[OpenAFS] Windows 2000 AFS client & MIT KDC

Jason Garman jgarman@wedgie.org
Sun, 20 Jan 2002 17:58:28 -0500


One more question:

I've got a test openafs cell with MIT Krb5 KDC on a separate machine.
Trying to get the Windows2000 AFS client to get tokens from this setup
isn't working.

I understand that the Windows AFS client attempts to talk Kerberos 4
straight to the AFS database servers listed in the CellServDB.  One
suggestion that I've seen is to add the Kerberos KDCs into the CellServDB.
After adding the KDC into the CellServDB, I see requests for
authentication from the Windows client:

... krb5kdc(info): PROCESS_V4:Initial ticket request Host: 192.168.1.4
User: "jgarman" ""
... krb5kdc(info): PROCESS_V4:INITIAL request from jgarman. for afs.

However, the Windows GUI reports:

Error: 11862791 (AFS service may not have started)

And ... yes the AFS client is started. :)

So I doublechecked my krb5 kdc encryption types.  I have listed:

supported_enctypes = des3-hmac-sha1:normal des-cbc-crc:normal
des-cbc-crc:v4

I tried deleting my principal and re-adding it with the v4 encryption type
listed first (using kadmin.local -e "des-cbc-crc:v4 ...") but that still
gives the same error.

Any ideas?

Thanks
-- 
Jason Garman / jgarman@wedgie.org