[OpenAFS] Integrated Windows Logon

Hugo Monteiro hugo.monteiro@fct.unl.pt
Fri, 01 Apr 2011 20:00:56 +0100

On 04/01/2011 07:04 PM, Jeffrey Altman wrote:
> See appendix A.2.1 for details on specifying per logon domain 
> configuration including the authentication realm.

Hi Jeffrey,

Actually that's where I started. I was trying to give access to two 
different cells using the same krb realm.

Kerberos Realm is FCT.UNL.PT
AFS cells are fct.unl.pt, which is the default cell, and staff.fct.unl.pt

I added a new key


since the windows domain is called STAFF.

I then added the value Realm with the krb realm to be used which is 
Then i added the value TheseCells with staff.fct.unl.pt so i could get 
tokens for the second cell

But then, after logon i would only get a token for the default cell. 
Windows events showed the following:

Looking up TheseCells
Located TheseCells in hkDom size 18
Found TheseCells [staff.fct.unl.pt]
KFW_AFS_get_cred uname=[user@FCT.UNL.PT] smbname=[staff\user] 
cell=[fct.unl.pt] code=[0]
KFW_AFS_get_cred uname=[user@FCT.UNL.PT] smbname=[staff\user] 
cell=[staff.fct.unl.pt] code=[-1765328189]

So it does try to get the token, but it fails.

If i get new creds from NIM, it's able to get tokens for both cells.

Any help would be much appreciated.

Best Regards,

Hugo Monteiro.

fct.unl.pt:~# cat .signature

Hugo Monteiro
Email	 : hugo.monteiro@fct.unl.pt
Telefone : +351 212948300 Ext.15307
Web      : http://hmonteiro.net

Divisão de Informática
Faculdade de Ciências e Tecnologia da
		   Universidade Nova de Lisboa
Quinta da Torre   2829-516 Caparica   Portugal
Telefone: +351 212948596   Fax: +351 212948548
www.fct.unl.pt                apoio@fct.unl.pt

fct.unl.pt:~# _