I'm using the sec-server-win-auth sample and having problems authenticating with LDAP. I'm using Samba 4.7.3 configured as an AD DS as my LDAP server, with the latest spring-security-kerberos release (1.0.1.RELEASE).
I am able to authenticate in my browser using either username/password or with tickets generated with kinit before starting the browser. But when the spring server code tries to look up user info via LDAP, I get a "Ticket expired" error.
I can get tickets with kinit using the same keytab and run ldapsearch with those credentials, so I think my keytab is valid. I tried wireshark on both ldapsearch and on the spring/LDAP exchange, but the former uses the LDAP protocol and the latter the KRB5 protocol, so I didn't find that very useful.
It looks like this example is supposed to do exactly what I want, so I am really perplexed about why it's not working. I've spent a lot of time googling, turning on debug flags and looking at output, all to no avail.
I'm using the sec-server-win-auth sample and having problems authenticating with LDAP. I'm using Samba 4.7.3 configured as an AD DS as my LDAP server, with the latest spring-security-kerberos release (1.0.1.RELEASE).
I am able to authenticate in my browser using either username/password or with tickets generated with kinit before starting the browser. But when the spring server code tries to look up user info via LDAP, I get a "Ticket expired" error.
I can get tickets with kinit using the same keytab and run ldapsearch with those credentials, so I think my keytab is valid. I tried wireshark on both ldapsearch and on the spring/LDAP exchange, but the former uses the LDAP protocol and the latter the KRB5 protocol, so I didn't find that very useful.
It looks like this example is supposed to do exactly what I want, so I am really perplexed about why it's not working. I've spent a lot of time googling, turning on debug flags and looking at output, all to no avail.