SPNego - Windows integrated Single-Sign On not working - How to debug?

Similar Messages

• Single Sign-on not working for me :(

  Hi Everyone,
  I have set-up an OS X Server 10.5.4 Open Directory Master, Kerberos is running my Kerberos Realm: SERVER.MYDOMAIN.COM, DNS is running fine and everything is in-order as far as I can tell.
  But the issue that is driving me crazy is that, When a user logs-in on their laptop and they go and click on the Server with AFP shares in Finder they get "Connection Failed" but they can login when they go under Go->Connect to Server->Login window pops-up they put their username and password they access the shares.
  For Kerberos single sign-on do I have to do any other configurations that I have not run across in the documentation or discussions.
  Here is the settings that are in the edu.mit.Kerberos file:
  # WARNING This file is automatically created, if you wish to make changes
  # delete the next two lines
  # autogenerated from : /LDAPv3/server.mydomain.com
  # generation_id : 1164378777
  [libdefaults]
  default_realm = SERVER.MYDOMAIN.COM
  [realms]
  SERVER.MYDOMAIN.COM = {
  admin_server = server.mydomain.com
  kdc = server.mydomain.com
  [domain_realm]
  .mydomain.com = SERVER.MYDOMAIN.COM
  mydomain.com = SERVER.MYDOMAIN.COM
  [logging]
  admin_server = FILE:/var/log/krb5kdc/kadmin.log
  kdc = FILE:/var/log/krb5kdc/kdc.log
  If anyone has some ideas, that would be great!
  Thanks,
  D

  To do SSO the client computer must first find the right KDC (Key Distribution Center) to get the ticket from, login, get the ticket and then you (the computer) should be able to use that ticket to login to any kerberized service in the same realm, without having to authenticate again as long as the ticket is valid.
  The question is: when do you get that ticket and where are you connecting from?
  When connecting from outside of the LAN where the KDC is, you still need to find it, if using kerberos.
  I suspect you (should) get the ticket when logging in locally using an OD server account.
  Wheter the machine has to be bound to he OD I don't know but it seems logical to expect that if it works similiar as to how an AD works.
  I'm not 100% sure about what is cached when using a portable account but as the default time a ticket is valid is 10 hours you'll need to reauthenticate when the time is up.
  When logged in, if you open this application and don't quit it: /System/Library/CoreServices/Kerberos.app
  it should get you a new ticket when the old one expires.
  Also, using this application you should be able to get a ticket (before) trying to mount/use kerberized services (even if not using a OD server account locally or beeing bound to the OD) and not having to authenticate again — "manual SSO"?

• Windows CC Extensions Signed Toolkit Not Working

  We are working on automating our extension building so we can package it into and installer.  We found the CC Extensions Signing Toolkits downloads here:
  http://labs.adobe.com/downloads/extensionbuilder3.html
  The Mac version works on developer machines, but our bulid machines have an older version of OS X and are not supported, so we tried to used the Windows versions.  We are unable to sign a package with this error:
  C:\build\client_extension>ccextensionswin64.exe -sign .\ExtensionContent Panel.zxp cert.p12 '<password>'
  Error - Failed to parse certificate. Signing failed. Check you're using PKCS12 format.
  We are aslo unable to create a new key with the tool.  When we try something like this:
  ccextensionswin64.exe -selfSignedCert USA GA Turner BPS 'nit6#deg' cnncert.p12
  The application just crashes.  These failures were seen on Windows 7 with both the 32 and 64 bit tools.

  Hi bdebacker,
  I've tried to reproduce the behaviour you're seeing and it looks like there are a few things wrong.
  Firstly, when signing your ZXP you don't necessarily need to use quotes around the P12 password - however, if you need to for escaping purposes, you should use double quotes.
  The following gives me the same error you're seeing:
  ccextensionswin64.exe -sign .\inputfolder outzxp.zxp ..\mycert.p12 'mypassword'
  Error - Failed to parse certificate. Signing failed. Check you're using PKCS12 format.
  But replacing the single quotes with double quotes as follows allows me to sign successfully:
  ccextensionswin64.exe -sign .\inputfolder outzxp.zxp ..\mycert.p12 "mypassword"
  Signed successfully
  Secondly, regarding creating a self-signed certificate - I think the problem is that you're using a three letter country code, whereas it expects a two letter country code from this list:http://www.digicert.com/ssl-certificate-country-codes.htm (we'll need to add some error messaging around this in a future release). The following command works for me:
  ccextensionswin64.exe -selfSignedCert US GA Turner BPS 'nit6#deg' cnncert.p12
  Let us know if you're still having problems.
  Best wishes,
  Fraser

• Reopen All Windows from Last Session is not working

  The option Reopen All Windows from Last Session is not working, is there any other way to recover the tabs from my last session?
  Last night I fell asleep and my friend shut down my laptop.
  When I woke up in the morning I couldn't restore my last session which had several tabs opened for my research.
  I don't know the exact date when I found them, so I haven't been able to find them in History either.
  I've looked around on the internet, but haven't been able to find anything that helped me out.
  Hope you can help me! Thanks.

