PRoblem when i am trying to authinticate to AD us gss
I am trying to access active directory using JAAS nut when i run my code a get the attached message
D:\JDeveloper10G\jdk\bin>java jasldap
GSSException: No valid credentials provided (Mechanism level: Failed to find any
Kerberos Ticket)
at sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredent
ial.java:133)
at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechF
actory.java:72)
at sun.security.jgss.GSSManagerImpl.getCredentialElement(GSSManagerImpl.
java:149)
at sun.security.jgss.GSSCredentialImpl.add(GSSCredentialImpl.java:389)
at sun.security.jgss.GSSCredentialImpl.<init>(GSSCredentialImpl.java:60)
at sun.security.jgss.GSSCredentialImpl.<init>(GSSCredentialImpl.java:37)
at sun.security.jgss.GSSManagerImpl.createCredential(GSSManagerImpl.java
:96)
at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:1
78)
at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:1
58)
at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5
Client.java:155)
at com.sun.jndi.ldap.sasl.LdapSasl.saslBind(LdapSasl.java:105)
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:214)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2637)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:283)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193
)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.ja
va:136)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.jav
a:66)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:6
67)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:247
)
at javax.naming.InitialContext.init(InitialContext.java:223)
at javax.naming.InitialContext.<init>(InitialContext.java:197)
at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.jav
a:82)
at searchLDAP.performSearch(searchLDAP.java:93)
at searchLDAP.run(searchLDAP.java:50)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:337)
at actions.search(actions.java:11)
at jasldap.samaccountname(jasldap.java:14)
at jasldap.<init>(jasldap.java:6)
at jasldap.main(jasldap.java:22)
javax.naming.AuthenticationException: GSSAPI [Root exception is javax.security.s
asl.SaslException: GSS initiate failed [Caused by GSSException: No valid credent
ials provided]]
can anyone help me here
and my code is here
import java.io.*;
public class jasldap
{
public jasldap()
{
samaccountname();
}
public void samaccountname(){
actions pSA = new actions();
pSA.search("f3482","sAMAccountName");
if (searchLDAP.modException != null){
System.out.print(searchLDAP.modException);
}
}
public static void main (String[] args)
{
jasldap ld=new jasldap();
}
}
the seconed class is
import javax.security.auth.Subject;
public class actions {
KerberosaAuth pKA = new KerberosaAuth();
public String search(String sUserName, String sFilter){
pKA.KerberosAuth();
String sTRDN = sUserName;
String sResults = new String();
sResults = (Subject.doAs(pKA.lc.getSubject(), new searchLDAP(sTRDN, sFilter)).toString());
return sResults;
}
}
/-
import java.util.Hashtable;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
class searchLDAP implements java.security.PrivilegedAction {
private static Matcher mGMatch;
private static Pattern pGPattern;
private static String sGDesc = new String();
private static String sRegex = ",DC=fgb,DC=ae";
private static String sGRegex = ",OU=Domain Groups";
private static String ssGRegex = "CN=";
private static String sReplace = "";
public String sTRUN = new String();
public String sFilter = new String();
public static String sName = new String();
private static final long serialVersionUID = 1-1;
public static String sResults = new String();
public static String ssResults = new String();
public static String sUserAttrib = "";
public static String modException;
public String sTRDN = new String();
public String sErrorResult = new String();
public static String[] sAttrIDs;
public static String sSAMField = new String();
public static String sNameField = new String();
public static String sDepartmentField = new String();
public static String sMailField = new String();
public static String sIsAccountLockedField = new String();
public static String sEmployeeIDField = new String();
public searchLDAP(String ssTRDN, String ssFilter) {
sTRDN = ssTRDN;
sFilter = ssFilter;
}
public Object run() {
performSearch(sTRDN,sFilter);
return sResults;
}
private void performSearch(String sTRDN, String sFilter) {
/* Specify the ids of the attributes to return */
sAttrIDs = new String[6];
sAttrIDs [ 0 ] = "sAMAccountName";
sAttrIDs [ 1 ] = "department";
sAttrIDs [ 2 ] = "mail";
sAttrIDs [ 3 ] = "employeeID" ;
