[OpenAFS] OpenAFS Win 2k & Heimdal problem
Enrico Pelletta
enrico@it.kth.se
Sun, 17 Nov 2002 13:45:42 +0100
Hi!
I got a problem using OpenAFS 1.2.2b client on Win 2000 when using
Heimdal for authentication.
I created a test AFS cell using OpenAFS 1.2.7 on Debian Woody servers
and I created an ad-hoc KRB realm for authentication using Heimdal krb5.
The system works fine, but I cannot get the AFS token for user
authentication when using Windows 2000. The reason is that I configured
the AFS to use the principal afs/cell@REALM and the Windows 1.2.2b
client ask for afs@REALM instead. The result is the following error
message : "The AFS Client was unable to obtain tokens as <username> in
cell <mycell>. Error: 8 (user doesn't exist)".
There is any way to configure the client to get the right ticket?
I have already got this kind of problem when configuring OpenAFS client
on RedHat against the real AFS system in use in my department, and I
posted a mail about. In this first case, the OpenAFS client asked for
afs/cell@REALM then for afs@REALM. In the system we use the right
principal is afs@REALM. The client first ask for the wrong principal
then it get back an unespected error message and it fails instead of
asking the second kind of ticket. My guess is that heimdal return a
different error code respect MIT krb. In this case I solved the problem
by rebuilding the OpenAFS client swapping the order of the tokens. Is it
neccessary such a bad solution in my current case as well?
Thanks for helping!
Enrico.