Unable to connect, InitializeSecurityContext() failed?
655 views
Skip to first unread message
NorbyTheGeek
Mar 31, 2009, 5:10:10 PM3/31/09
to jabber-net
I'm having trouble getting started with jabber-net. I tried writing a
simple little form, but can't get it to connect. I finally built the
VB Example app and got this in the debug pane:
Connected to: jabber.connection.SocketStanzaStream
SEND: <stream:stream xmlns:stream="http://etherx.jabber.org/streams"
id="1cbd7cc5" xmlns="jabber:client" to="test.server" version="1.0">
RECV: <?xml version='1.0' encoding='UTF-8'?><stream:stream
xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client"
from="test.server" id="f9779a36" xml:lang="en" version="1.0">
RECV: <stream:features><starttls xmlns="urn:ietf:params:xml:ns:xmpp-
tls"></starttls><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-
sasl"><mechanism>GSSAPI</mechanism><mechanism>PLAIN</mechanism></
mechanisms><compression xmlns="http://jabber.org/features/
compress"><method>zlib</method></compression><auth xmlns="http://
jabber.org/features/iq-auth"/></stream:features>
SEND: <starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls" />
RECV: <proceed xmlns="urn:ietf:params:xml:ns:xmpp-tls"/>
SEND: <stream:stream xmlns:stream="http://etherx.jabber.org/streams"
id="d9091c5f" xmlns="jabber:client" to="test.server" version="1.0">
RECV: <?xml version='1.0' encoding='UTF-8'?><stream:stream
xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client"
from="test.server" id="f9779a36" xml:lang="en"
version="1.0"><stream:features><mechanisms
xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>GSSAPI</
mechanism><mechanism>PLAIN</mechanism></mechanisms><compression
xmlns="http://jabber.org/features/compress"><method>zlib</method></
compression><auth xmlns="http://jabber.org/features/iq-auth"/></
stream:features>
SEND: <compress xmlns="http://jabber.org/protocol/
compress"><method>zlib</method></compress>
RECV: <compressed xmlns='http://jabber.org/protocol/compress'/>
SEND: <stream:stream xmlns:stream="http://etherx.jabber.org/streams"
id="2db89f3b" xmlns="jabber:client" to="test.server" version="1.0">
RECV: <?xml version='1.0' encoding='UTF-8'?><stream:stream
xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client"
from="test.server" id="f9779a36" xml:lang="en"
version="1.0"><stream:features><mechanisms
xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>GSSAPI</
mechanism><mechanism>PLAIN</mechanism></mechanisms><auth xmlns="http://
jabber.org/features/iq-auth"/></stream:features>
ERROR: jabber.connection.sasl.SASLException: InitializeSecurityContext
() failed!!!
I'm trying to connect to Openfire 3.5.1, our production server.
(test.server is in place of our actual server)
What am I doing wrong? I have no problems connecting with any client
software. We're currently using Spark.
Thanks!
simple little form, but can't get it to connect. I finally built the
VB Example app and got this in the debug pane:
Connected to: jabber.connection.SocketStanzaStream
SEND: <stream:stream xmlns:stream="http://etherx.jabber.org/streams"
id="1cbd7cc5" xmlns="jabber:client" to="test.server" version="1.0">
RECV: <?xml version='1.0' encoding='UTF-8'?><stream:stream
xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client"
from="test.server" id="f9779a36" xml:lang="en" version="1.0">
RECV: <stream:features><starttls xmlns="urn:ietf:params:xml:ns:xmpp-
tls"></starttls><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-
sasl"><mechanism>GSSAPI</mechanism><mechanism>PLAIN</mechanism></
mechanisms><compression xmlns="http://jabber.org/features/
compress"><method>zlib</method></compression><auth xmlns="http://
jabber.org/features/iq-auth"/></stream:features>
SEND: <starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls" />
RECV: <proceed xmlns="urn:ietf:params:xml:ns:xmpp-tls"/>
SEND: <stream:stream xmlns:stream="http://etherx.jabber.org/streams"
id="d9091c5f" xmlns="jabber:client" to="test.server" version="1.0">
RECV: <?xml version='1.0' encoding='UTF-8'?><stream:stream
xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client"
from="test.server" id="f9779a36" xml:lang="en"
version="1.0"><stream:features><mechanisms
xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>GSSAPI</
mechanism><mechanism>PLAIN</mechanism></mechanisms><compression
xmlns="http://jabber.org/features/compress"><method>zlib</method></
compression><auth xmlns="http://jabber.org/features/iq-auth"/></
stream:features>
SEND: <compress xmlns="http://jabber.org/protocol/
compress"><method>zlib</method></compress>
RECV: <compressed xmlns='http://jabber.org/protocol/compress'/>
SEND: <stream:stream xmlns:stream="http://etherx.jabber.org/streams"
id="2db89f3b" xmlns="jabber:client" to="test.server" version="1.0">
RECV: <?xml version='1.0' encoding='UTF-8'?><stream:stream
xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client"
from="test.server" id="f9779a36" xml:lang="en"
version="1.0"><stream:features><mechanisms
xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>GSSAPI</
mechanism><mechanism>PLAIN</mechanism></mechanisms><auth xmlns="http://
jabber.org/features/iq-auth"/></stream:features>
ERROR: jabber.connection.sasl.SASLException: InitializeSecurityContext
() failed!!!
I'm trying to connect to Openfire 3.5.1, our production server.
