Common Failures
- Former user (Deleted)
- Stefan Paetow
- hlf
- wqx+qmnstigwu5kzxaiskxnikzy@idp.company.ja.net
Warnings
<<things that cause normal log errors>>
Serious Failures
<<things that cause segmentation faults>>
Silent Failures
User mapping failure:
If no user mapping is configured, or the user mapping fails, (i.e., local-login-user extracted using shibboleth-sp), Moonshot will fail silently
IDP TIDS data synchronisation failure:
When the remote Moonshot IDP continues to successfully authenticate the Jisc heartbeat, but consistently fails to authenticate any requests with a 'PSK key not found' failure even after a rekey process, restart TIDS on the remote Moonshot IDP. It is likely that TIDS no longer writes its authorisation keys to the TIDS database (/var/lib/trust_router/keys), which leads to FreeRADIUS not being able to retrieve an appropriate pre-shared key for the TLS tunnel between itself and the RP Proxy of the service provider. Restarting TIDS should restore this.
Failed credential lookup:
When in pure command-line mode and a credential lookup in identities.txt (or in its absence, the file lookup for .gss_eap_id in the initiating user's home directory) fails, a gss-client/gss-server interaction fails like this:
GSS-API error initializing context: Unspecified GSS failure. Minor code may provide more information
GSS-API error initializing context:
No other information is made available.
Long delays when attempting a GSSAPI connection
Try the following workaround:
Edit /etc/krb5.conf on both ends (particularly on the server end) and insert the following portion if it does not exist:
[libdefaults] rdns = no
- Save the file and retry the connection.
This option turns off reverse DNS resolution and is a problem in the underlying GSSAPI subsystem. It is not specific to the Moonshot mechanism.