[OpenAFS] Got afs token I think... but can't access cell

Davis, Adam adam.davis@imperial.ac.uk
Fri, 21 May 2004 14:55:46 +0100


It is Windows 2003 and Openafs 1.2.11 on redhat enterprise 3, krb5-1.3.3
for krb524d=20


I am finding it hard to confirm that the keys are the same. How would I
list the key on the windows machine and also on the afs server so I can
make sure they are the same.

I have krb524d running on the afs server and added the "krb524_server =
=3D
to the krb5.conf"

Thanks=20

Adam.....




-----Original Message-----
From: Douglas E. Engert [mailto:deengert@anl.gov]=20
Sent: 21 May 2004 13:44
To: Davis, Adam
Cc: openafs-info@openafs.org
Subject: Re: [OpenAFS] Got afs token I think... but can't access cell


Do you have krb524d running? You may need to add krb524_server =3D to =
the
krb5.conf or add DNS SRV records to point at the krb524d

The assumption is that krb524d is running on the KDC machine, but since
that is windows, you may have to run it on the AFS server(s).

There are a log of changes going on in this area, so it might help to
know the versions of Windows KDC, 20002/2003? OpenAFS on the client and
on the server, and Kerberos version of the krb524d and aklog. =20


=20

"Davis, Adam" wrote:
>=20
> I have a "Windows KDC" a "OpenAFS on linux" and a "linux client"
>=20
> I do on the client......
>=20
> kinit    ##no errors everything fine
>=20
> aklog -d ic.ac.uk -k IC.AC.UK
> Authenticating to cell ic.ac.uk (server server1.cc.ic.ac.uk). We were=20
> told to authenticate to realm IC.AC.UK. Getting tickets:=20
> afs/ic.ac.uk@IC.AC.UK Principal not found, trying alternate service
> name: afs/@IC.AC.UK Kerberos error code returned by get_cred:=20
> -1765328228
> aklog: Couldn't get ic.ac.uk AFS tickets:
> aklog: Cannot contact any KDC for requested realm while getting AFS=20
> tickets
>=20
> [root@client1]# klist -e -f
> Ticket cache: FILE:/tmp/krb5cc_0
> Default principal: user1@IC.AC.UK
>=20
> Valid starting     Expires            Service principal
> 05/20/04 16:57:03  05/21/04 00:57:16  krbtgt/IC.AC.UK@IC.AC.UK
>         Flags: IA, Etype (skey, tkt): DES cbc mode with RSA-MD5, DES=20
> cbc mode with RSA-MD5 05/20/04 17:03:07  05/20/04 18:03:07
afs@IC.AC.UK
>         Flags: A, Etype (skey, tkt): DES cbc mode with CRC-32, DES cbc

> mode with CRC-32
>=20
> Kerberos 4 ticket cache: /tmp/tkt0
> klist: You have no tickets cached
> -----------------------------------------------------
>=20
> I am guessing I have not set the principle correctly, what do people=20
> use to set this ??? I used bos_util addes 0 <pwd>IC.AC.UKafsic.ac.uk
>=20
> But it returns a "bos_util: failed to set key, code 512." is there an=20
> easy way of seeing what is going on.
>=20
> Thanks
>=20
> Adam...
>=20
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org=20
> https://lists.openafs.org/mailman/listinfo/openafs-info

--=20

 Douglas E. Engert  <DEEngert@anl.gov>
 Argonne National Laboratory
 9700 South Cass Avenue
 Argonne, Illinois  60439=20
 (630) 252-5444