473,322 Members | 1,493 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,322 software developers and data experts.

Error in binding ADAM using windows account

Hi All,

I am trying to bind to ADAM instance with a windows user through JNDI and it keeps failing. My ADAM and AD is running on same Windows 2k3 server.
But, through LDP I am able to bind with the same windows user successfully and browse through the entire tree successfully.

The error is as below


Kerberos username [CHOUKSE]:
Kerberos password for CHOUKSE: password
Context initialization attempt failed
javax.naming.AuthenticationException: [LDAP: error code 49 - 8009030C: LdapErr: DSID-0C090441, comment: AcceptSecurityContext error, data 56, vece]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknow n Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknow n Source)
at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unkno wn Source)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unkn own Source)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstanc e(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext (Unknown Source)
at javax.naming.spi.NamingManager.getInitialContext(U nknown Source)
at javax.naming.InitialContext.getDefaultInitCtx(Unkn own Source)
at javax.naming.InitialContext.init(Unknown Source)
at javax.naming.InitialContext.<init>(Unknown Source)
at javax.naming.directory.InitialDirContext.<init>(Un known Source)
at com.nortel.kerberos.action.JndiAction.performJndiO peration(JndiAction.java:63)
at com.nortel.kerberos.action.JndiAction.run(JndiActi on.java:27)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Unknown Source)
at com.nortel.kerberos.cli.KerberosAuthenticator.main (KerberosAuthenticator.java:87)

My code is as follows


Expand|Select|Wrap|Line Numbers
  1. package com.nortel.kerberos.cli;
  2.  
  3. import java.util.Hashtable;
  4.  
  5. import javax.naming.Context;
  6. import javax.naming.NamingException;
  7. import javax.naming.directory.DirContext;
  8. import javax.naming.directory.InitialDirContext;
  9. import javax.security.auth.Subject;
  10. import javax.security.auth.login.LoginContext;
  11. import javax.security.auth.login.LoginException;
  12.  
  13. import com.nortel.kerberos.handler.KerberosCallBackHandler;
  14.  
  15. public class KerberosAuthenticator1
  16. {
  17.  
  18.     public static void main(String[] args) {
  19.  
  20.     // 1. Log in (to Kerberos)
  21.     LoginContext lc = null;
  22.     try
  23.     {
  24.         lc = new LoginContext(KerberosAuthenticator.class.getName(),
  25.         new KerberosCallBackHandler());
  26.         // Attempt authentication
  27.         lc.login();
  28.  
  29.     }
  30.     catch (LoginException le) {
  31.         System.err.println("Authentication attempt failed " + le);
  32.         System.exit(-1);
  33.     }
  34.  
  35.     // 2. Perform JNDI work as logged in subject
  36.     Subject.doAs(lc.getSubject(), new JndiAction1(args));
  37.     }
  38. }
  39.  
  40. class JndiAction1 implements java.security.PrivilegedAction
  41. {
  42.     private String[] args;
  43.     public JndiAction1(String[] origArgs)
  44.     {
  45.         this.args = (String[])origArgs.clone();
  46.     }
  47.     public Object run()
  48.     {
  49.         performJndiOperation(args);
  50.         return null;
  51.     }
  52.  
  53.     private static void performJndiOperation(String[] args)
  54.     {
  55.         String dn;
  56.  
  57.         // Set up environment for creating initial context
  58.         Hashtable<String, String> env = new Hashtable<String, String>();
  59.  
  60.         env.put(Context.INITIAL_CONTEXT_FACTORY, 
  61.             "com.sun.jndi.ldap.LdapCtxFactory");
  62.  
  63.         // Must use fully qualified hostname
  64.         env.put(Context.PROVIDER_URL, 
  65.             "ldap://ac007899.shell.com:50000");
  66.  
  67.         // Request the use of the "GSSAPI" SASL mechanism
  68.         // Authenticate by using already established Kerberos credentials
  69.         env.put(Context.SECURITY_AUTHENTICATION, "GSSAPI");
  70.         // Optional first argument is comma-separated list of auth, auth-int, 
  71.         // auth-conf
  72.         if (args.length > 0) {
  73.             env.put("javax.security.sasl.qop", args[0]);
  74.             dn = args[1];
  75.         } else {
  76.             dn = "O=Nortel,C=CA";
  77.         }
  78.  
  79.         try
  80.         {        
  81.             /* Create initial context */
  82.             DirContext ctx = new InitialDirContext(env);
  83.  
  84.             System.out.println(ctx.getAttributes(dn));
  85.  
  86.             // Close the context when we're done
  87.             ctx.close();
  88.         }
  89.         catch (NamingException e)
  90.         {
  91.             System.err.println("Context initialization attempt failed");
  92.             e.printStackTrace();
  93.         }
  94.     }
  95. }
Expand|Select|Wrap|Line Numbers
  1. package com.nortel.kerberos.handler;
  2.  
  3. import javax.security.auth.callback.*;
  4. import java.io.IOException;
  5. import java.io.BufferedReader;
  6. import java.io.InputStreamReader;
  7.  
  8. /**
  9.  * KerberosCallBackHandler a callback handler for use with SASL. Used with
  10.  * KerberosAuthenticator.java.
  11.  */
  12. public class KerberosCallBackHandler implements CallbackHandler
  13. {
  14.    public void handle( Callback[] callbacks ) throws java.io.IOException,
  15.          UnsupportedCallbackException
  16.    {
  17.       for (int i = 0; i < callbacks.length; i++)
  18.       {
  19.          if (callbacks[i] instanceof NameCallback)
  20.          {
  21.             NameCallback cb = (NameCallback) callbacks[i];
  22.             cb.setName( getInput( cb.getPrompt() ) );
  23.          }
  24.          else if (callbacks[i] instanceof PasswordCallback)
  25.          {
  26.             PasswordCallback cb = (PasswordCallback) callbacks[i];
  27.  
  28.             String pw = getInput( cb.getPrompt() );
  29.             char[] passwd = new char[pw.length()];
  30.             pw.getChars( 0, passwd.length, passwd, 0 );
  31.  
  32.             cb.setPassword( passwd );
  33.          }
  34.          else
  35.          {
  36.             throw new UnsupportedCallbackException( callbacks[i] );
  37.          }
  38.       }
  39.    }
  40.  
  41.    /**
  42.     * A reader from Standard Input. In real world apps, this would typically
  43.     * be a TextComponent or similar widget.
  44.     */
  45.    private String getInput( String prompt ) throws IOException
  46.    {
  47.       System.out.print( prompt );
  48.       BufferedReader in = new BufferedReader( new InputStreamReader(
  49.             System.in ) );
  50.       return in.readLine();
  51.    }
  52. }
Here is my krb5.conf file, please check if incase I am missing anything.

