[OpenAFS] aklog with NAT

Derek Atkins warlord@MIT.EDU
05 Jan 2003 10:47:57 -0500

"Ryan Underwood" <nemesis-lists@icequake.net> writes:

> Hi,
> Apologies in advance for the probably stupid nature of this question.
> I have a client on NAT with a private IP of 192.168.x.x and a NAT router
> with a public IP.  The OpenAFS server is on a public IP somewhere else.
> I read through related messages on the list and it seems that AFS should
> not have a problem with this setup as long as I make sure UDP 7001 isn't
> getting timed out too soon.  However, I can't get that far.  I kinit and
> then aklog, and aklog says:
> aklog: Incorrect net address while getting AFS tickets
> Sooo... any ideas? :)  I'm assuming this is related to the NAT; e.g., the
> kerberos ticket is issued with an IP address of the public IP on the router's
> external interface, and then aklog looks at the ticket, sees that it doesn't
> match the internal machine that i'm sitting at, and quits.

Yea, Kerberos5 doesn't like NAT.  Try:

        kinit -A

This will get your addressless tickets.

> Ryan Underwood, <nemesis at icequake.net>, icq=10317253


       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord@MIT.EDU                        PGP key available