[OpenAFS-devel] Problem with mapped users on W2K using Openafs client

Dietrich Schroff d.schroff@web.de
Thu, 8 May 2003 08:38:15 +0200 

Hello,

tried to integrate W2K-server to kerberos 5 and openafs.=20
I followed the description on
http://mailman.mit.edu/pipermail/kerberos/2002-October/001857.html
Now it works fine, when i log in as local user and then i can obtain a
token for openafs.

When i log in as kerberos user mapped to a local account, windows
accepts the login, but i am not able to obtain a token. The error
message is:

"The AFS Client was unable to obtain tokens as schroff in cell
physik.uni-freiburg.de"
"Error: 11862791 (AFS Service may not have started)"

This is an error message for:
KTC=5FNOCM Cache Manager is not initialized / afsd is not running

The krb5kdc.log at the MIT Kerberos-Server showed the following entries:
for a local user:
May 07 21:59:22 hepafs krb5kdc[181](info): PROCESS=5FV4:Initial ticket reque=
st Host: 132.230.77.3 User: "schroff" ""
May 07 21:59:22 hepafs krb5kdc[181](info): PROCESS=5FV4:INITIAL request from=
 schroff. for afs.

for a mapped user:
May 07 22:02:16 hepafs krb5kdc[181](info): TGS=5FREQ (7 etypes {23 -133 -128=
 3 1 24 -135}) 132.230.77.3(88): UNKNOWN=5FSERVER: authtime 1052337735,  sch=
roff@PHYSIK.UNI-FREIBURG.DE for HOST/RUHP3-AFS@PHYSIK.UNI-FREIBURG.DE, Ser=
ver not found in Kerberos database
May 07 22:02:16 hepafs krb5kdc[181](info): TGS=5FREQ (7 etypes {23 -133 -128=
 3 1 24 -135}) 132.230.77.3(88): UNKNOWN=5FSERVER: authtime 1052337735,  sch=
roff@PHYSIK.UNI-FREIBURG.DE for HOST/RUHP3-AFS@PHYSIK.UNI-FREIBURG.DE, Ser=
ver not found in Kerberos database
May 07 22:02:16 hepafs krb5kdc[181](info): TGS=5FREQ (7 etypes {23 -133 -128=
 3 1 24 -135}) 132.230.77.3(88): PROCESS=5FTGS: authtime 0,  <unknown client=
> for HOST/RUHP3-AFS@PHYSIK.UNI-FREIBURG.DE, Request is a replay

The W2K machine has the name ruph3. So why is there this -afs=3F If i add th=
is HOST/RUHP3-AFS to the Kerberos-database, i get the same entries as a lo=
cal user, but the same error code as bevor..

So can anybody help me, that mapped users can get a token, too=3F

Thanks
Dietrich

PS: Installing the openafs-server was done as described in=20
http://www.debianplanet.org/node.php=3Fid=3D816
=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F
Mit der Grupppen-SMS von WEB.DE FreeMail k=F6nnen Sie eine SMS an alle=20
Freunde gleichzeitig schicken: http://freemail.web.de/features/=3Fmc=3D021179