[OpenAFS] aklog with NAT
Derek Atkins
warlord@MIT.EDU
05 Jan 2003 10:47:57 -0500
"Ryan Underwood" <nemesis-lists@icequake.net> writes:
> Hi,
>
> Apologies in advance for the probably stupid nature of this question.
> I have a client on NAT with a private IP of 192.168.x.x and a NAT router
> with a public IP. The OpenAFS server is on a public IP somewhere else.
>
> I read through related messages on the list and it seems that AFS should
> not have a problem with this setup as long as I make sure UDP 7001 isn't
> getting timed out too soon. However, I can't get that far. I kinit and
> then aklog, and aklog says:
>
> aklog: Incorrect net address while getting AFS tickets
>
> Sooo... any ideas? :) I'm assuming this is related to the NAT; e.g., the
> kerberos ticket is issued with an IP address of the public IP on the router's
> external interface, and then aklog looks at the ticket, sees that it doesn't
> match the internal machine that i'm sitting at, and quits.
Yea, Kerberos5 doesn't like NAT. Try:
kinit -A
aklog
This will get your addressless tickets.
> Ryan Underwood, <nemesis at icequake.net>, icq=10317253
-derek
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord@MIT.EDU PGP key available