[OpenAFS] AFS client behind NAT

Derrick Brashear shadow@gmail.com
Tue, 15 Jan 2008 22:42:11 -0500 

------=_Part_17818_31346719.1200454931545
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

As a note, if you subscribe, your messages will get through. Sending them
lots of times will not get them through any faster if you haven't
subscribed.

On Jan 14, 2008 3:18 AM, Georg Troska <georg.troska@uni-dortmund.de> wrote:

> Hi,
> I'm new here and I hope you can help me.
>
> I have 2 AFS Servers, already working for a while, they manage two
> different cells. We call them Server A and B
>
> These two servers are are in two different class-c nets and my
> university manages routing between them.
> The computer of Server A is simultaniusly a router to a thrid subnet,
> which is a private net and has nothing to do with the other router.
>
> I have one kerberos-Server based in the b-net. LDAP is there also.
>
> My problem comes along while I was changing my homedirectory from one
> cell to the other.
> In former times I had my homedir in the AFS directory of server B.
> Getting tickets and tokens was no problem. GSSAPI, that means
> passwordless ssh-logins through keytabs over kerberos worked fine
>
> Now I changed my homedirectory to AFS-Server B.
> Logins do work! But not SSH!
>
> Login from C to A: works
>
> Login from B to C: Could no chdir to home directory [...] Permission
> denied
> klist says that I have a ticket, but aklog says: Incorrect net
> address while getting AFS tickets


get addressless tickets.

>
> I'm not sure if it is a problem with pam or with kerberos
>

 well, in a manner of speaking, both and neither.

------=_Part_17818_31346719.1200454931545
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

As a note, if you subscribe, your messages will get through. Sending them lots of times will not get them through any faster if you haven&#39;t subscribed.<br><br><div class="gmail_quote">On Jan 14, 2008 3:18 AM, Georg Troska &lt;
<a href="mailto:georg.troska@uni-dortmund.de">georg.troska@uni-dortmund.de</a>&gt; wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Hi,<br>I&#39;m new here and I hope you can help me.<br><br>I have 2 AFS Servers, already working for a while, they manage two<br>different cells. We call them Server A and B<br><br>These two servers are are in two different class-c nets and my
<br>university manages routing between them.<br>The computer of Server A is simultaniusly a router to a thrid subnet,<br>which is a private net and has nothing to do with the other router.<br><br>I have one kerberos-Server based in the b-net. LDAP is there also.
<br><br>My problem comes along while I was changing my homedirectory from one<br>cell to the other.<br>In former times I had my homedir in the AFS directory of server B.<br>Getting tickets and tokens was no problem. GSSAPI, that means
<br>passwordless ssh-logins through keytabs over kerberos worked fine<br><br>Now I changed my homedirectory to AFS-Server B.<br>Logins do work! But not SSH!<br><br>Login from C to A: works<br><br>Login from B to C: Could no chdir to home directory [...] Permission
<br>denied<br>klist says that I have a ticket, but aklog says: Incorrect net<br>address while getting AFS tickets</blockquote><div><br>get addressless tickets. <br></div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<br>I&#39;m not sure if it is a problem with pam or with kerberos<br></blockquote><div><br>&nbsp;well, in a manner of speaking, both and neither. <br></div></div><br>

------=_Part_17818_31346719.1200454931545--