You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Been having some issues for a while that I cannot wrap my head around. I've set up an environment where this library works with both Kerberos and NTLM individually, but ideally I'd like the library to negotiate a connection, preferring Kerberos and using NTLM if that fails. I was under the impression that SPNEGO/Negotiate was the best way to do this, but I've only ever received the same error when using Negotiate auth scheme (paraphrased certain lines as I need to exclude some): [I/O dispatcher 1] WARN org.apache.http.impl.nio.client.MainClientExec - NEGOTIATE authentication error: No valid credentials provided (Mechanism level: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt))
[main] WARN org.apache.cxf.phase.PhaseInterceptorChain - Interceptor for {http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd}WinRmService#{http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd}Create has thrown exception, unwinding now org.apache.cxf.interceptor.Fault: Could not send Message.
Caused by: java.io.IOException: Authorization loop detected on Conduit "{http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd}WinRmPort.http-conduit" on URL "http://domain-controller:5985/wsman" with realm "null"
Error: Invalid credentials or incompatible authentication schemes
As I say, I have got this all working with Kerberos by setting a realm and kdc using Java setProperty(). Negotiate is enabled in WinRM on both the client and the service. I use the exact same username and target address when running for all auth schemes attempted. Are there some other properties/setup I'm missing for Negotiate to work? Or is there another way to have it try Kerberos and NTLM?
For my use case I ideally would like to avoid setting config/variables outside of the code (such as in a krb5.conf file).
The text was updated successfully, but these errors were encountered:
Been having some issues for a while that I cannot wrap my head around. I've set up an environment where this library works with both Kerberos and NTLM individually, but ideally I'd like the library to negotiate a connection, preferring Kerberos and using NTLM if that fails. I was under the impression that SPNEGO/Negotiate was the best way to do this, but I've only ever received the same error when using Negotiate auth scheme (paraphrased certain lines as I need to exclude some):
[I/O dispatcher 1] WARN org.apache.http.impl.nio.client.MainClientExec - NEGOTIATE authentication error: No valid credentials provided (Mechanism level: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt))[main] WARN org.apache.cxf.phase.PhaseInterceptorChain - Interceptor for {http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd}WinRmService#{http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd}Create has thrown exception, unwinding now org.apache.cxf.interceptor.Fault: Could not send Message.Caused by: java.io.IOException: Authorization loop detected on Conduit "{http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd}WinRmPort.http-conduit" on URL "http://domain-controller:5985/wsman" with realm "null"Error: Invalid credentials or incompatible authentication schemesAs I say, I have got this all working with Kerberos by setting a realm and kdc using Java setProperty(). Negotiate is enabled in WinRM on both the client and the service. I use the exact same username and target address when running for all auth schemes attempted. Are there some other properties/setup I'm missing for Negotiate to work? Or is there another way to have it try Kerberos and NTLM?
For my use case I ideally would like to avoid setting config/variables outside of the code (such as in a krb5.conf file).
The text was updated successfully, but these errors were encountered: