[OpenAFS] AFS Authentication to windows 2003 AD server.
Larry Cashdollar
lcashdol@gmail.com
Wed, 7 Dec 2005 15:24:28 -0500
------=_Part_3570_4907675.1133987068806
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Hello all,
So for two or three years now I have managed an AFS Cell that
authenticates to windows 2000 AD server.
The AD servers were recently converted to windows 2003 and now I can no
longer authenticate to my cell.
Authenticating to cell vapid-labs.com (server afs-camdb1.vapid-labs.com).
We've deduced that we need to authenticate to realm VAPID-LABS.COM.
Getting tickets: afs/vapid-labs.com@VAPID-LABS.COM
Kerberos error code returned by get_cred: -1765328154
aklog: Couldn't get vapid-labs.com AFS tickets:
aklog: Key version number for principal in key table is incorrect while
gettingAFS tickets
On my other client I get the same error code, but it is mapped to a
different message.
Which one is the correct message?
larry@Mathom:~$ aklog -d
Authenticating to cell vapid-labs.com (server afs-camdb1.vapid-labs.com).
We've deduced that we need to authenticate to realm vapid-labs.com.
Getting tickets: afs/vapid-labs.com@VAPID-LABS.COM
Kerberos error code returned by get_cred: -1765328154
aklog: Couldn't get vapid-labs.com AFS tickets:
aklog: New password cannot be zero length while getting AFS tickets
I use a seperate kerberos server running krb524 on port 4444 to convert
tickets.
Any help will be appreciated.
------=_Part_3570_4907675.1133987068806
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Hello all,<br>
So for two
or three years now I have managed an AFS Cell that authenticates to
windows 2000 AD server.<br>
<br>
The AD servers were recently converted to windows 2003 and now I can no lon=
ger authenticate to my cell. <br>
<br>
Authenticating to cell <a href=3D"http://vapid-labs.com">vapid-labs.com</a>=
(server <a href=3D"http://afs-camdb1.vapid-labs.com">afs-camdb1.vapid-labs=
.com</a>).<br>
We've deduced that we need to authenticate to realm <a href=3D"http://VAPID=
-LABS.COM">VAPID-LABS.COM</a>.<br>
Getting tickets: afs/vapid-<a href=3D"mailto:labs.com@VAPID-LABS.COM">labs.=
com@VAPID-LABS.COM</a><br>
Kerberos error code returned by get_cred: -1765328154<br>
aklog: Couldn't get <a href=3D"http://vapid-labs.com">vapid-labs.com</a> AF=
S tickets:<br>
aklog: Key version number for principal in key table is incorrect while get=
tingAFS tickets<br>
<br>
On my other client I get the same error code, but it is mapped to a differe=
nt message.<br>
<br>
Which one is the correct message?<br>
<br>
larry@Mathom:~$ aklog -d<br>
Authenticating to cell <a href=3D"http://vapid-labs.com">vapid-labs.com</a>=
(server <a href=3D"http://afs-camdb1.vapid-labs.com">afs-camdb1.vapid-labs=
.com</a>).<br>
We've deduced that we need to authenticate to realm <a href=3D"http://vapid=
-labs.com">vapid-labs.com</a>.<br>
Getting tickets: afs/vapid-<a href=3D"mailto:labs.com@VAPID-LABS.COM">labs.=
com@VAPID-LABS.COM</a><br>
Kerberos error code returned by get_cred: -1765328154<br>
aklog: Couldn't get <a href=3D"http://vapid-labs.com">vapid-labs.com</a> AF=
S tickets:<br>
aklog: New password cannot be zero length while getting AFS tickets<br>
<br>
<br>
I use a seperate kerberos server running krb524 on port 4444 to convert tic=
kets.<br>
<br>
Any help will be appreciated.<br>
<br>
------=_Part_3570_4907675.1133987068806--