  Restart your Mac.
  Check the box for:  Reopen windows when logging back in
  Then check History >  Reopen Windows from Last Session

• TS1814 I have windows vista and this did not work for my ipod it still will not update PLEASE HELP!

  I have windows vista and this did not work for my ipod it still will not update PLEASE HELP!
  iTunes for Windows: iTunes cannot contact the iPhone, iPad, or iPod software update server

  Try this:
  Close your iTunes,
  Go to command Prompt -
  (Win 7/Vista) - START/ALL PROGRAMS/ACCESSORIES, right mouse click "Command Prompt", choose "Run as Administrator".
  (Win XP SP2 n above) - START/ALL PROGRAMS/ACCESSORIES/Command Prompt
  In the "Command Prompt" screen, type in
  netsh winsock reset
  Hit "ENTER" key
  Restart your computer.
  If you do get a prompt after restart windows to remap LSP, just click NO.
  Now launch your iTunes and see if it is working now.
  If you are still having these type of problems after trying the winsock reset, refer to this article to identify which software in your system is inserting LSP:
  iTunes 10.5 for Windows: May see performance issues and blank iTunes Store
  http://support.apple.com/kb/TS4123?viewlocale=en_US

• Windows Vista and iTunes does not work

  First Time sorry for my bad English, I'm from Germany and my English is not the best.
  I have the new Windows Vista but iTunes does not work good.
  And I have to use it, to manage my music on my iPod.
  When there will be a Vista compatibles Version of iTunes??
  And when will come an 64-Bit Version?
  Thanks for Help,
  Karsten

  iTunes running under VISTA does not recognize media burned by iTunes Backup (v7.0.2) from a non-Vista machine.
  The original machine recognizes the media just fine, but the new VISTA machine does not recognize the dvd at all.
  Anyone else having a problem with VISTA recognizing burnt media?

• I downloaded Elements 13 to my PC, but my PC has windows Vista and it does not work.  How can I download it to my laptop that has Windows 8?

  I downloaded Elements 13 to my PC, but my PC has windows Vista and it does not work.  How can I download it to my laptop that has Windows 8?

  You can get it at this link and validate with your 24 digit serial number - click here for PSE downloads

• Problem surface pro 2, windows 8. brush pressure is not working in Ps CC ,

  problem surface pro 2, windows 8. brush pressure is not working in Ps CC

  Este foro es un Foro de Usuarios en español.
  Puedes probar a explicar tu problema con mayor detalle.
  Indica por favor detalles de hardware
  (Podemos estar familiarizados con Photoshop, pero no con tabletas híbridas)
  Concretamente, cómo utilizas el pincel de presión?

• After Security updation of Windows 7 in Boot Camp (Mac Book Pro with Retina Display) on 13-Nov-2013, Windows 7 Desktop Gadgets are not working properly.

  After Security updation of Windows 7 in Boot Camp (Mac Book Pro with Retina Display) on 13-Nov-2013, Windows 7 Desktop Gadgets are not working properly.
  This is boot camp problem, because in other normal notebooks (e.g. SONY VAIO, Lenovo with Windows 7) the gadgets are working normally.
  I am attaching the screen shot of Desktop Gadgets and Security updates of Windows 7.
  Kindly solve this issue ASAP.
  Shailendra Gupta
  <edited by host>

  You are not addressing Apple, but a community of unpaid volunteers. So ASAP won't cut it. Also, you should refrain from posting personal information (like your email address) in the body of your comments, as this is part of the community usage guidelines.
  Have you reinstalled the latest Boot Camp Windows 7 drivers, just in case Microsoft overwrote some of them during the Windows 7 security update?
  If you want to communicate issues with Apple about Boot Camp and OS X, click on the link. Just don't hold your breath on receiving a response.

• Window 10 build 10041 does not work with Intel 82579V Gigabit Ethernet on ASUS motherboard

        
  I originally posted this question here:
  answers.microsoft.com/en-us/insider/forum/insider_wintp-insider_update/window-10-build-10041-does-not-work-with-intel/6729892f-83aa-4822-b20a-ea84f4fd06c7
  and was asked to post it on this forum...
  I updated a computer I have which is a quad core i7 that I built and includes an ASUS motherboard with Intel 82579V Gigabit Ethernet built in. Windows 10 preview 9926 worked fine with this network adapter. Window 10 build 10041 does not, and I have tried
  it twice so far. I even went as far as buying a Thunderbolt-Gigabit Ethernet Adapter (Broadcom, sold by Apple)... and while it installed the driver automatically, it did not work either. Each time you try to view the properties of either of them, it locks
  up or give an error. In fact, doing much of anything with the Intel adapter icon assures you of not being able to do a clean reboot... have to kill power.  I have finally gone back the previous version 9926, which has its issues but no where near as bad
  as not having any network connectivity!  Does anyone have this issue and a workaround? 
  Note, there are two images on the windows 10 preview forum that I posted this question on. I could not post the full link as I was getting a message here that links and graphics are not allowed.

