[OpenAFS] Got afs token I think... but can't access cell

Douglas E. Engert deengert@anl.gov
Fri, 21 May 2004 07:43:52 -0500 

Do you have krb524d running? You may need to add krb524_server =
to the krb5.conf or add DNS SRV records to point at the krb524d

The assumption is that krb524d is running on the KDC machine, but
since that is windows, you may have to run it on the AFS server(s).

There are a log of changes going on in this area, so it might
help to know the versions of Windows KDC, 20002/2003? OpenAFS
on the client and on the server, and Kerberos version of the krb524d
and aklog.  


 

"Davis, Adam" wrote:
> 
> I have a "Windows KDC" a "OpenAFS on linux" and a "linux client"
> 
> I do on the client......
> 
> kinit    ##no errors everything fine
> 
> aklog -d ic.ac.uk -k IC.AC.UK
> Authenticating to cell ic.ac.uk (server server1.cc.ic.ac.uk). We were
> told to authenticate to realm IC.AC.UK. Getting tickets:
> afs/ic.ac.uk@IC.AC.UK Principal not found, trying alternate service
> name: afs/@IC.AC.UK Kerberos error code returned by get_cred:
> -1765328228
> aklog: Couldn't get ic.ac.uk AFS tickets:
> aklog: Cannot contact any KDC for requested realm while getting AFS
> tickets
> 
> [root@client1]# klist -e -f
> Ticket cache: FILE:/tmp/krb5cc_0
> Default principal: user1@IC.AC.UK
> 
> Valid starting     Expires            Service principal
> 05/20/04 16:57:03  05/21/04 00:57:16  krbtgt/IC.AC.UK@IC.AC.UK
>         Flags: IA, Etype (skey, tkt): DES cbc mode with RSA-MD5, DES cbc
> mode with RSA-MD5 05/20/04 17:03:07  05/20/04 18:03:07  afs@IC.AC.UK
>         Flags: A, Etype (skey, tkt): DES cbc mode with CRC-32, DES cbc
> mode with CRC-32
> 
> Kerberos 4 ticket cache: /tmp/tkt0
> klist: You have no tickets cached
> -----------------------------------------------------
> 
> I am guessing I have not set the principle correctly, what do people use
> to set this ??? I used bos_util addes 0
> <pwd>IC.AC.UKafsic.ac.uk
> 
> But it returns a "bos_util: failed to set key, code 512." is there an
> easy way of seeing what is going on.
> 
> Thanks
> 
> Adam...
> 
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info

-- 

 Douglas E. Engert  <DEEngert@anl.gov>
 Argonne National Laboratory
 9700 South Cass Avenue
 Argonne, Illinois  60439 
 (630) 252-5444