kkyen wrote:

>
> Dear All, I'm having issues with Kerberos. After configured kerberos
> with steps in document and I managed to get the "Commit succeeded"
> phrase. However after user desktop login to AD Domain, when we login
> with Kerberos contract, the browser just keep looping.
>
> This is what I've found in catalina.out
>
> <amLogEntry> 2012-08-06T14:19:09Z INFO NIDS Application: AM#500105015:
> AMDEVICEID#E39839F6B5B58A37:
> AMAUTHID#A1DABDF0A756F5272929730167F17897: Processing lo
> gin request with TARGET = , saved TARGET = . </amLogEntry>
>
> <amLogEntry> 2012-08-06T14:19:09Z INFO NIDS Application: AM#500105009:
> AMDEVICEID#E39839F6B5B58A37:
> AMAUTHID#A1DABDF0A756F5272929730167F17897: Executing con
> tract kerberos. </amLogEntry>
>
> <amLogEntry> 2012-08-06T14:19:09Z VERBOSE NIDS Application: Session
> has consumed authentications: false </amLogEntry>
>
> <amLogEntry> 2012-08-06T14:19:09Z VERBOSE NIDS Application: Session
> has consumed authentications: false </amLogEntry>
>
> <amLogEntry> 2012-08-06T14:19:09Z VERBOSE NIDS Application: Executing
> authentication method kerberos </amLogEntry>
>
> <amLogEntry> 2012-08-06T14:19:09Z SEVERE NIDS Application:
> AM#200104102: AMDEVICEID#E39839F6B5B58A37:
> AMAUTHID#A1DABDF0A756F5272929730167F17897: No Kerberos
> Principal found in the token </amLogEntry>
>
> <amLogEntry> 2012-08-06T14:19:09Z SEVERE NIDS Application:
> AM#200104112: AMDEVICEID#E39839F6B5B58A37:
> AMAUTHID#A1DABDF0A756F5272929730167F17897: No user mat
> ched in the userstore(s) </amLogEntry>
>
> <amLogEntry> 2012-08-06T14:19:09Z VERBOSE NIDS Application:
> Authentication method kerberos requires additional interaction.
> </amLogEntry>
>
> <amLogEntry> 2012-08-06T14:19:09Z DEBUG NIDS Application:
>
> Any idea??
>
> Thanks


Can you stop tomcat on the idp and do
echo > /var/opt/novell/tomcat5/logs/catalina.out (that is if you have
NAM 3.1, otherwise its tomcat7) and then start the idp. Post the
catalina.out here please.

--
Cheers,
Edward