[OpenAFS] aklog sending domain with user name returning 32766 anonymous

Dave Broudy dave@broudy.net
Fri, 19 May 2006 13:39:07 -0600

Indeed, my clients get access denied, even to \\afs\broudy.net, which is 
system:anyuser rl, either via Start Run or via a mapped drive.

I can access my afs space if I unlog, but obviously only the parts with 
permissive acls.

I've also found that I'm getting "ticket contained unknown key version 
number" from pts and other commands, but on the client:

c:\> kvno afs@BROUDY.NET
afs@BROUDY.NET: kvno = 3

on all servers:

# asetkey list
kvno 3: key is: (match on all servers)
All done.

Ken Hornstein wrote:

>>I have openafs 1.4.1 for windows installed and aklog is returning id 
>>32766 (anonymous) for any user that I try. I've turned up debugging and 
>>it looks like it's sending dave@broudy.net as the "aname", from the 
>>ptserver log:
>The "id" that aklog returns is not really used by anything (other than
>some ancient Andrew supercrappy mail software).  Queries to the PTS
>server are used to help determine when to do cross-realm PTS
>registration, but it's okay if it gets it wrong; the fileserver does
>it's own lookup based on the identity in the Kerberos ticket.  Now if
>your clients cannot authenticate, then that's a completely different
>problem; you don't indicate if that's an issue or not.
>OpenAFS-info mailing list

Dave Broudy
Phone: 303.278.0908      Mobile: 703.401.5955        Fax: 303.674.6840
AIM/YIM: dbroudy