[OpenAFS] Thank you, and one more question
Thu, 16 Jan 2003 12:06:10 +0100
first off I would like to thank everyone who responded on this list and
privately, offering help in response to my last message.
I was finally successful this morning in setting up a working server
Thanks a lot!
That said, there is still one problem left. I am trying to set up
the Windows version of OpenAFS 1.2.8 to access the newly set up server.
It installs successfully and the OpenAFS service starts normally.
However I am having trouble obtaining a token. When I try to log in (in
response to "Obtain new tokens..." in the AFS client tool) I get the
"The AFS client was unable to obtain tokens as USERNAME in cell
Error: 3(unknown authentication error 3)"
I should note that there is one "problem" regarding authentication that
I have on the Linux server aswell that might be related. Namely, if I
just do "aklog" after kinit, I get:
aklog: Couldn't get afs-cell-name AFS tickets:
aklog: Server not found in Kerberos database while getting AFS
In order for it to work, I have to do:
aklog afs-cell-name -k KERBEROS-REALM
At first I thought this was due to the AFS cell name being in lower
case, and the kerberos realm being the same name but in upper case. But
then I realized - that's required by the AFS/kerberos cell name
restrictions, correct? (AFS cells lower case; kerberos realms upper case)
Could the problems be related?
The user I am trying to authenticate as is verified to work with the
Linux client (on the server machine, using kinit and aklog). It was
created like this:
kadmin.local -q "ank username"
pts creategroup groupname
pts adduser username groupname
Any pointers are greatly appreciated. Thanks!
 This indicates something is working. Because when I chose some cell
at random, which worked with 1.2.2b, the service won't start. I am
guessing/hoping this is because 1.2.8 uses kerberos by default. So when
I enter the correct cell (the one I just set up), it is able to start.
That must mean *something* is working right.
/ Peter Schuller, InfiDyne Technologies HB
PGP userID: 0xE9758B7D or 'Peter Schuller <email@example.com>'
Key retrival: Send an E-Mail to firstname.lastname@example.org
E-Mail: email@example.com Web: http://www.scode.org