Hey Felix,
thanks for the help so far :)
BTW, does it make a difference that I am working from a 64b Linux box?
Although when within the domain, on a windows (citrix) box I get the same
errors.
I started off initially trying it over 88, which gives the exact same
time-out.
When I asked the implementation partner they claimed it should just run
over 443, but than again, what do they know :)
One thing I have noticed so far, is that the request headers contain
nothing towards auth types:
Request Headers:
Connection: keep-alive
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64;
Trident/6.0)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Pragma: no-cache
Cache-Control: no-cache
Host: tst-crm20.veh.nl
Whereas the response header does tell me the www-auth => negotiate
Thread Name: Jmeter 1-1
Sample Start: 2015-01-16 10:36:01 CET
Load time: 90209
Latency: 90208
Size in bytes: 485
Headers size in bytes: 425
Body size in bytes: 60
Sample Count: 1
Error Count: 1
Response code: 401
Response message: Unauthorized
Response headers:
HTTP/1.1 401 Unauthorized
Cache-Control: private
Transfer-Encoding: chunked
Content-Type: text/plain
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
REQ_ID: e73cba80-97e4-4444-a201-a50ab6957a31
Set-Cookie: ReqClientId=51c362af-23e0-4dad-a299-10e6bf67c310; expires=Fri,
16-Jan-2065 09:37:31 GMT; path=/; secure; HttpOnly
WWW-Authenticate: Negotiate
X-Powered-By: ASP.NET
Date: Fri, 16 Jan 2015 09:37:31 GMT
HTTPSampleResult fields:
ContentType: text/plain
DataEncoding: null
Also, Tried connecting straight through Java and that worked like a charm.
Code is somewhat like this:
public class NTLM_ping {
public NTLM_ping(){
super();
}
public static void main(String[]args) throws Exception {
DefaultHttpClient httpClient = new DefaultHttpClient();
httpClient.getAuthSchemes().register("ntlm",new
NTLMSchemeFactory());
// add credentials
httpClient.getCredentialsProvider().setCredentials(
new AuthScope("TEST", -1),
new NTCredentials("m.devrieze","PassWord","tst-crm20.test.nl
","TEST"));
HttpGet httpGet = new HttpGet("http://tst-crm20.test.nl";);
// ignore cookies
/*httpGet.getParams().setParameter("http.protocol.cookie-policy",
CookiePolicy.ACCEPT_ALL);
*/
try{
// execute the GET
HttpResponse status = httpClient.execute(httpGet);
System.out.println(status.getProtocolVersion());
System.out.println(status.getStatusLine().getStatusCode());
System.out.println(status.getStatusLine().getReasonPhrase());
System.out.println(status.getStatusLine().toString());
}finally {
// release any sources
}
On Fri, Jan 16, 2015 at 10:21 AM, Felix Schumacher <
[email protected]> wrote:
> Am 16.01.2015 09:58, schrieb Martijn de Vrieze:
>
>> krb5.conf
>>
>> [libdefaults]
>> default_realm = TEST.NL
>> default_tkt_enctypes = aes256-cts-hmac-sha1-96,aes128-cts-hmac-sha1-96
>> default_tgs_enctypes = aes256-cts-hmac-sha1-96,aes128-cts-hmac-sha1-96
>> forwardable=true
>>
>> [realms]
>> TEST.NL = {
>> kdc = tst-crm20.test.nl:443
>>
> This is a strange port for a kdc. I would expect it to listen on 88.
>
> }
>>
>> [domain_realm]
>> test.nl= TEST.NL
>> .test.nl= TEST.NL
>>
>> [appdefaults]
>> pam = {
>> debug = false
>> ticket_lifetime = 36000
>> renew_lifetime = 36000
>> forwardable = true
>> krb4_convert = false
>> }
>>
>> jaas.conf
>>
>>
>> JMeter {
>> com.sun.security.auth.module.Krb5LoginModule required
>> doNotPrompt=false
>> useKeyTab=false
>> storeKey=false;
>> };
>>
>> On rerunning I recieved the following error (which I have not seen before:
>> 2015/01/16 09:57:52 WARN -
>> org.apache.http.client.protocol.RequestTargetAuthentication: NEGOTIATE
>> authentication error: No valid credentials provided (Mechanism level: No
>> valid credentials provided (Mechanism level: Failed to find any Kerberos
>> tgt))
>>
> That is probably because you don't connect to the right port and noone
> responds to you. Try another kdc port.
>
> Regards
> Felix
>
>>
>> *Martijn de Vrieze*
>>
>>
>>
>> Phone: +31618707784 | Skype: martijndevrieze | gtalk:
>> [email protected] | Twitter:
>> http://www.twitter.com/martijndevrieze | Linkedin:
>> http://www.linkedin.com/in/martijndevrieze | Home:
>> http://www.martijndevrieze.nl
>>
>> On Fri, Jan 16, 2015 at 9:01 AM, Felix Schumacher <
>> [email protected]> wrote:
>>
>> Am 15.01.2015 22:48, schrieb Martijn de Vrieze:
>>>
>>> I have been struggling somewhat with JMeter and kerberos lately. Google
>>> so
>>>
>>>> far has not been able to help me out with the issue I am facing.