  Thanks Roger, I posted the following yesterday in the other thread (thinking it was this thread - confusing after they moved it here)... It may be that the new driver fixes the issue that 10041 has with it, but I have not tried that yet. If I do I will update
  this... Thanks!
  I have more information about this, which basically exonerates any issue with the Intel 82579V Gigabit Ethernet hardware or software. I have 3 computers with Windows 10 preview so I have multiple angles to see issues from. With this I have found a culprit
  (but I suspect not just the only culprit) in this above mentioned problem...
  10041 build combined with installing (or attempting to install) CISCO VPN Windows 7 64bit 5.0.07.0440-k9 client causes the issue mentioned above. I confirmed this on a completely different machine with a totally different Ethernet adapter. First machine
  is an ASUS motherboard in a tower system I built, with the Intel 82579V Gigabit Ethernet hardware built in. Second machine is a Gateway Laptop from 2008 which has a Marvell Yukon 88E8057 PCI-E Gigabit adapter built in. Build 10041 will work fine with my 2008
  laptop, including the MS VPN client (which I have tested). However, if you attempt to install or even uninstall the Cisco client you will have to do a recovery to a restore point (as I have done twice) in order to get your network working again. Installing
  or attempting to install (because it never even does install properly and times out), CISCO VPN client will render your entire network unusable. Going back to a restore point saved me and I am still running 10041 but I can't use CISCO VPN client any longer.
  I could with build 9926, including on all 3 machines. I now have 9926 on two machines and 10041 on only the 2008 laptop. 
  Hopefully this above information helps someone resolve the issue. I will also mention, even though my network is working on the 2008 laptop, I still can't go into the Control Panel\Network and Internet\Network Connections and right mouse click on the Marvell
  Yukon 88E8057 PCI-E Gigabit adapter icon. I get an error when clicking on Properties menu popup : "An unexpected error has occurred". So something is still up with my network adapter driver or windows software, but it could be a side effect of all
  that has happened with the Cisco software install attempts under 10041.
  Another note: CISCO Anyconnect also has the issue.

• I just downloaded a few ITunes Apps to my PC using windows 8 and they will not work.  Suggestions?  Thank you.

  I just downloaded a few ITunes Apps to my PC using windows 8 and they will not work.  Suggestions?  Thank you.

  The apps can only be run on an iOS device.   They will not run on your PC.

• How to use deafult pdf viewer ? when i give windows in my pc pdf file open in firefox deafultly but suddenly its not working how to fix this ?

  please tell me how to use default pdf reader in firefox ? when i give windows in my pc pdf file open in firefox deafultly but suddenly its not working how to fix this ? pdf not open when i give ok with preview in firefox its not open its offer again same message

  In order to change the default pdf reader please see: [[View PDF files in Firefox without downloading them]]
  In order to change the file association: [[Applications panel - Set how Firefox handles different types of files]]

• Need help when I sign in not working

  ''locking this thread as duplicate, please continue at [https://support.mozilla.org/en-US/questions/978554 /questions/978554]''
  I did try to follow the update things but could not get that. So how can I get my sign in working?
  XXX
  please help me get my sign in working
  _{edit: removed personal information for your protection. (philipp)}

  when I sign in not working. I did try to folow the update but could not get that.
  XXX
  please help me get my sign in working
  _{edit: removed personal information for your protection. (philipp)}

• Saving sign in not working

  Saving "Sign in" not working in Firefox but okay using MS Explorer

  Do you mean names and passwords in the Password Manager or do you mean that you are no longer logged on to (remembered by) websites after closing and restarting Firefox?<br />
  There is a difference between remembering the name and password in the Password Manager and a "remember me" check box on a web page.<br />
  The latter usually involves the creation of a special "remember me" cookie that is stored on your computer and that is send to the server.<br />
  If that "remember me" cookie is removed or gets corrupted or is not send to the server then the server won't remember you and you need to sign in once again.<br />
  See:
  * http://kb.mozillazine.org/Cookies
  *http://kb.mozillazine.org/Password_Manager
  *http://kb.mozillazine.org/User_name_and_password_not_remembered
  *https://support.mozilla.org/kb/make-firefox-remember-usernames-and-passwords

• Since upgrade to Windows 8.1, ICloud does not work

  Since upgrade to Windows 8.1, ICloud does not work.  I could click on buttons for Reminders, Notes, etc. and would take me into ICloud to share with other devices. No longer functions.

  Hi:
  I can't help you with why your PC won't upgrade to W8.1, but I can tell you that if you manage to get W8.1 to install, you won't be able to get the graphics to work anymore.
  There is no W8.1 driver for the graphics setup in your PC.
  So maybe it is a good thing that you can't get it to work.