sAttrIDs [ 4 ] = "displayName";
sAttrIDs [ 5 ] = "IsAccountLocked";
String[] sGAttrIDs = {"description"};
String[] ssGAttrIDs = new String [ 3 ];
ssGAttrIDs [ 0 ] = "memberOf";
ssGAttrIDs [ 1 ] = "userAccountControl";
ssGAttrIDs [ 2 ] = "sAMAccountName";
Hashtable env = new Hashtable(11);
env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL,"ldap://hoadc0.fgb.ae:389/DC=fgb,DC=ae");
env.put(Context.SECURITY_AUTHENTICATION, "GSSAPI");
env.put("javax.security.sasl.server.authentication", "true");
String filter = "(&("+ sFilter+"=" + sTRDN + ")(!(objectclass=computer)))";
modException = null;
SearchControls constraints = new SearchControls();
constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
//constraints.setReturningAttributes(sAttrIDs);
constraints.setTimeLimit( 6000 );
constraints.setDerefLinkFlag( false );
constraints.setReturningObjFlag( false );
try {
/* Create initial context */
sName = null;
ssResults = null;
modException = null;
DirContext ctx = new InitialDirContext(env);
NamingEnumeration answer = ctx.search ("OU=Departments", filter , constraints );
while (answer != null && answer.hasMore()) {
/* return the partially qualified name CN="", OU="" */
SearchResult nextEntry = ( SearchResult )answer.next();
sName = (nextEntry.getName());
ssResults = sName;
Attributes aAnswer = ctx.getAttributes(sName + ",OU=Departments",sAttrIDs);
if (sTRDN.contains("*")){
}else{
int numLabels = sAttrIDs.length;
for (int i = 0; i < numLabels; i++) {
if ((aAnswer.get(sAttrIDs)) != null) {
sAttrIDs=(aAnswer.get(sAttrIDs).get().toString());
}
}
if (sAttrIDs[3].contains("employeeID")){
sAttrIDs[3]="";
}
if (sAttrIDs[5].contains("IsAccountLocked")){
sAttrIDs[5]="";
}
}
try {
Attributes aGAnswer = ctx.getAttributes(sName + ",OU=Departments",ssGAttrIDs);
if (aGAnswer.toString().contains("514")){
sResults = ((aAnswer.get("sAMAccountName").get()) + " , " + "*******ACCOUNT IS LOCKED*******");
System.out.println(sResults + '\n');
if (sTRDN.contains("*")){
}else{
sAttrIDs[5] = "ACCOUNT IS LOCKED";
}
}else{
sResults = (sName);
}
Attribute amemberOf = aGAnswer.get("memberOf");
if (amemberOf != null){
/* print each value */
NamingEnumeration eGroup = amemberOf.getAll();
while (eGroup.hasMore()) {
sGDesc = (eGroup.nextElement().toString());
pGPattern = Pattern.compile(sGRegex);
mGMatch = pGPattern.matcher(sGDesc);
while(mGMatch.find()) {
pGPattern = Pattern.compile(sRegex);
mGMatch = pGPattern.matcher(sGDesc);
sGDesc = mGMatch.replaceAll(sReplace);
Attributes aGroup = ctx.getAttributes(sGDesc, sGAttrIDs);
/* "sDesc" is the description of the group */
String sDesc = (aGroup.get("description").get().toString());
/* The following replaces the distinguished name "SGDesc" with the cn for display*/
pGPattern = Pattern.compile(ssGRegex);
mGMatch = pGPattern.matcher(sGDesc);
sGDesc = mGMatch.replaceAll(sReplace);
pGPattern = Pattern.compile(sGRegex);
mGMatch = pGPattern.matcher(sGDesc);
sGDesc = mGMatch.replaceAll(sReplace);
System.out.println(sGDesc +": "+ " (" + sDesc + " )");
}
}
}
} catch (NamingException le) {
modException = (le.toString());
sErrorResult = modException;
}
System.out.println(sName + ": "+'\n'+ "Authorization Groups: ");
if (sTRDN.contains("*")){
NamingEnumeration enumUserInfo = aAnswer.getAll();
while(enumUserInfo.hasMoreElements()) {
sResults = (enumUserInfo.nextElement().toString());
System.out.println(sResults);
}
}
}
/***************************************************/
} catch (NamingException e)
{/* open catch */
modException = (e.toString());
sErrorResult = modException;
}/* close catch */
/***************************************************/
}
}
/-
[code][b]import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import com.sun.security.auth.callback.TextCallbackHandler;
publicclass KerberosaAuth{
/********************************************************
*Kerberos Authentication
*********************************************************/
LoginContext lc =null;
publicvoid KerberosAuth(){
java.util.Properties p =
new java.util.Properties(System.getProperties());
p.setProperty("java.security.krb5.realm","fgb.ae");
p.setProperty("java.security.krb5.kdc","hoadc0.fgb.ae");
p.setProperty("java.security.auth.login.config", (getClass().getResource("Jaas.conf")).toString());
System.setProperties(p);
try{
lc =
new LoginContext("GssConf",new TextCallbackHandler());
// Attempt authentication
lc.login();
}catch (LoginException le){
System.err.println("Authentication attempt failed: " + le);
System.exit(-1);
}
}
}[/b]
[/code]
My domain name is fgb.ae and Acive directory Domain Controloer is hoadc0
Please help me here
