Am 16.01.2015 09:58, schrieb Martijn de Vrieze:
krb5.conf
[libdefaults]
default_realm = TEST.NL
default_tkt_enctypes = aes256-cts-hmac-sha1-96,aes128-cts-hmac-sha1-96
default_tgs_enctypes = aes256-cts-hmac-sha1-96,aes128-cts-hmac-sha1-96
forwardable=true
[realms]
TEST.NL = {
kdc = tst-crm20.test.nl:443
This is a strange port for a kdc. I would expect it to listen on 88.
}
[domain_realm]
test.nl= TEST.NL
.test.nl= TEST.NL
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
jaas.conf
JMeter {
com.sun.security.auth.module.Krb5LoginModule required
doNotPrompt=false
useKeyTab=false
storeKey=false;
};
On rerunning I recieved the following error (which I have not seen
before:
2015/01/16 09:57:52 WARN -
org.apache.http.client.protocol.RequestTargetAuthentication: NEGOTIATE
authentication error: No valid credentials provided (Mechanism level:
No
valid credentials provided (Mechanism level: Failed to find any
Kerberos
tgt))
That is probably because you don't connect to the right port and noone
responds to you. Try another kdc port.
Regards
Felix
*Martijn de Vrieze*
Phone: +31618707784 | Skype: martijndevrieze | gtalk:
[email protected] | Twitter:
http://www.twitter.com/martijndevrieze | Linkedin:
http://www.linkedin.com/in/martijndevrieze | Home:
http://www.martijndevrieze.nl
On Fri, Jan 16, 2015 at 9:01 AM, Felix Schumacher <
[email protected]> wrote:
Am 15.01.2015 22:48, schrieb Martijn de Vrieze:
I have been struggling somewhat with JMeter and kerberos lately.
Google so
far has not been able to help me out with the issue I am facing.
The system under test is a Microsoft CRM 2013 platform, up until a
few
days
ago my tests worked fine since basic auth was switched on. However on
the
most recent drop with changes they also switched over to kerberos
auth
only.
I have:
* filled in the KRB5.CONF with all relevant information
* HTTP AUTH Manager in the script with base URL, username, password,
domain and KERBEROS filled in
* HTTP Request defaults to ensure and enforce HTTP4 use, HTTPS over
port
443 and the same base URL all over the place
However I cannot get it to work properly, logging in simply refuses
to
work
for me. I'd really appreciate some help here, I use Jmeter fairly
often,
with this I am however completely stuck.
When running the first step, which instantly receives the KERBEROS
ath
request I get the following in my logs:
2015/01/15 17:13:02 INFO - jmeter.threads.JMeterThread: Thread
started:
Jmeter 1-1
2015/01/15 17:13:02 INFO - jmeter.services.FileServer: Stored:
users.csv
2015/01/15 17:13:02 DEBUG -
jmeter.protocol.http.control.CacheManager:
GET(OAH) http://tst-crm20.test.nl/TEST/main.aspx null
2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.
HC4CookieHandler:
Found 0 cookies for http://tst-crm20.test.nl/TEST/main.aspx
2015/01/15 17:13:02 DEBUG -
jmeter.protocol.http.control.CacheManager:
inCache http://tst-crm20.test.nl/TEST/main.aspx null
2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.AuthManager:
Target URL strings to match against: http://tst-crm20.test.nl/TEST/
main.aspx
and http://tst-crm20.test.nl:80/TEST/main.aspx
<http://tst-crm20.test.nl/TEST/main.aspx>
2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.AuthManager:
Checking match against auth'n entry: http://tst-crm20.test.nl
2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.AuthManager:
Matched
2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.AuthManager:
Target URL strings to match against: http://tst-crm20.test.nl/TEST/
main.aspx
and http://tst-crm20.test.nl:80/TEST/main.aspx
<http://tst-crm20.test.nl/TEST/main.aspx>
2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.AuthManager:
Checking match against auth'n entry: http://tst-crm20.test.nl
2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.AuthManager:
Matched
2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.AuthManager:
m.devrieze > D=TEST R= M=KERBEROS
2015/01/15 17:13:02 DEBUG -
jmeter.protocol.http.control.CacheManager:
GET(OAH) http://tst-crm20.test.nl/TEST/main.aspx null
2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.
HC4CookieHandler:
Found 0 cookies for http://tst-crm20.test.nl/TEST/main.aspx
2015/01/15 17:13:02 DEBUG -
jmeter.protocol.http.control.CacheManager:
inCache http://tst-crm20.test.nl/TEST/main.aspx null
2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.AuthManager:
Target URL strings to match against: http://tst-crm20.test.nl/TEST/
main.aspx
and http://tst-crm20.test.nl:80/TEST/main.aspx
<http://tst-crm20.test.nl/TEST/main.aspx>
2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.AuthManager:
Checking match against auth'n entry: http://tst-crm20.test.nl
2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.AuthManager:
Matched
2015/01/15 17:13:02 DEBUG -
jmeter.protocol.http.control.KerberosManager:
Subject cached:[] before:m.devrieze
2015/01/15 17:14:32 WARN -
jmeter.protocol.http.control.KerberosManager:
Could not log in user m.devrieze javax.security.auth.login.
LoginException:
Receive timed out
It seems, that the kerberos server did not answer the request for a
service ticket (at least not within the default timeout of 30s).
Could you rerun the test with the java system property
"sun.security.krb5.debug" set to true?
Could you post the contents of your krb5.conf and jaas.conf file?
Regards
Felix
*Thanks! *
*Martijn de Vrieze*
Skype: martijndevrieze | gtalk: [email protected] |
Twitter:
http://www.twitter.com/martijndevrieze |
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
