Your best friend for file transfer.
Fetch
GSSAPI failure - OSX Server 10.3.9 (3 posts)
- Started 16 years ago by n9yty
- Latest reply 16 years ago from n9yty
-
n9yty Member
-
Scott McGuire Administrator
Hi,
It sounds like Kerberos is not configured properly on the server. We are not really familiar with how to set up Kerberos servers, so my recommendation is to try to ask your question on one of the Kerberos mailing lists; someone there should be able to help you figure out where the problem is.
You can find information about and archives of the mailing lists here:
http://web.mit.edu/kerberos/www/mail-lists.html
The "kerberos" mailing list is probably the most appropriate place to start, but as you can see, there are several others as well.
Thanks,
Scott McGuire
Fetch Softworks -
n9yty Member
Thanks anyway. I did some more poking and prodding, because everything else is working fine. It did see an error in the stream about the GSSAPI mapping being incorrect, so I disabled that option in Fetch and it then authenticated OK but died on the issuance of a 'PROT P' command. I unchecked the encryption checkbox and now everything works OK. This is on a Mac OS X Server 10.3.9 installation if that helps with filling your knowledgebase about issues.
- Page 1
Greetings, Just trying to get Kerberos 5 up and running on our 10.3 Mac OS X Server. I'm new to Kerberos, so forgive me if this is a stupid setup mistake on my part.
I can get a ticket on my client, and it works to mount AFP shares. However, when I try to connect via FTP with Fetch I get a failure: "GSSAPI error: Miscellaneous failure Sever not found in the Kerberos database".
Transcript log:
Error 12,8 on reverse name lookup
Connecting to my.fqdn.here port 21 (Mac OS X firewall is off) (2/7/07 9:23:22 PM)
Connected to xx.xx.xx.xx port 21 (2/7/07 9:23:22 PM)
Error 12,8 on reverse name lookup
220 my.fqdn.here FTP server (Version: Mac OS X Server 10.3.9 003 - SAPI) ready.
ADAT
503 You must issue an AUTH first.
AUTH This command is checking whether this server supports Kerberos or GSS security, see RFC 2228
504 This command is checking whether this server supports Kerberos or GSS security, see RFC 2228 is unknown to me
AUTH GSSAPI
334 Send authorization data.
gss_send_tok_buff = ftp@my.fqdn.here
release 2
service 0gss_send_tok_buff = host@my.fqdn.here
release 2
service 1
If I look at my tickets after trying, I am sure I got an ftp/ ticket, but after I flushed them all and started over (using non-forwardable tickets) I am no longer seeing that. So, I quit Fetch and tried again, and get a different error (with an ftp/ ticket showing up this time).
GSSAPI error major: Miscellaneous failure
GSSAPI error minor: No principal in keytab matches desired name
GSSAPI error: acquiring credentials [ Miscellaneous failure - No principal in keytab matches desired name ]
Transcript from that:
ADAT
503 You must issue an AUTH first.
AUTH This command is checking whether this server supports Kerberos or GSS security, see RFC 2228
504 This command is checking whether this server supports Kerberos or GSS security, see RFC 2228 is unknown to me
AUTH GSSAPI
334 Send authorization data.
gss_send_tok_buff = ftp@my.fqdn.here
ADAT
501-GSSAPI error major: Miscellaneous failure
501-GSSAPI error minor: No principal in keytab matches desired name
501 GSSAPI error: acquiring credentials [ Miscellaneous failure - No principal in keytab matches desired name ]
Update check skipped at 02/07/2007 09:31 PM (next check after 02/15/2007 06:33 PM)
Not sure where to look from here.
Posted 16 years ago #