[OpenAFS] KfW working, but can't contact KDC for realm

Ty Sarna tsarna@sarna.org
Fri, 18 Nov 2005 14:57:42 -0500


I'm trying to do a first time install of 1.4.0 on a Windows XP
Professional box. The box is configured to authenticate against my
(heimdahl) KDC, and also has KfW installed. Both are working well, KfW
pulls tokens out of the windows cache successfully, kinit also works.
The openafs server install (1.3.87) and KDC are working fine for unix
clients.

The integrated logon has issues. It's always failed for me, except for
the last time (I don't know what changed). But even the last time when
it worked, I still got the "Credentials cache I/O operation failed XXX"
dialog!

Also, if I try to obtain tokens manually I get:
"Cannot contact KDC for requested realm.". kinit -5 from KfW works fine,
though. I have no v4 KDC or 524 daemon set up at all.

Here is an extract of the windows event log with login tracing enabled,
from the last (successfull, but still with the error dialog) attempt:

: AFS_Logoff_Event - Start.
: AFS_Logoff_Event - End.
: NPLogonNotify - LoginId(0,468397).
: In GetDomainLogonOptions for user [tsarna] in domain [SARNA.ORG].
: GetDomainLogonOptions: Can't open Domains key [2].
: Not opening domain key for [SARNA.ORG].
: opt->LogonOption found in hkNp with type [4].
: dwDummy being set to default.
: opt->retryInterval being set to default.
: opt->sleepInterval being set to default.
: PLSD username[tsarna] domain[DOITSU].
: Looking up logon script.
: Looking up TheseCells.
: Got logon script: (null).
: LogonOption[1], Service AutoStart[0].
: About to call cm_GetRootCellName(<non-integrated logon>).
: Cell is sarna.org.
: Is Remote.
: InitializeSecurityContext returns status[90312](SEC_I_CONTINUE_NEEDED).
: AcceptSecurityContext returns status[90312](SEC_I_CONTINUE_NEEDED).
: InitializeSecurityContext returns status[90312](SEC_I_CONTINUE_NEEDED).
: AcceptSecurityContext returns status[0](SEC_E_OK).
: InitializeSecurityContext returns status[0](SEC_E_OK).
: Breaking out after InitializeSecurityContext.
: Received delegate context.
: Domain: DOITSU.
: Got SID string [S-1-5-21-2052111302-1801674531-682003330-1003].
: NameTranslate Init GC failed [-2147023541].
: NameTranslate Init Domain failed [-2147023541].
: AFS AfsLogon - Test Service Running.
: while(autostart) LogonOption[1], Service AutoStart[0].
: KFW_AFS_get_cred  uname=[tsarna] smbname=[doitsu\tsarna] cell=[sarna.org] code=[-1765328191].
: while loop exited.
: Integrated login failed: Credentials cache I/O operation failed XXX.
: AFS AfsLogon - Exit.
: AFS_Logon_Event - Start.
: AFS_Logon_Event Process ID: 868.
: Domain: SARNA.ORG.
: Got SID string [S-1-5-21-2052111302-1801674531-682003330-1003].
: NameTranslate Init GC failed [-2147023541].
: NameTranslate Init Domain failed [-2147023541].
: Domain: .
: Got SID string [S-1-5-21-2052111302-1801674531-682003330-1003].
: NameTranslate Init GC failed [-2147023541].
: NameTranslate Init Domain failed [-2147023541].
: AFS_Logon_Event - Profile Directory: C:\Documents and Settings\tsarna.
: AFS_Logon_Event - Logon Name: tsarna@SARNA.ORG.
: AFS_Logon_Event - WNetAddConnection2(\\afs,tsarna@SARNA.ORG) failed: 0x52E.
: AFS_Logon_Event - End.
: KFW_Logon_Event - Start.
: KFW_Logon_Event - LogonId(0,468397).
: KFW_Logon_Event - End.