[OpenAFS] Active Directory 2003, kerberos 5, openAFS - rxkad error=19270407, arghhhh
Lönroth Erik
erik.lonroth@scania.com
Wed, 3 Jan 2007 14:56:47 +0100
This is a multi-part message in MIME format.
------_=_NextPart_001_01C72F3F.9CEAFF5A
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
I believe I have... My file looks like this. Can I be sure this is OK? =
In my missery I can't trust anything at the moment.
[root@vmware01 ~]# cat /usr/afs/etc/krb.conf
LAB.SCANIA.COM
LAB.SCANIA.COM sesocolab11.scania.com
I have also looked in AD to se the Service principal binding (Is this =
right?) :
C:\setspn -A afs/sss.se.scania.com afs
Registering ServicePrincipalNames for =
CN=3Dafs,OU=3DUsers,OU=3DVAS,OU=3DTEST,DC=3Dlab,DC=3Ds
cania,DC=3Dcom
afs/sss.se.scania.com
Updated object
=20
C:\setspn -L afs
Registered ServicePrincipalNames for =
CN=3Dafs,OU=3DUsers,OU=3DVAS,OU=3DTEST,DC=3Dlab,DC=3Dsc
ania,DC=3Dcom:
afs/sss.se.scania.com
HOST/afs
HOST/afs.LAB
/Erik
-----Original Message-----
From: Jeffrey Altman [mailto:jaltman@secure-endpoints.com]
Sent: Wed 1/3/2007 2:29 PM
To: L=F6nroth Erik
Cc: openafs-info@openafs.org
Subject: Re: [OpenAFS] Active Directory 2003, kerberos 5, openAFS - =
rxkad error=3D19270407, arghhhh
=20
Have you set the authentication realm the AFS server's krb.conf file
to LAB.SCANIA.COM ?
Jeffrey Altman
P.S. In your krb5.conf file, don't do this:
default_tkt_enctypes =3D des-cbc-crc des-cbc-md5
default_tgs_enctypes =3D des-cbc-crc des-cbc-md5
------_=_NextPart_001_01C72F3F.9CEAFF5A
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Diso-8859-1">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
6.5.7650.28">
<TITLE>RE: [OpenAFS] Active Directory 2003, kerberos 5, openAFS - rxkad =
error=3D19270407, arghhhh</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/plain format -->
<P><FONT SIZE=3D2>I believe I have... My file looks like this. Can I be =
sure this is OK? In my missery I can't trust anything at the moment.<BR>
<BR>
[root@vmware01 ~]# cat /usr/afs/etc/krb.conf<BR>
LAB.SCANIA.COM<BR>
LAB.SCANIA.COM sesocolab11.scania.com<BR>
<BR>
<BR>
<BR>
I have also looked in AD to se the Service principal binding (Is this =
right?) :<BR>
<BR>
C:\setspn -A afs/sss.se.scania.com afs<BR>
Registering ServicePrincipalNames for =
CN=3Dafs,OU=3DUsers,OU=3DVAS,OU=3DTEST,DC=3Dlab,DC=3Ds<BR>
cania,DC=3Dcom<BR>
afs/sss.se.scania.com<BR>
Updated object<BR>
<BR>
C:\setspn -L afs<BR>
Registered ServicePrincipalNames for =
CN=3Dafs,OU=3DUsers,OU=3DVAS,OU=3DTEST,DC=3Dlab,DC=3Dsc<BR>
ania,DC=3Dcom:<BR>
afs/sss.se.scania.com<BR>
HOST/afs<BR>
HOST/afs.LAB<BR>
<BR>
/Erik<BR>
<BR>
<BR>
<BR>
<BR>
<BR>
<BR>
-----Original Message-----<BR>
From: Jeffrey Altman [<A =
HREF=3D"mailto:jaltman@secure-endpoints.com">mailto:jaltman@secure-endpoi=
nts.com</A>]<BR>
Sent: Wed 1/3/2007 2:29 PM<BR>
To: L=F6nroth Erik<BR>
Cc: openafs-info@openafs.org<BR>
Subject: Re: [OpenAFS] Active Directory 2003, kerberos 5, openAFS - =
rxkad error=3D19270407, arghhhh<BR>
<BR>
Have you set the authentication realm the AFS server's krb.conf file<BR>
to LAB.SCANIA.COM ?<BR>
<BR>
<BR>
Jeffrey Altman<BR>
<BR>
P.S. In your krb5.conf file, don't do this:<BR>
<BR>
default_tkt_enctypes =3D des-cbc-crc des-cbc-md5<BR>
default_tgs_enctypes =3D des-cbc-crc des-cbc-md5<BR>
<BR>
<BR>
</FONT>
</P>
</BODY>
</HTML>
------_=_NextPart_001_01C72F3F.9CEAFF5A--