[OpenAFS] Kerberos troubles...
Douglas E. Engert
deengert@anl.gov
Fri, 19 Mar 2004 14:07:16 -0600
"J. D. Nurmi" wrote:
>
> Ok, out of boredom, I decided to setup AFS at home, and I'm running into
> a bit of issue with kerberos, and I cant seem to figure out where I went
> wrong versus our production machines in the office...
>
> General details:
> AFS Cell: qwe.cc
> Kerberos: QWE.CC
>
> One of the issues is that I'm using DNS for kerberos resolution, but I
> dont control the in-arpa records, so I have to hack around a bit w/ the
> default_realm, etc, and I suspect this is part of the problem.
>
> Anywho, when I try to aklog, I get:
> aklog: Couldn't get qwe.cc AFS tickets:
> aklog: Server not found in Kerberos database while getting AFS ticket
>
> Which in itself is usually an idic. of a kerberos problem... Which it
> is, as, when examined in the logs, you see:
>
> Mar 19 12:14:43 michelangelo.qwe.cc krb5kdc[853](info): TGS_REQ (7
> etypes {18 17 16 23 1 3 2}) 69.162.159.65: UNKNOWN_SERVER: authtime
> 1079716481, jnurmi@QWE.CC for krbtgt/CC@QWE.CC, Server not found in
> Kerberos database
Its trying to do cross realm, and is trying to walk the DNS tree from
QWE.CC to CC. It thinks your server is in some other realm other then
QWE.CC
>
> If I add a krbtgt/CC principal (and ktab it) it instead balks on DNS,
Don't do that unless you have some cross realm trust with CC
> looking for _kerberos._tcp.CC which, while I could do even _more_ hacks
> to make it work, that just seems dirty dirty dirty.
>
> Any clue why AFS wants to talk to CC instead of QWE.CC, and further, how
> to fix it?
>
> Thanks in advance,
>
> James Nurmi
>
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
--
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444