[OpenAFS] Re: Windows TGS_REQ on alternate Netbios Names
Jeffrey Altman
jaltman2@nyc.rr.com
Fri, 28 Nov 2003 20:18:19 -0500
Based upon the etypes list, this is a request coming from Windows
itself. My guess is that since you are logged into the machine via the
Kerberos LSA, Windows is trying to authenticate the access to the SMB
name published by OpenAFS with Kerberos.
You will most likely have to add service principals to your KDC for the
-AFS extended host names if you want to avoid the error messages.
Remember that all of the principals for a given host have to use the
same password.
Jeffrey Altman
Jason C. Wells wrote:
> The OpenAFS client for windows uses an additional netbios name such that
> the hostname of the computer is appended with -AFS. Windows incessantly
> attempts TGS_REQs for this netbios name. My hostname is w13. For
> example:
>
> Nov 28 13:46:40 s2.stradamotorsports.com krb5kdc[56463](info): TGS_REQ (7
> etypes {23 -133 -128 3 1 24 -135}) 192.168.1.13: UNKNOWN_SERVER: authtime
> 1070053633, jcw@STRADAMOTORSPORTS.COM for
> HOST/W13-AFS@STRADAMOTORSPORTS.COM, Server not fo und in Kerberos database
>
> I do not have a host that is actually named w13-afs on my network so I do
> not have a host/w13-afs principal in my kerberos database.
>
> Except for spamming this heck out of my logs, windows authenticating to my
> MIT KDC works fine.
>
> I would prefer to not have to add a phoney host principle just to suppress
> windows goofy behavior.
>
> Does anybody know how to get windows to stop making requests for this
> extra netbios name?
>
> Thanks,
> Jason C. Wells
>