[OpenAFS] Windows XP problems getting an AFS token when logged into a Kerberos Realm

James Durand JDDURAND@asu.edu
Wed, 24 Nov 2004 10:45:02 -0700 

Jeff,

My fault. I should have mentioned this in the firat note.
Kerberos for Windows 2.6.5 had already been installed.

jim


-----Original Message-----
From: Jeffrey Altman [mailto:jaltman@columbia.edu]
Sent: Tuesday, November 23, 2004 4:24 PM
To: James Durand
Cc: openafs-info@openafs.org
Subject: Re: [OpenAFS] Windows XP problems getting an AFS token when
logged into a Kerberos Realm


You need to install Kerberos for Windows if you want to be able to use=20
Kerberos 5 with OpenAFS for Windows.

Jeffrey Altman


James Durand wrote:

> Hello,
>=20
> I have OpenAFS 1.3.74 installed on a Windows XP system. I have done
the following to set it up so that I can log it in using our ASU.EDU MIT
Kerberos Realm.
>=20
>  1. I created user accounts on the AD domain server that matched the
AFS and KDC account principal names.
>  2. I setup trust between the AD domain and the MIT kerberos realm.
>  3. I ran ksetup on the client machine pointing it to our KDC's
>  4. I set the Kerberos "Name Mapping" in the AD domain to matching the
<username>@ASU.EDU where <username> matches the username in the AD
domain....
>=20
> Using this setup and logging into the machine under the AD domain I am
able to get an AFS token using either kinit/aklog or getting a token
directly using the AFS authentication in the systray.
>=20
> When I login to the machine using the ASU.EDU (Kerberos) domain I am
not able to get a token any way that I try.
>=20
> The error that comes back using either kinit/aklog or the AFS Client
Authentication is as follows:
>=20
>    AFS Client: The AFS Client was unable to obtain tokens as
<username> in cell asu.edu
>    ERROR: 118627916 (Uknown Code KTC7)
>=20
>    Aklog -d : Unable to obtain tokens for cell asu.edu (Status:
11862791).
>=20
> What could be causing this. We want to implement SSO using our MIT
Kerberos server and get AFS tokens at the same time in an Open AFS
integrated login but are getting stuck at this point.
>=20
> Thanks for your help...
>=20
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info