Expand|Select|Wrap|Line Numbers
  1. #krb5.conf
  2. [libdefaults]
  3.     default_realm = SHELL.COM
  4.     default_checksum = rsa-md5
  5.  
  6. [realms]
  7.     SHELL.COM = {
  8.           kdc = ac007899.shell.com
  9.           admin_server = ac007899.shell.com
  10.           default_domain = shell.com
  11.     }
  12.  
  13. [domain_realm]
  14.     .shell.com= SHELL.COM
  15.     shell.com= SHELL.COM
  16.  
  17. [appdefaults]
  18.     kinit = {
  19.           renewable = true
  20.           forwardable= true
  21.     }
I am able to authenticate AD with following changes in code:

Expand|Select|Wrap|Line Numbers
  1. // Connect to the AD instance
  2. String ldapURL = "ldap://ac007899.shell.com:389";
  3. env.put(Context.PROVIDER_URL,ldapURL);
  4. ....
  5. //Specify the Base for the search
  6. dn = "DC=shell,DC=com";

Please let me know, if I am missing anything.
Please help me out, I am stuck with this problem.
Dec 6 '07 #1
0 2013

Sign in to post your reply or Sign up for a free account.

Similar topics

0
by: adamsbarker | last post by:
i'm using Windows to access an ssh server. everything works perfect until i try executing files (ssh2_exec) and sending/receiving files (ssh2_scp_send/ssh2_scp_recv)... in the function manual at...
1
by: Troy Murphy | last post by:
I am attempting to follow the walkthru: Creating a Windows Service Application in the Component Designer. I get the error: JIT Debugging failed with the following error: Access is Denied. JIT...
1
by: Marlon | last post by:
I got the error message below when I try to open a connection with code: Dim connection As New OdbcConnection("Driver={Microsoft Text Driver (*.txt; *.csv)};DBQ=C:\Inetpub\aesd")...
3
by: Christopher | last post by:
One of our ASP.NET Pages is starting a new Process using the Process object. When the process starts, it is started under the ASPNET User. We tried editing the web.config file and the...
2
by: Maziar Aflatoun | last post by:
Hi guys, I'm using Windows authentication to connect to SQL Server 2000. On my computer the connection is fine. Now if I move it to a remote server, how to I hard code my Username/Password in...
5
by: Cleyton | last post by:
Hi! I would like to know if is it possible start an application through WINDOWS SERVICE using System.Diagnostics.Process.Start()? I've tried to do this but nothing happens. Tks!
1
by: Marcus | last post by:
Hi, My Windows account do not have administrator priviliges anymore even though the user account window accessible from the control panel claims I do. I did my first time programming with...
0
by: shinevpaul | last post by:
I am trying to create user account in ADAM using ASP .Net 2.0 / C#. but giving an exception on "setpassword" property. The code is as follows: : user.Invoke("SetPassword", new object {...
1
by: Bassem | last post by:
Hello, I'm new to IIS, I was just using it for tests from my IDE. I'm totally confused about the difference between FTP account user name and password and regular windows account. Is each FTP...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.