[OpenAFS] AFS-Tokens in cross realm szenario problem

Derek Atkins warlord@MIT.EDU
Wed, 17 Aug 2005 07:31:40 -0400 

Did you create the cross-realm pts GROUP?  You need to

  pts creategroup system:authuser@<remote-realm>

before you can create any PTS IDs for user@<remote-realm>

-derek

Ulrich Schwickerath <Ulrich.Schwickerath@iwr.fzk.de> writes:

> Hi, 
> thank's a lot for the usefull hints. In fact I did not have a cross - realm 
> PTS entry. 
>> Dumb question time: what's an "ADS KDC" ?  If it's an Active Directory
>> server, I could see this causing problems (e.g., the PAC might cause the
>> ticket to be too big, depending on a bunch of issues).
> It is. If this is the problem,anything one can do about it ?
>>
>> >also aklog happily provides me with a wrong token but throughs an error:
>> >aklog
>> >aklog: Unknown error 267272 so unable to create remote PTS user
>> >schwicke@ka.fzk.de in cell cg.fzk.de (status: 267272).
>>
>> % translate_et 267272
>> 267272 (pt).8 = Badly formed name (group prefix doesn't match owner?)
>>
>> I am wondering if you never created a cross-realm PTS entry.
> I tried but I failed with exactly this messages (if I attempt to do it 
> centraly). 
> Authenticated as afs administrator doing 
> pts createuser schwicke@ka.fzk.de -cell cg.fzk.de
> I get 
> pts: Badly formed name (group prefix doesn't match owner?) ; unable to create 
> user schwicke@ka.fzk.de
> which looks exactly like the message that aklog gives me. If I try to 
> authenticate as schwicke in KA.FZK.DE and try to create the account with pts 
> I get
>  pts: ticket contained unknown key version number ; unable to create user 
> schwicke@ka.fzk.de
>
> Any idea? 
>
> Thank's a lot again,
>
> Ulrich
>>
>> --Ken
>> _______________________________________________
>> OpenAFS-info mailing list
>> OpenAFS-info@openafs.org
>> https://lists.openafs.org/mailman/listinfo/openafs-info
>
> -- 
> __________________________________________
> Dr. Ulrich Schwickerath
> Forschungszentrum Karlsruhe
> GRID-Computing and e-Science
> Institut for Scientific Computing (IWR)
> P.O. Box 36 40
> 76021 Karlsruhe, Germany
>
> Tel: +49(7247)82-8607
> Fax: +49(7247)82-4972 
>
> e-mail: ulrich.schwickerath@iwr.fzk.de
> PGP DH/DSS Key: ID 0xCEB9826F
> Fingerprint: 5537 8473 CD26 507E 8EE2  BAAF 98E2 FD16 CEB9 826F
> __________________________________________
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
>
>

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord@MIT.EDU                        PGP key available