-
1. Windows 7 and IE8 negotiation toolkit problem
goc May 2, 2011 8:03 AM (in response to soverbosch)It seems you can't decrypt the Kerberos tickets.
Did you create the server's keytab-file correctly?
setspn.exe -a host/yourserver youruser
setspn.exe -a HTTP/yourserver youruser
ktpass -princ HTTP/yourserver@REALM -pass * -mapuser DOMAIN\youruser -out c:\jboss.keytab
...
-
2. Windows 7 and IE8 negotiation toolkit problem
soverbosch May 2, 2011 8:13 AM (in response to goc)Yes I did, I say this because it is working in a Windows XP with IE8 environment without any problems. When starting to use Windows 7 with IE8 then suddenly the problem arose. First the complete negotiation didn't work but after defining the ecnryption types which can be used by Kerberos in the local security setting then this problem occurs. Secondly it is the last message which fails so there has been already some encryption/decryption done before this message is received. After this message the user would be given access rights to the application.
-
3. Windows 7 and IE8 negotiation toolkit problem
soverbosch May 3, 2011 5:50 AM (in response to soverbosch)When someone else is having the same problem then this is what I did to solve it:
The problem with kerberos and windows 7 in combination with IE8 is solved. The problem consisted of two problems (at least for the Windows 7 pc I got to test):
1) There where no encryption types defined for Kerberos. To define the encryption type open "Local Security Policy" program (secpol.msc) and navigate to the following place:
Security Setting -> Local Policies -> Security Options
then double click the entry "Network Security: Configure encryption types allowed for Kerberos" and select RC4_HMAC_MD5
2) There was a change in the message structure when Windows Vista/Windows 7 was released which caused the negotiation to fail. For this I had to place a newer version of jboss-negotiation.jar (SP3) in the common library directory of the jboss server (5.1.0.GA) installation.