[OpenAFS] Active Directory 2003, kerberos 5, openAFS - rxkad
error=19270407, arghhhh
Jeffrey Altman
jaltman@secure-endpoints.com
Wed, 03 Jan 2007 09:16:50 -0500
L=F6nroth Erik wrote:
> I believe I have... My file looks like this. Can I be sure this is OK?
> In my missery I can't trust anything at the moment.
>=20
> [root@vmware01 ~]# cat /usr/afs/etc/krb.conf
> LAB.SCANIA.COM
> LAB.SCANIA.COM sesocolab11.scania.com
This is fine. Although the second line is not used by AFS so you
can remove it.
Did you restart the AFS servers after setting this value?
> I have also looked in AD to se the Service principal binding (Is this
> right?) :
>=20
> C:\setspn -A afs/sss.se.scania.com afs
> Registering ServicePrincipalNames for
> CN=3Dafs,OU=3DUsers,OU=3DVAS,OU=3DTEST,DC=3Dlab,DC=3Ds
> cania,DC=3Dcom
> afs/sss.se.scania.com
> Updated object
>=20
> C:\setspn -L afs
> Registered ServicePrincipalNames for
> CN=3Dafs,OU=3DUsers,OU=3DVAS,OU=3DTEST,DC=3Dlab,DC=3Dsc
> ania,DC=3Dcom:
> afs/sss.se.scania.com
> HOST/afs
> HOST/afs.LAB
>=20
That is fine.
RXKADBADTICKET can be generated if the clocks between AFS and AD
are not synchronized. Are they?
Jeffrey Altman