sunfreeman
Newbie | Редактировать | Профиль | Сообщение | Цитировать | Сообщить модератору Добрый день. Ребята помогите плиз. Неделю как поставили сервис деск 9. все хорошо все отлично работает кроме SSO. Согласно мануалу провели настройки в разделе AD. Учетка компа работает, сервера находит. Но при попытке пользователя залогиниться выкидывает на страницу с авторизацией на вебморде. и ссылкой типа http://х.х.х.х/HomePage.do?SkipNV2Filter=true Читали логи, из них поняли что не работает NTLM2. Не можем понять, где что мы не так делаем. Вот кусок лога. 2018-09-26 19:41:30: NETLOGON: disconnect 2018-09-26 19:41:30: NETLOGON: domain trusts cache info refresh in 300000ms 2018-09-26 19:41:30: NETLOGON: domain trusts cache info refresh in 300000ms 2018-09-26 19:41:30: NtlmSecurityProvider: Negotiated NTLMSSP flags: 0x22898205 2018-09-26 19:41:30: HttpSecurityService: x.x.x.x:65457: provider.isComplete=false, isUnauthorized=true 2018-09-26 19:41:30: HttpSecurityService: isProtected=true, token=true, credential=null, provider=null, isLogout=false, isAnonymous=false, isChallengeRequired=true, isUnauthorized=true, isForbidden=false, connectionId=x.x.x.x:65457, authContexts.size=1 2018-09-26 19:41:30: HttpSecurityService: S: 401 Unauthorized 2018-09-26 19:41:30: HttpSecurityService: WWW-Authenticate: NTLM TlRMTVNTUAACAAAABgAGADgAAAAFgokiVWvIv+4866QAAAAAAAAAAFAAUAA+AAAABQLODgAAAA9LAE0AUwACAAYASwBNAFMAAQAYAGgAZQBsAHAAZABlAHMAawBfAHMAeQBzAAQADgBrAG0AcwAuAHQAdgB6AAMAEABoAGUAbABwAGQAZQBzAGsAAAAAAA== 2018-09-26 19:41:30: HttpSecurityService: Excludes request path [/ntlmv2] 2018-09-26 19:41:30: HttpSecurityService: C: GET /ntlmv2 2018-09-26 19:41:30: HttpSecurityService: Request Headers: accept=application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* | referer=http://10.120.202.61/ | accept-language=ru-RU | user-agent=Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) | accept-encoding=gzip, deflate | host=10.120.202.61 | dnt=1 | connection=Keep-Alive | authorization=NTLM TlRMTVNTUAADAAAAGAAYAJQAAAD4APgArAAAAAQABABYAAAAHAAcAFwAAAAcABwAeAAAAAAAAACkAQAABYKIIgYBsR0AAAAPqoHBOOxHqYLsLeOOuT+c4lYAWgBuAGEAYgBlAHIAZQB6AGgAbgBlAHYAXwBzAHYAVAAxADIAMQAtADEANAAxADQAMwAyAC0AMAAxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZVwX/dM0cg/iu1s4HJi1UBAQAAAAAAAEOXaWWvVdQBvBnbNiP9Gx0AAAAAAgAGAEsATQBTAAEAGABoAGUAbABwAGQAZQBzAGsAXwBzAHkAcwAEAA4AawBtAHMALgB0AHYAegADABAAaABlAGwAcABkAGUAcwBrAAgAMAAwAAAAAAAAAAAAAAAAMAAASpjeW0k6L7rSysLlqWX5+fDZzqTEp7BhCfAtlE6Ji/8GAAQABAAAAAoAEAAAAAAAAAAAAAAAAAAAAAAACQAkAEgAVABUAFAALwAxADAALgAxADIAMAAuADIAMAAyAC4ANgAxAAAAAAAAAAAA | cookie=JSESSIONID=C84E0656453F93A284EA272AD854695A 2018-09-26 19:41:30: HttpSecurityService: Session Attributes: LoginConfig: LoginConfig[authMethod=CUSTOMFORM, loginPage=/Login.jsp, errorPage=/Login.jsp?error=true] | redirectURL: | org.apache.struts.action.LOCALE: ru_RU | baseURL: /ntlmv2 2018-09-26 19:41:30: HttpSecurityService: Loading session state from session C84E0656453F93A284EA272AD854695A 2018-09-26 19:41:30: HttpSecurityService: No provider state: isProtected=true 2018-09-26 19:41:30: HttpSecurityService: Authorization: NTLM TlRMTVNTUAADAAAAGAAYAJQAAAD4APgArAAAAAQABABYAAAAHAAcAFwAAAAcABwAeAAAAAAAAACkAQAABYKIIgYBsR0AAAAPqoHBOOxHqYLsLeOOuT+c4lYAWgBuAGEAYgBlAHIAZQB6AGgAbgBlAHYAXwBzAHYAVAAxADIAMQAtADEANAAxADQAMwAyAC0AMAAxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZVwX/dM0cg/iu1s4HJi1UBAQAAAAAAAEOXaWWvVdQBvBnbNiP9Gx0AAAAAAgAGAEsATQBTAAEAGABoAGUAbABwAGQAZQBzAGsAXwBzAHkAcwAEAA4AawBtAHMALgB0AHYAegADABAAaABlAGwAcABkAGUAcwBrAAgAMAAwAAAAAAAAAAAAAAAAMAAASpjeW0k6L7rSysLlqWX5+fDZzqTEp7BhCfAtlE6Ji/8GAAQABAAAAAoAEAAAAAAAAAAAAAAAAAAAAAAACQAkAEgAVABUAFAALwAxADAALgAxADIAMAAuADIAMAAyAC4ANgAxAAAAAAAAAAAA 