[OpenAFS] Stuck in automatic token genreation on WinXP SP2

Lars Schimmer l.schimmer@cgv.tugraz.at
Sun, 28 Aug 2005 16:54:38 +0200 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi!

Thx for your answer.
I´ve read the install notes. But as all clients and servers in the new
cell are new (1.3.83+ versions), I never thought about any of that.

Jeffrey Altman schrieb:
| Do you have a cross realm trust configured between AD and the MIT KDC?

How should I do this? Both realm are the same.
I mean: first I setup the krb5 realm for our network, after that the AD.
I thought it would be easy, just to use our DNS entry, because it´s easy
and the same for Win and Linux machines.

| Have you configured the workstation to know about the MIT KDC using
KSETUP?

I found something on the krb5 site. Yes, it knows the MIT, but after
reboot I could only logon local or with the MIT KDC (with which login
failed), the AD was gone...

| Have you added both realms to the MIT krb5.ini file?

There is only one realm.

| Is there an appropriate domain/realm mapping in the MIT krb5.ini file
| to allow the realm of the cell's VLDB servers to be determined correctly?

That should be OK, as it works without "obtaining ticket/token via logon".

| Is the afs/cell@REALM principal in the MIT KDC configuration to only
| include the DES-CBC-CRC enctype?

Yes. Without it wouldn´t work at all on my clients.

| Note:
|
| MIT KFW is not used to obtain Kerberos 4 tickets with OAFW.  It only
| obtains Kerberos 5 tickets.

OK, I assumed something like that.

In short:
While logon to the Active Directoy the Clients get tickets from the Win
Server with which they don´t get tokens. After destroying the ticket
from the AD KDC and obtaining new tickets, the MIT leash manager got
tickets from MIT KDC.
I want them to get tokens for our cell, either obtaining tickets from
MIT KDC instead of AD KDC or via the KDC tickets.


| Please read afs-install-notes.txt.

Read it. No solution found while reading...

| Jeffrey Altman

Cya
Lars
- --
- -------------------------------------------------------------
TU Graz, Institut für ComputerGraphik & Wissensvisualisierung
Tel.: +43 316 873-5405       E-Mail: l.schimmer@cgv.tugraz.at
PGP-Key-ID: 0xB87A0E03
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)
Comment: GnuPT-Light 0.3 by EQUIPMENTE.DE

iD8DBQFDEdAuVguzrLh6DgMRArhTAJ9VgHToLJkVj50Eer3c/D3eHx42XgCdHjzk
myrbBnVBIL57XCtg8/yaZwA=
=O9Nz
-----END PGP SIGNATURE-----