(test.server is in place of our actual server)
What am I doing wrong? I have no problems connecting with any client
software. We're currently using Spark.
Thanks!
Joe Hildebrand
Mar 31, 2009, 6:03:29 PM3/31/09
to jabbe...@googlegroups.com
I bet you're not logged in to a domain, and the client is trying to do
GSSAPI. Can you turn off GSSAPI/Kerberos on Openfire? If not, we'll
need to debug the kerb stuff more.
GSSAPI. Can you turn off GSSAPI/Kerberos on Openfire? If not, we'll
need to debug the kerb stuff more.
NorbyTheGeek
Mar 31, 2009, 6:15:35 PM3/31/09
to jabber-net
I am logged into a domain, and we do use Kerberos between Spark and
Openfire. Is there any way to tell jabber-net not to use GSSAPI?
Openfire. Is there any way to tell jabber-net not to use GSSAPI?
NorbyTheGeek
Apr 1, 2009, 9:46:24 AM4/1/09
to jabber-net
If it's not possible (or easy) to instruct jabber-net to not use
GSSAPI, where do I need to start troubleshooting? The Kerberos
authentication is currently working between Spark and Openfire.
GSSAPI, where do I need to start troubleshooting? The Kerberos
authentication is currently working between Spark and Openfire.
Joe Hildebrand
Apr 2, 2009, 1:15:34 PM4/2/09
to jabbe...@googlegroups.com
Try:
jc[Options.SASL_MECHANISMS] = MechanismType.PLAIN;
jc[Options.SASL_MECHANISMS] = MechanismType.PLAIN;
NorbyTheGeek
Apr 2, 2009, 5:49:20 PM4/2/09
to jabber-net
On Apr 2, 12:15 pm, Joe Hildebrand <hil...@gmail.com> wrote:
> Try:
>
> jc[Options.SASL_MECHANISMS] = MechanismType.PLAIN;
I do have 2 more questions:
Is this possible in VB? I'm not very familiar with C# yet.
Where would I start in troubleshooting the Kerberos stuff? As I said
earlier, it's working with Spark, and it'd be a handy feature to have.
Joe Hildebrand
Apr 7, 2009, 10:15:06 AM4/7/09
to jabbe...@googlegroups.com
On Apr 2, 2009, at 3:49 PM, NorbyTheGeek wrote:
> On Apr 2, 12:15 pm, Joe Hildebrand <hil...@gmail.com> wrote:
>> Try:
>>
>> jc[Options.SASL_MECHANISMS] = MechanismType.PLAIN;
>
> That worked. I'm connected now with the example client.
>
> I do have 2 more questions:
>
> Is this possible in VB? I'm not very familiar with C# yet.
Yes, it's possible in VB, but I have no idea what the syntax is. It's
just an array assignment to a constant.
> Where would I start in troubleshooting the Kerberos stuff? As I said
> earlier, it's working with Spark, and it'd be a handy feature to have.
I'd look in jabber/connection/sasl/KerbProcessor.cs, particularly at
the exception thrown around line 696. I'd capture the error code in
that exception, and then google it to see if MS has documented what
the error codes for InitializeSecurityContext all mean.
NorbyTheGeek
Apr 7, 2009, 10:16:47 AM4/7/09
to jabber-net
> Is this possible in VB? I'm not very familiar with C# yet.
I found out the VB code:
jc(Options.SASL_MECHANISMS) = MechanismType.PLAIN
Thanks for your help!
If you do have any thoughts on the Kerberos stuff, I'd really
appreciate it. Is there any place to set realm or kdc settings in
jabber-net? One thing I wonder about is the jabber server is
different from the Kerberos realm. We're running Active Directory,
and the domain is basically "ourdomain.intranet", while everyone's
email address (and jid's) are us...@ourdomain.com. With certain
versions of Spark, we had to deploy a krb5.ini with:
[libdefaults]
default_realm = OURDOMAIN.INTRANET
[realms]
OURDOMAIN.INTRANET = {
kdc = SERVER.OURDOMAIN.INTRANET
default_domain = OURDOMAIN.INTRANET
}
Jabber-net doesn't seem to look at this file. Is there some other way
to tell jabber-net where to go for authentication? Or am I way off
base here?
Thanks again!
NorbyTheGeek
Apr 8, 2009, 2:49:21 PM4/8/09
to jabber-net, Joe Hildebrand
> I'd look in jabber/connection/sasl/KerbProcessor.cs, particularly at
> the exception thrown around line 696. I'd capture the error code in
> that exception, and then google it to see if MS has documented what
> the error codes for InitializeSecurityContext all mean.
The code returned from InitializeSecurityContext is 0x80090303, or
> the exception thrown around line 696. I'd capture the error code in
> that exception, and then google it to see if MS has documented what
> the error codes for InitializeSecurityContext all mean.
SEC_E_TARGET_UNKNOWN. All that Microsoft has for a description is:
"The target was not recognized." Does that mean it's not able to
reach the KDC, or is there some other problem here?
Joe Hildebrand
Apr 13, 2009, 4:57:52 PM4/13/09
to NorbyTheGeek, jabber-net
It's likely your problem is that your server has a different name than
its service principal name. I don't have a good way around that,
other than perhaps making the SPN configurable.
its service principal name. I don't have a good way around that,
other than perhaps making the SPN configurable.
Reply all
Reply to author
Forward
0 new messages