FW: [OpenAFS] Windows XP problems getting an AFS token when logged
into a Kerberos Realm
Greg Wilson
Greg.Wilson@asu.edu
Mon, 29 Nov 2004 14:56:10 -0700
We are using an MIT KDC running Kerberos 1.2.7.
___________________________
Greg Wilson
Systems Programmer Principal
Information Technology
Arizona State University
-----Original Message-----
From: Douglas E. Engert [mailto:deengert@anl.gov]=20
Sent: Monday, November 29, 2004 2:41 PM
To: Jeffrey Altman
Cc: Stephen Stoops; Greg Wilson; openafs-info@openafs.org
Subject: Re: FW: [OpenAFS] Windows XP problems getting an AFS token when
logged into a Kerberos Realm
Are you using Windows 2003 as the KDC? If so the encryption will
be md5, which the 1.2.11 can not accept without some modifications.
So if the aklog is bypassing the Krb524d this could be a problem.
Jeffrey Altman wrote:
> You are or are not using Freelance mode? My guess is 'no' since
> the fake root.afs volume does not use "AFS" tokens for access.
>=20
> The version of the ASU.EDU servers are OpenAFS 1.2.8 or higher?
> I think so because authen[1234].asu.edu report 1.2.11 but they
> also report the AFS client on the machine as being "afs3.6 2.39".
Could be they updated the server but not the clients on the server.
>=20
> Have you read afs-install-notes.txt? Especially the sections
> discussing the use of Kerberos 5 tickets as tokens? If Kerberos 5
> tickets do not work and tickets derived via krb524 do, then you need
> to be a bit more knowledgeable about your use of krb524d on campus.
>=20
> Jeffrey Altman
>=20
> Stephen Stoops wrote:
>=20
>> I am using build 1.3.7401 standard install with Loopback.=20
>> I am able to mount \\AFS\all IF I use other credentials from a
different
>> domain. I am unable to mount using the Kerberos credentials from
>> ASU.EDU.=20
>=20
>=20
--=20
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444