Reply
Advisor
Marco
Posts: 12
Registered: ‎01-09-2012
Accepted Solution

Firefox SSO not working

Hello!

 

I run in some troubles with Firefox and SSO, basically It does not work and firefox still asks for user/password.

 

This is the state of art:

  1. System auth works (login using ssh/gdm is successfull)
  2. Kerberos works (kinit/kdestroy/klist work)
  3. Firefox has been configured (configuration tested on Windows)

After enablin firefox debug with:

NSPR_LOG_MODULES=negotiateauth:5

NSPR_LOG_FILE=/tmp/moz.log

 

This is what moz.log shows:

===============================================================

329951040[7f6012860260]:   leaving nsAuthGSSAPI::GetNextToken [rv=80004005]
329951040[7f6012860260]: Writing to ntlm_auth: YR
329951040[7f6012860260]:   service = proxy.subdomain.domain.it
329951040[7f6012860260]:   using negotiate-gss
329951040[7f6012860260]: entering nsAuthGSSAPI::nsAuthGSSAPI()
329951040[7f6012860260]: entering nsAuthGSSAPI::Init()
329951040[7f6012860260]: nsHttpNegotiateAuth::GenerateCredentials() [challenge=Negotiate]
329951040[7f6012860260]: entering nsAuthGSSAPI::GetNextToken()
329951040[7f6012860260]: gss_init_sec_context() failed: Unspecified GSS failure.  Minor code may provide more information
===============================================================
auth.log with debug enabled does not show anything abnormal.

 

Other useful info:

 

AD name: subdomain.domain.it --> SUBDOMAIN (NTLM name)

===============================================================

username@host:/tmp$ klist
Ticket cache: FILE:/tmp/krb5cc_1757423277
Default principal: username@SUBDOMAIN.DOMAIN.IT

Valid starting     Expires            Service principal
01/09/12 12:15:44  01/09/12 22:15:46  krbtgt/SUBDOMAIN.DOMAIN.IT@SUBDOMAIN.DOMAIN.IT
        renew until 01/10/12 12:15:44
===============================================================

 

Any hint?

 

Thanks in advance,

Marco

Please use plain text.
Centrify
Sumana
Posts: 220
Registered: ‎10-05-2011

Re: Firefox SSO not working

What webserver are we dealing with here - IIS, Apache, or something else ? Might need a network trace to check where the problem lies. Let me know if you are OK collecting and i will post instructions.

Please use plain text.
Advisor
Marco
Posts: 12
Registered: ‎01-09-2012

Re: Firefox SSO not working

The auth is against a squid proxy. I've just tried the same settings with apache2 on linux and it works.

 

Let's go with the network trace.

 

thanks,

Marco

Please use plain text.
Centrify
Sumana
Posts: 220
Registered: ‎10-05-2011

Re: Firefox SSO not working

If you have tcpdump or wireshark on the machine from where you are attempting the web auth then fire it up.

 

tcpdump command: tcpdump -i eth0 -s 0 -w /tmp/squidproxyauth.pcap

 

wireshark: please visit www.wireshark.org

 

capture the problem and send me the network trace to sumana.annam@centrify.com

Please use plain text.
Advisor
Marco
Posts: 12
Registered: ‎01-09-2012

Re: Firefox SSO not working

Hi Sumana,

did you receive my last email with the attached dump?

 

m-

Please use plain text.
Centrify
Sumana
Posts: 220
Registered: ‎10-05-2011

Re: Firefox SSO not working

No I have not; I checked my junk mail folder too. Can you resend it to me please.

Please use plain text.
Advisor
Marco
Posts: 12
Registered: ‎01-09-2012

Re: Firefox SSO not working

Just sent again

Please use plain text.
Centrify
Sumana
Posts: 220
Registered: ‎10-05-2011

Re: Firefox SSO not working

This time I got it.

Please use plain text.
Centrify
Sumana
Posts: 220
Registered: ‎10-05-2011

Re: Firefox SSO not working

Have escalated the issue to engg, will post a response as soon as I hear back.

 

Thanks for your patience.

Please use plain text.
Advisor
Marco
Posts: 12
Registered: ‎01-09-2012

Re: Firefox SSO not working

I've got this error using Chrome:

 

Major: (0x000D0000) Unspecified GSS failure.  Minor code may provide more information | Minor: (0x96C73A0E) KDC has no support for encryption type
Unable to describe context 0x(nil), Major: (0x01080000) A required input parameter could not be read No context has been established | Minor: (0x00000000) Unknown error

maybe it could be the cause. 

Please use plain text.