krb5.conf
[libdefaults]
default_realm = TEST.NL
default_tkt_enctypes = aes256-cts-hmac-sha1-96,aes128-cts-hmac-sha1-96
default_tgs_enctypes = aes256-cts-hmac-sha1-96,aes128-cts-hmac-sha1-96
forwardable=true
[realms]
TEST.NL = {
kdc = tst-crm20.test.nl:443
}
[domain_realm]
test.nl= TEST.NL
.test.nl= TEST.NL
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
jaas.conf
JMeter {
com.sun.security.auth.module.Krb5LoginModule required
doNotPrompt=false
useKeyTab=false
storeKey=false;
};
On rerunning I recieved the following error (which I have not seen before:
2015/01/16 09:57:52 WARN -
org.apache.http.client.protocol.RequestTargetAuthentication: NEGOTIATE
authentication error: No valid credentials provided (Mechanism level: No
valid credentials provided (Mechanism level: Failed to find any Kerberos
tgt))
*Martijn de Vrieze*
Phone: +31618707784 | Skype: martijndevrieze | gtalk:
[email protected] | Twitter:
http://www.twitter.com/martijndevrieze | Linkedin:
http://www.linkedin.com/in/martijndevrieze | Home:
http://www.martijndevrieze.nl
On Fri, Jan 16, 2015 at 9:01 AM, Felix Schumacher <
[email protected]> wrote:
> Am 15.01.2015 22:48, schrieb Martijn de Vrieze:
>
> I have been struggling somewhat with JMeter and kerberos lately. Google so
>> far has not been able to help me out with the issue I am facing.
>>
>> The system under test is a Microsoft CRM 2013 platform, up until a few
>> days
>> ago my tests worked fine since basic auth was switched on. However on the
>> most recent drop with changes they also switched over to kerberos auth
>> only.
>>
>> I have:
>> * filled in the KRB5.CONF with all relevant information
>> * HTTP AUTH Manager in the script with base URL, username, password,
>> domain and KERBEROS filled in
>> * HTTP Request defaults to ensure and enforce HTTP4 use, HTTPS over port
>> 443 and the same base URL all over the place
>>
>> However I cannot get it to work properly, logging in simply refuses to
>> work
>> for me. I'd really appreciate some help here, I use Jmeter fairly often,
>> with this I am however completely stuck.
>>
>> When running the first step, which instantly receives the KERBEROS ath
>> request I get the following in my logs:
>>
>> 2015/01/15 17:13:02 INFO - jmeter.threads.JMeterThread: Thread started:
>> Jmeter 1-1
>> 2015/01/15 17:13:02 INFO - jmeter.services.FileServer: Stored: users.csv
>> 2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.CacheManager:
>> GET(OAH) http://tst-crm20.test.nl/TEST/main.aspx null
>> 2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.
>> HC4CookieHandler:
>> Found 0 cookies for http://tst-crm20.test.nl/TEST/main.aspx
>> 2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.CacheManager:
>> inCache http://tst-crm20.test.nl/TEST/main.aspx null
>> 2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.AuthManager:
>> Target URL strings to match against: http://tst-crm20.test.nl/TEST/
>> main.aspx
>> and http://tst-crm20.test.nl:80/TEST/main.aspx
>> <http://tst-crm20.test.nl/TEST/main.aspx>
>> 2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.AuthManager:
>> Checking match against auth'n entry: http://tst-crm20.test.nl
>> 2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.AuthManager:
>> Matched
>> 2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.AuthManager:
>> Target URL strings to match against: http://tst-crm20.test.nl/TEST/
>> main.aspx
>> and http://tst-crm20.test.nl:80/TEST/main.aspx
>> <http://tst-crm20.test.nl/TEST/main.aspx>
>> 2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.AuthManager:
>> Checking match against auth'n entry: http://tst-crm20.test.nl
>> 2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.AuthManager:
>> Matched
>> 2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.AuthManager:
>> m.devrieze > D=TEST R= M=KERBEROS
>> 2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.CacheManager:
>> GET(OAH) http://tst-crm20.test.nl/TEST/main.aspx null
>> 2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.
>> HC4CookieHandler:
>> Found 0 cookies for http://tst-crm20.test.nl/TEST/main.aspx
>> 2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.CacheManager:
>> inCache http://tst-crm20.test.nl/TEST/main.aspx null
>> 2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.AuthManager:
>> Target URL strings to match against: http://tst-crm20.test.nl/TEST/
>> main.aspx
>> and http://tst-crm20.test.nl:80/TEST/main.aspx
>> <http://tst-crm20.test.nl/TEST/main.aspx>
>> 2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.AuthManager:
>> Checking match against auth'n entry: http://tst-crm20.test.nl
>> 2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.AuthManager:
>> Matched
>> 2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.KerberosManager:
>> Subject cached:[] before:m.devrieze
>> 2015/01/15 17:14:32 WARN - jmeter.protocol.http.control.KerberosManager:
>> Could not log in user m.devrieze javax.security.auth.login.
>> LoginException:
>> Receive timed out
>>
> It seems, that the kerberos server did not answer the request for a
> service ticket (at least not within the default timeout of 30s).
> Could you rerun the test with the java system property
> "sun.security.krb5.debug" set to true?
>
> Could you post the contents of your krb5.conf and jaas.conf file?
>
> Regards
> Felix
>
>>
>> *Thanks! *
>>
>> *Martijn de Vrieze*
>>
>>
>> Skype: martijndevrieze | gtalk: [email protected] | Twitter:
>> http://www.twitter.com/martijndevrieze |
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [email protected]
> For additional commands, e-mail: [email protected]
>
>