>>>>
>>>> The system under test is a Microsoft CRM 2013 platform, up until a few
>>>> days
>>>> ago my tests worked fine since basic auth was switched on. However on
>>>> the
>>>> most recent drop with changes they also switched over to kerberos auth
>>>> only.
>>>>
>>>> I have:
>>>> * filled in the KRB5.CONF with all relevant information
>>>> * HTTP AUTH Manager in the script with base URL, username, password,
>>>> domain and KERBEROS filled in
>>>> * HTTP Request defaults to ensure and enforce HTTP4 use, HTTPS over port
>>>> 443 and the same base URL all over the place
>>>>
>>>> However I cannot get it to work properly, logging in simply refuses to
>>>> work
>>>> for me. I'd really appreciate some help here, I use Jmeter fairly often,
>>>> with this I am however completely stuck.
>>>>
>>>> When running the first step, which instantly receives the KERBEROS ath
>>>> request I get the following in my logs:
>>>>
>>>> 2015/01/15 17:13:02 INFO - jmeter.threads.JMeterThread: Thread started:
>>>> Jmeter 1-1
>>>> 2015/01/15 17:13:02 INFO - jmeter.services.FileServer: Stored:
>>>> users.csv
>>>> 2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.CacheManager:
>>>> GET(OAH) http://tst-crm20.test.nl/TEST/main.aspx null
>>>> 2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.
>>>> HC4CookieHandler:
>>>> Found 0 cookies for http://tst-crm20.test.nl/TEST/main.aspx
>>>> 2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.CacheManager:
>>>> inCache http://tst-crm20.test.nl/TEST/main.aspx null
>>>> 2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.AuthManager:
>>>> Target URL strings to match against: http://tst-crm20.test.nl/TEST/
>>>> main.aspx
>>>> and http://tst-crm20.test.nl:80/TEST/main.aspx
>>>> <http://tst-crm20.test.nl/TEST/main.aspx>
>>>> 2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.AuthManager:
>>>> Checking match against auth'n entry: http://tst-crm20.test.nl
>>>> 2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.AuthManager:
>>>> Matched
>>>> 2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.AuthManager:
>>>> Target URL strings to match against: http://tst-crm20.test.nl/TEST/
>>>> main.aspx
>>>> and http://tst-crm20.test.nl:80/TEST/main.aspx
>>>> <http://tst-crm20.test.nl/TEST/main.aspx>
>>>> 2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.AuthManager:
>>>> Checking match against auth'n entry: http://tst-crm20.test.nl
>>>> 2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.AuthManager:
>>>> Matched
>>>> 2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.AuthManager:
>>>> m.devrieze > D=TEST R= M=KERBEROS
>>>> 2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.CacheManager:
>>>> GET(OAH) http://tst-crm20.test.nl/TEST/main.aspx null
>>>> 2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.
>>>> HC4CookieHandler:
>>>> Found 0 cookies for http://tst-crm20.test.nl/TEST/main.aspx
>>>> 2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.CacheManager:
>>>> inCache http://tst-crm20.test.nl/TEST/main.aspx null
>>>> 2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.AuthManager:
>>>> Target URL strings to match against: http://tst-crm20.test.nl/TEST/
>>>> main.aspx
>>>> and http://tst-crm20.test.nl:80/TEST/main.aspx
>>>> <http://tst-crm20.test.nl/TEST/main.aspx>
>>>> 2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.AuthManager:
>>>> Checking match against auth'n entry: http://tst-crm20.test.nl
>>>> 2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.AuthManager:
>>>> Matched
>>>> 2015/01/15 17:13:02 DEBUG - jmeter.protocol.http.control.
>>>> KerberosManager:
>>>> Subject cached:[] before:m.devrieze
>>>> 2015/01/15 17:14:32 WARN - jmeter.protocol.http.control.
>>>> KerberosManager:
>>>> Could not log in user m.devrieze javax.security.auth.login.
>>>> LoginException:
>>>> Receive timed out
>>>>
>>>> It seems, that the kerberos server did not answer the request for a
>>> service ticket (at least not within the default timeout of 30s).
>>> Could you rerun the test with the java system property
>>> "sun.security.krb5.debug" set to true?
>>>
>>> Could you post the contents of your krb5.conf and jaas.conf file?
>>>
>>> Regards
>>> Felix
>>>
>>>
>>>> *Thanks! *
>>>>
>>>> *Martijn de Vrieze*
>>>>
>>>>
>>>> Skype: martijndevrieze | gtalk: [email protected] | Twitter:
>>>> http://www.twitter.com/martijndevrieze |
>>>>
>>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: [email protected]
>>> For additional commands, e-mail: [email protected]
>>>
>>>
>>>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [email protected]
> For additional commands, e-mail: [email protected]
>
>
