[OpenAFS] client unable to access afs-cell after update to 1.4.1
Ulrich Eck
ueck@net-labs.de
Mon, 29 May 2006 18:53:47 +0200
hi there,
we have a small AFS-Cell using MIT-KRB5+524d on several debian/linux
machines.
after upgrading one of the openafs-clients (debian) to v1.4.1 + new
kernel-modules
we're not able to access the afs-cell from this system.
there seems to be a difference between v1.3.81 (used on our
fileservers/other clients) and
the new v1.4.1 in respect to what service-ticket aklog requests.
on a working machine it requests a service-ticket for afs@OUR.DOMAIN
with the new
version it requests afs/cellname@OUR.DOMAIN. i tried to create a
principal afs/cellname@OUR.DOMAIN in our kdc - but i didn't have success
as the kvno of the newly created principal does not match the
server-config.
i get this error-message in the syslog of the client:
kernel: afs: Tokens for user of AFS id XXX for cell cellname are
discarded (rxkad error=19270408)
~$ translate_et 19270408
19270408 (rxk).8 = ticket contained unknown key version number
so my question(s):
is it possible to tell aklog to behave like it did before the upgrade
(ergo request the afs@OUR.DOMAIN ticket) ?
if not: can i tell the afs-cell to accept more than one service-ticket
(afs@OUR.DOMAIN and afs/cellname@OUR.DOMAIN) and if yes - how would i do
so ?
thanks in advance for any suggestions/help
cheers Ulrich
--
net-labs Systemhaus GmbH
Ebersberger Str. 46
85570 Markt Schwaben
fon +49 8121 4747 0
fax +49 8121 4747 77
email: ueck@net-labs.de