[OpenAFS] aklog sending domain with user name returning 32766
anonymous
Dave Broudy
dave@broudy.net
Fri, 19 May 2006 13:39:07 -0600
Indeed, my clients get access denied, even to \\afs\broudy.net, which is
system:anyuser rl, either via Start Run or via a mapped drive.
I can access my afs space if I unlog, but obviously only the parts with
permissive acls.
I've also found that I'm getting "ticket contained unknown key version
number" from pts and other commands, but on the client:
c:\> kvno afs@BROUDY.NET
afs@BROUDY.NET: kvno = 3
on all servers:
# asetkey list
kvno 3: key is: (match on all servers)
All done.
Ken Hornstein wrote:
>>I have openafs 1.4.1 for windows installed and aklog is returning id
>>32766 (anonymous) for any user that I try. I've turned up debugging and
>>it looks like it's sending dave@broudy.net as the "aname", from the
>>ptserver log:
>>
>>
>
>The "id" that aklog returns is not really used by anything (other than
>some ancient Andrew supercrappy mail software). Queries to the PTS
>server are used to help determine when to do cross-realm PTS
>registration, but it's okay if it gets it wrong; the fileserver does
>it's own lookup based on the identity in the Kerberos ticket. Now if
>your clients cannot authenticate, then that's a completely different
>problem; you don't indicate if that's an issue or not.
>
>--Ken
>_______________________________________________
>OpenAFS-info mailing list
>OpenAFS-info@openafs.org
>https://lists.openafs.org/mailman/listinfo/openafs-info
>
>
--
Dave Broudy
dave@broudy.net
Phone: 303.278.0908 Mobile: 703.401.5955 Fax: 303.674.6840
http://www.broudy.net/
AIM/YIM: dbroudy