[CalendarServer-users] calendarserver on debian via nss and kerberos
Marco Ghidinelli
marco.ghidinelli at turboden.net
Tue Mar 3 06:35:22 PST 2009
On 03/03/2009 03:26 PM, Georg Troska wrote:
> what does your error.log say?
nothing useful from the logs:
2009-03-03 15:29:55+0100 [-] Log opened.
2009-03-03 15:29:55+0100 [-] twistd 8.1.0 (/usr/bin/python 2.5.2)
starting up
2009-03-03 15:29:55+0100 [-] reactor class: <class
'twisted.internet.selectreactor.SelectReactor'>
2009-03-03 15:29:55+0100 [-] twistedcaldav.logging.AMPLoggingFactory
starting on "'/var/run/caldavd/caldavd.socket'"
2009-03-03 15:29:55+0100 [-] [caldav-8008]
/usr/lib/python2.5/site-packages/twisted/plugins/twisted_web2.py:22:
DeprecationWarning: mktap and related support modules are deprecated as
of Twisted 8.0. Use Twisted Application Plugins with the 'twistd'
command directly, as described in 'Writing a Twisted Application Plugin
for twistd' chapter of the Developer Guide.
2009-03-03 15:29:55+0100 [-] [caldav-8008] from twisted.scripts.mktap
import _tapHelper
2009-03-03 15:29:55+0100 [-] [caldav-8008] [-] Log opened.
2009-03-03 15:29:55+0100 [-] [caldav-8008] [-] twistd 8.1.0
(/usr/bin/python 2.5.2) starting up
2009-03-03 15:29:55+0100 [-] [caldav-8008] [-] reactor class: <class
'twisted.internet.selectreactor.SelectReactor'>
2009-03-03 15:29:55+0100 [-] [caldav-8008] [-]
twisted.web2.channel.http.HTTPFactory starting on 8008
2009-03-03 15:29:55+0100 [-] [caldav-8008] [-] Starting factory
<twisted.web2.channel.http.HTTPFactory instance at 0x1f6bef0>
2009-03-03 15:29:55+0100 [-] [caldav-8008] [-]
twisted.web2.channel.http.HTTPFactory starting on 8443
2009-03-03 15:29:55+0100 [-] [caldav-8008] [-] set uid/gid 103/105
2009-03-03 15:29:55+0100 [twistedcaldav.logging.AMPLoggingFactory]
AMPLoggingProtocol connection established
(HOST:UNIXSocket('/var/run/caldavd/caldavd.socket') PEER:UNIXSocket(''))
2009-03-03 15:29:55+0100 [-] [caldav-8008] [-] AMP connection
established (HOST:UNIXSocket(None)
PEER:UNIXSocket('/var/run/caldavd/caldavd.socket'))
**** authentication here ****
2009-03-03 15:30:04+0100 [-] [caldav-8008] [HTTPChannel,0,192.168.0.29]
"Directory service <SudoDirectoryService 'domain.net':
FilePath('/etc/caldavd/sudoers.plist')> has no GUID; generating service
GUID from realm name."
2009-03-03 15:30:04+0100 [-] [caldav-8008] [HTTPChannel,0,192.168.0.29]
GET /calendars/users/marco.ghidinelli/ HTTP/1.1
2009-03-03 15:30:08+0100 [-] [caldav-8008] [HTTPChannel,0,192.168.0.29]
GET /calendars/users/marco.ghidinelli/ HTTP/1.1
2009-03-03 15:30:08+0100 [-] [caldav-8008] [HTTPChannel,0,192.168.0.29]
"Directory service <NssDirectoryService 'domain.net'> has no GUID;
generating service GUID from realm name."
2009-03-03 15:30:08+0100 [-] [caldav-8008] [HTTPChannel,0,192.168.0.29]
"Authentication failed: Incorrect credentials for
<NssUserRecord[users at 27a5f82b-c2bd-5387-8942-a62eb12bb26c(domain.net)]
marco.ghidinelli(marco.ghidinelli) 'Marco Ghidinelli'>"
> Am 03.03.2009 um 15:20 schrieb Marco Ghidinelli:
>
>> On 03/03/2009 02:14 PM, Georg Troska wrote:
>>> Hi,
>>> I was able to do it with Ubuntu Intrepid.
>>>
>>> Kerberos works. NSS not at the moment. I wrote a script that runs via
>>> cronjob creating a xml-file from LDAP for the user information.
>>> I'm still working on the NSS thing.
>>
>> i didn't understand: did nss works for you, but nss + kerberos doesn't
>> authenticate, or nss doesn't work and so you didn't try nss+kerberos?
>>
>>> Use account.xml with no password and loginnames that are of the same
>>> kind than in your kerberos database. Make sure that your keytab is
>>> readable by caldavd and use lowercase http/ (not HTTP/) for the
>>> principal entry.
>>
>> it's readable. i've tried with lowercase http, with the same results.
>>
>>> Kerberos based login are depending on your client as well. Which one are
>>> you using?
>>
>> it doesn't work neither with sunbird nor with firefox
>> (i've put in the network.negotiate-auth.trusted-uris "http://").
>
> Georg Troska
> Experimentelle Physik IV
> TU Dortmund
> +49 231 755 3501
>
More information about the calendarserver-users
mailing list