[OpenAFS] AFS-Tokens in cross realm szenario problem
Ulrich Schwickerath
ulrich.schwickerath@iwr.fzk.de
Wed, 17 Aug 2005 11:56:17 +0200
Hi,
thank's a lot for the usefull hints. In fact I did not have a cross - realm
PTS entry.
> Dumb question time: what's an "ADS KDC" ? If it's an Active Directory
> server, I could see this causing problems (e.g., the PAC might cause the
> ticket to be too big, depending on a bunch of issues).
It is. If this is the problem,anything one can do about it ?
>
> >also aklog happily provides me with a wrong token but throughs an error:
> >aklog
> >aklog: Unknown error 267272 so unable to create remote PTS user
> >schwicke@ka.fzk.de in cell cg.fzk.de (status: 267272).
>
> % translate_et 267272
> 267272 (pt).8 = Badly formed name (group prefix doesn't match owner?)
>
> I am wondering if you never created a cross-realm PTS entry.
I tried but I failed with exactly this messages (if I attempt to do it
centraly).
Authenticated as afs administrator doing
pts createuser schwicke@ka.fzk.de -cell cg.fzk.de
I get
pts: Badly formed name (group prefix doesn't match owner?) ; unable to create
user schwicke@ka.fzk.de
which looks exactly like the message that aklog gives me. If I try to
authenticate as schwicke in KA.FZK.DE and try to create the account with pts
I get
pts: ticket contained unknown key version number ; unable to create user
schwicke@ka.fzk.de
Any idea?
Thank's a lot again,
Ulrich
>
> --Ken
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
--
__________________________________________
Dr. Ulrich Schwickerath
Forschungszentrum Karlsruhe
GRID-Computing and e-Science
Institut for Scientific Computing (IWR)
P.O. Box 36 40
76021 Karlsruhe, Germany
Tel: +49(7247)82-8607
Fax: +49(7247)82-4972
e-mail: ulrich.schwickerath@iwr.fzk.de
PGP DH/DSS Key: ID 0xCEB9826F
Fingerprint: 5537 8473 CD26 507E 8EE2 BAAF 98E2 FD16 CEB9 826F
__________________________________________