[OpenAFS] Stuck in automatic token genreation on WinXP SP2
Sun, 28 Aug 2005 16:54:38 +0200
-----BEGIN PGP SIGNED MESSAGE-----
Thx for your answer.
I´ve read the install notes. But as all clients and servers in the new
cell are new (1.3.83+ versions), I never thought about any of that.
Jeffrey Altman schrieb:
| Do you have a cross realm trust configured between AD and the MIT KDC?
How should I do this? Both realm are the same.
I mean: first I setup the krb5 realm for our network, after that the AD.
I thought it would be easy, just to use our DNS entry, because it´s easy
and the same for Win and Linux machines.
| Have you configured the workstation to know about the MIT KDC using
I found something on the krb5 site. Yes, it knows the MIT, but after
reboot I could only logon local or with the MIT KDC (with which login
failed), the AD was gone...
| Have you added both realms to the MIT krb5.ini file?
There is only one realm.
| Is there an appropriate domain/realm mapping in the MIT krb5.ini file
| to allow the realm of the cell's VLDB servers to be determined correctly?
That should be OK, as it works without "obtaining ticket/token via logon".
| Is the afs/cell@REALM principal in the MIT KDC configuration to only
| include the DES-CBC-CRC enctype?
Yes. Without it wouldn´t work at all on my clients.
| MIT KFW is not used to obtain Kerberos 4 tickets with OAFW. It only
| obtains Kerberos 5 tickets.
OK, I assumed something like that.
While logon to the Active Directoy the Clients get tickets from the Win
Server with which they don´t get tokens. After destroying the ticket
from the AD KDC and obtaining new tickets, the MIT leash manager got
tickets from MIT KDC.
I want them to get tokens for our cell, either obtaining tickets from
MIT KDC instead of AD KDC or via the KDC tickets.
| Please read afs-install-notes.txt.
Read it. No solution found while reading...
| Jeffrey Altman
TU Graz, Institut für ComputerGraphik & Wissensvisualisierung
Tel.: +43 316 873-5405 E-Mail: email@example.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)
Comment: GnuPT-Light 0.3 by EQUIPMENTE.DE
-----END PGP SIGNATURE-----