[OpenAFS] Trouble with AFS aklog - unable to obtain tokens - unknown cell
passed to SetToken
Matt Weatherford
mbw@u.washington.edu
Wed, 15 Oct 2003 10:40:16 -0700
Greetings,
Im working with Debian/Woody and AFS 1.2.9, MIT Kerberos
Ive recently set up a kerb 5 domain server (kdc1) with a 524 daemon
and im now trying to set up an afs server (ali)
When I run aklog, I get an error: unable to obtain tokens
ali:/etc/openafs# kinit root/admin
Password for root/admin@REALM.YADDA.WASHINGTON.EDU:
ali:/etc/openafs#
ali:/etc/openafs#
ali:/etc/openafs# aklog yadda -k REALM.YADDA.WASHINGTON.EDU -d
Authenticating to cell YADDA (server ali.yadda.washington.edu).
We were told to authenticate to realm REALM.YADDA.WASHINGTON.EDU.
Getting tickets: afs/YADDA@REALM.YADDA.WASHINGTON.EDU
About to resolve name root.admin to id in cell YADDA.
Id 1
Set username to AFS ID 1
Setting tokens. AFS ID 1 / @ REALM.YADDA.WASHINGTON.EDU
aklog: unable to obtain tokens for cell YADDA (status: unknown cell was
passed to SetToken).
ali:/etc/openafs#
Here is my Kerberos Server log:
Oct 15 10:05:40 kdc1.yadda.washington.edu krb5kdc[163](info): AS_REQ (2
etypes {16 1}) 128.208.105.84(88): NEEDED_PREAUTH:
root/admin@REALM.YADDA.WASHINGTON.EDU for
krbtgt/REALM.YADDA.WASHINGTON.EDU@REALM.YADDA.WASHINGTON.EDU, Additional
pre-authentication required
Oct 15 10:05:44 kdc1.yadda.washington.edu krb5kdc[163](info): AS_REQ (2
etypes {16 1}) 128.208.105.84(88): ISSUE: authtime 1066237544, etypes
{rep=16 tkt=16 ses=16}, root/admin@REALM.YADDA.WASHINGTON.EDU for
krbtgt/REALM.YADDA.WASHINGTON.EDU@REALM.YADDA.WASHINGTON.EDU
Oct 15 10:05:48 kdc1.yadda.washington.edu krb5kdc[163](info): TGS_REQ (1
etypes {1}) 128.208.105.84(88): ISSUE: authtime 1066237544, etypes
{rep=16 tkt=16 ses=1}, root/admin@REALM.YADDA.WASHINGTON.EDU for
afs/YADDA@REALM.YADDA.WASHINGTON.EDU
And I can see traffic going from the machine Im running "aklog" on
to the Kerb server and back on port 4444 - which is the "kerb524d"
so presumably, the ticket is being "translated" to the v4 syntax.
What else can I look at to try to debug this problem?
thanks,
Matt
--
Matt Weatherford
Unix Administration
Center for Studies in Demography and Ecology
218H Raitt Hall, Box 353412
University of Washington
Seattle, WA, USA, 98195 206-685-5346
http://www.yadda.washington.edu