On 03/03/2009 03:26 PM, Georg Troska wrote:
what does your error.log say?
nothing useful from the logs: 2009-03-03 15:29:55+0100 [-] Log opened. 2009-03-03 15:29:55+0100 [-] twistd 8.1.0 (/usr/bin/python 2.5.2) starting up 2009-03-03 15:29:55+0100 [-] reactor class: <class 'twisted.internet.selectreactor.SelectReactor'> 2009-03-03 15:29:55+0100 [-] twistedcaldav.logging.AMPLoggingFactory starting on "'/var/run/caldavd/caldavd.socket'" 2009-03-03 15:29:55+0100 [-] [caldav-8008] /usr/lib/python2.5/site-packages/twisted/plugins/twisted_web2.py:22: DeprecationWarning: mktap and related support modules are deprecated as of Twisted 8.0. Use Twisted Application Plugins with the 'twistd' command directly, as described in 'Writing a Twisted Application Plugin for twistd' chapter of the Developer Guide. 2009-03-03 15:29:55+0100 [-] [caldav-8008] from twisted.scripts.mktap import _tapHelper 2009-03-03 15:29:55+0100 [-] [caldav-8008] [-] Log opened. 2009-03-03 15:29:55+0100 [-] [caldav-8008] [-] twistd 8.1.0 (/usr/bin/python 2.5.2) starting up 2009-03-03 15:29:55+0100 [-] [caldav-8008] [-] reactor class: <class 'twisted.internet.selectreactor.SelectReactor'> 2009-03-03 15:29:55+0100 [-] [caldav-8008] [-] twisted.web2.channel.http.HTTPFactory starting on 8008 2009-03-03 15:29:55+0100 [-] [caldav-8008] [-] Starting factory <twisted.web2.channel.http.HTTPFactory instance at 0x1f6bef0> 2009-03-03 15:29:55+0100 [-] [caldav-8008] [-] twisted.web2.channel.http.HTTPFactory starting on 8443 2009-03-03 15:29:55+0100 [-] [caldav-8008] [-] set uid/gid 103/105 2009-03-03 15:29:55+0100 [twistedcaldav.logging.AMPLoggingFactory] AMPLoggingProtocol connection established (HOST:UNIXSocket('/var/run/caldavd/caldavd.socket') PEER:UNIXSocket('')) 2009-03-03 15:29:55+0100 [-] [caldav-8008] [-] AMP connection established (HOST:UNIXSocket(None) PEER:UNIXSocket('/var/run/caldavd/caldavd.socket')) **** authentication here **** 2009-03-03 15:30:04+0100 [-] [caldav-8008] [HTTPChannel,0,192.168.0.29] "Directory service <SudoDirectoryService 'domain.net': FilePath('/etc/caldavd/sudoers.plist')> has no GUID; generating service GUID from realm name." 2009-03-03 15:30:04+0100 [-] [caldav-8008] [HTTPChannel,0,192.168.0.29] GET /calendars/users/marco.ghidinelli/ HTTP/1.1 2009-03-03 15:30:08+0100 [-] [caldav-8008] [HTTPChannel,0,192.168.0.29] GET /calendars/users/marco.ghidinelli/ HTTP/1.1 2009-03-03 15:30:08+0100 [-] [caldav-8008] [HTTPChannel,0,192.168.0.29] "Directory service <NssDirectoryService 'domain.net'> has no GUID; generating service GUID from realm name." 2009-03-03 15:30:08+0100 [-] [caldav-8008] [HTTPChannel,0,192.168.0.29] "Authentication failed: Incorrect credentials for <NssUserRecord[users@27a5f82b-c2bd-5387-8942-a62eb12bb26c(domain.net)] marco.ghidinelli(marco.ghidinelli) 'Marco Ghidinelli'>"
Am 03.03.2009 um 15:20 schrieb Marco Ghidinelli:
On 03/03/2009 02:14 PM, Georg Troska wrote:
Hi, I was able to do it with Ubuntu Intrepid.
Kerberos works. NSS not at the moment. I wrote a script that runs via cronjob creating a xml-file from LDAP for the user information. I'm still working on the NSS thing.
i didn't understand: did nss works for you, but nss + kerberos doesn't authenticate, or nss doesn't work and so you didn't try nss+kerberos?
Use account.xml with no password and loginnames that are of the same kind than in your kerberos database. Make sure that your keytab is readable by caldavd and use lowercase http/ (not HTTP/) for the principal entry.
it's readable. i've tried with lowercase http, with the same results.
Kerberos based login are depending on your client as well. Which one are you using?
it doesn't work neither with sunbird nor with firefox (i've put in the network.negotiate-auth.trusted-uris "http://").
Georg Troska Experimentelle Physik IV TU Dortmund +49 231 755 3501