[OpenAFS] Switching from MIT to win 2003 krb5 server - win question-obtain
tokens
Lars Schimmer
l.schimmer@cgv.tugraz.at
Fri, 08 Jun 2007 15:46:51 +0200
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Jeffrey Altman wrote:
> Lars Schimmer wrote:
>=20
>> Ok, tested it on my laptop with OpenAFS 1.5.20 and MIT KFW Netwwork
>> identity Manager 1.2.0.2
>> I destroyed all my tokens/tickets, changed the krb5.cond file from MIT
>> server to Win2003 AD server and tried to obtain tokens.
>> OK, I obtained a token as a user and as a administrator (I need to bin=
d
>> administrator to admin account).
>> But as soon as I tried to access the openafs filespace in which I need
>> the token, token was destroyed and gone.
>> Changed krb5.conf back to MIT krb5 server and it works like a charm.
>> I still miss something...
>=20
> More than likely the AFS key is wrong. Wrong kvno, wrong enctype, wron=
g
> something.
>=20
> Use trace logging to examine the error code returned by the file server
> that is causing the token to be discarded.
Thanks for the hint. The Linux system gave the error in logfile:
Jun 8 15:47:06 testpc kernel: afs: Tokens for user of AFS id 1005 for
cell cgv.tugraz.at are discarded (rxkad error=3D19270407)
A google told me wronkg kvno :-(
Although I ktpass with kvno 4 and imported it as kvno 4...
Lets try it again.
I just "bos restart -all" the afs server. Was that OK or do I need to
restart the linux system at all?
> Jeffrey Altman
> Secure Endpoints Inc.
>=20
>=20
MfG,
Lars Schimmer
- --
- -------------------------------------------------------------
TU Graz, Institut f=FCr ComputerGraphik & WissensVisualisierung
Tel: +43 316 873-5405 E-Mail: l.schimmer@cgv.tugraz.at
Fax: +43 316 873-5402 PGP-Key-ID: 0x4A9B1723
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGaV3LmWhuE0qbFyMRArwsAJ90mJu+yJwytA9gkg9vgGT2OHKX2wCeNOBd
pGXZs2cVGG7yyyZVajgO9bk=3D
=3D5f6T
-----END PGP SIGNATURE-----