2018-09-26 19:41:30: HttpSecurityService: x.x.x.x:65457: token.length=420 2018-09-26 19:41:30: NtlmSecurityProvider: NTLMSSP principal: DomainName=test.test UserName=test Workstation=T121-141432-01 2018-09-26 19:41:30: NtlmSecurityProvider: test$@test.test 2018-09-26 19:41:30: getAuthorityDnsNames: test.test capabilities=0x0007 2018-09-26 19:41:30: getAuthorityDnsNames: step=0 2018-09-26 19:41:30: DNS: 'SRV' record lookup for _ldap._tcp.test.test._sites.dc._msdcs.test.test found 2 records in cache 2018-09-26 19:41:30: getAuthorityDnsNames: test.test, test.test 2018-09-26 19:41:30: DNS: 'A' record lookup for test.test found 1 records in cache 2018-09-26 19:41:30: NETLOGON: Connecting DCERPC handle to ncacn_ip_tcp:x.x.x.x[netlogon] with identity KMS.TVZ\helpdesk_sys$ 2018-09-26 19:41:30: DcerpcTcpHandle: laddr=null,soTimeout=60000,connTimeout=60000 2018-09-26 19:41:30: DcerpcTcpHandle: doReceiveFragment: read=60 2018-09-26 19:41:30: NETLOGON: Bind successful 2018-09-26 19:41:30: DcerpcTcpHandle: doReceiveFragment: read=36 2018-09-26 19:41:30: DcerpcTcpHandle: doReceiveFragment: read=40 2018-09-26 19:41:30: NETLOGON: Session authenticated 2018-09-26 19:41:30: NETLOGON: domain trusts cache info refresh in 300000ms 2018-09-26 19:41:30: DcerpcTcpHandle: laddr=null,soTimeout=60000,connTimeout=60000 2018-09-26 19:41:30: DcerpcTcpHandle: doReceiveFragment: read=80 2018-09-26 19:41:30: NETLOGON: Secure Channel encryption installed 2018-09-26 19:41:30: DcerpcTcpHandle: doReceiveFragment: read=552 2018-09-26 19:41:30: NETLOGON: idleTimeout set to 20000 2018-09-26 19:41:30: NETLOGON: domain trusts cache info refresh in 299874ms 2018-09-26 19:41:30: NETLOGON: NetrSamInfo2 groups count: 10 2018-09-26 19:41:30: NtlmSecurityProvider: NTLM2 Session Security was not negotiated 2018-09-26 19:41:30: NtlmSecurityProvider: Acceptor negotiated NTLMv2 2018-09-26 19:41:30: NETLOGON: domain trusts cache info refresh in 299874ms 2018-09-26 19:41:30: HttpSecurityService: x.x.x.x:65457: test\test successfully authenticated 2018-09-26 19:41:30: HttpSecurityService: x.x.x.x:65457: Installing SecurityProvider state 2018-09-26 19:41:30: HttpSecurityService: MaxInactiveInterval is short (360 minutes), session-timeout = 600 is recommended 2018-09-26 19:41:30: HttpSecurityService: x.x.x.x:65457: SecurityProvider state installed 2018-09-26 19:41:30: HttpSecurityService: isProtected=true, token=false, credential=null, provider={dns.site=test.test, localhost.netbios.name=test.test, account.canonicalForm=3, ntlmssp.account.name=test, bindstr.url=ldap://test.test, msrpc.useNamedPipe=false, service.acctname=test.test$@test.test, dns.servers=x.x.x.x, ntlmssp.flags=0x22898205, ntlmssp.challenge.flags=0x22898205, fallback.location=HomePage.do, service.password.encrypted=tBuh2l11VwV3mw9470APZyBJZ2kHvDtW+V/ozBqgpmRIxsXkekvucw==, log.level=5, domainname=test.test, log.path=C:\ServiceDesk\bin\..\\logs\sso.log, bindstr=test.test}, isLogout=false, isAnonymous=false, isChallengeRequired=false, isUnauthorized=false, isForbidden=false, connectionId=x.x.x.x:65457, authContexts.size=0 2018-09-26 19:41:30: HttpSecurityService: calling chain.doFilter Спасибо | Всего записей: 26 | Зарегистр. 11-04-2011 | Отправлено: 18:49 26-09-2018 | Исправлено: sunfreeman, 19:01 26-09-2018 |
|