmvmrg@OURDOMAIN.COM
-mapUser user
-mapOp set 
-pass ******
-crypto DES-CBC-MD5 
-pType KRB5_NT_PRINCIPAL
+DesOnly

3. Put the keytab file in /etc

4. Invoke a sample connection. String URL for connection is:

"amqp://ananymous:guest@clientid/testpath?brokerlist='tcp://10.1.10.89:5672?sasl_mechs='GSSAPI'&sasl_protocol='qpidd'&sasl_server='vmvmrg''";

As a result I get:
AMQConnectionFailureException: Cannot connect to broker : connection-refused
: Authentication Failed (error code 320 : connection forced).

Seems (and may be I am wrong) like the params that I send in the connection
url are wrong.

Anyone with an opinion?

Thank You,
Eugene. 



--
View this message in context: http://apache-qpid-developers.2158895.n2.nabble.com/qpidd-0-14-Kerberos-Active-Directory-on-Windows-2003-Server-tp7581381.html
Sent from the Apache Qpid developers mailing list archive at Nabble.com.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org


Mime
View raw message