[OpenAFS] Windows 7 / enctype(?) problem permission denied.
Daniel Galambos
dancsa@dancsa.hu
Thu, 09 Jan 2014 22:09:38 +0100
Hi.
We have troubles with the recent OpenAFS releases. Until 1.7.11 there
was no major problem.
OS: Windows 7 SP1
I downloaded the the most recent release. Tried to install with kfw4.1
and NIM 2.0.102.907 didn't work. Switched to kfw 3.2... didn't work.
Switched to Heimdal 1.5.100. (windows was rebooted between tries)
krb5.conf/krb5.ini modified to have allow_weak_crypto. NIM says i have
tokens.
Now if I go to the \\AFS\realm it says permission denied.
c:\ProgramData\Kerberos\krb5.conf:
[libdefaults]
default_realm = REALM
dns_lookup_kdc = true
allow_weak_crypto=true
>klist -v
Credentials cache: API:dancsa@REALM
Principal: dancsa@REALM
Cache version: 0
Server: krbtgt/REALM@REALM
Client: dancsa@REALM
Ticket etype: des3-cbc-sha1, kvno 1
Ticket length: 330
Auth time: Jan 09 21:36:12 2014
End time: Jan 10 07:36:08 2014
Renew till: Jan 16 21:36:08 2014
Ticket flags: pre-authent, initial, renewable, proxiable, forwardable
Addresses: addressless
Server: afs@REALM
Client: dancsa@REALM
Ticket etype: des3-cbc-sha1, kvno 1
Ticket length: 318
Auth time: Jan 09 21:36:12 2014
End time: Jan 10 07:36:08 2014
Ticket flags: transited-policy-checked, pre-authent
Addresses: addressless
>tokens
Tokens held by the Cache Manager:
User dancsa@REALM's tokens for afs@realm [Expires Jan 10 07:36]
--End of list --
>vos exa user.dancsa
rxk: ticket contained unknown key version number
>vos exa user.dancsa -noauth
user.dancsa 537016793 RW 1697105 K On-line
(...)
As I see, the client won't acquire des-cbc-crc ticket.
Could you please point out what are we doing wrong? On debian i have no
problem with it.
Thanks,
Dancsa