[OpenAFS] Openafs 1.4.7, Active Directory 2003 user could not access AFS home directory
Derrick Brashear
shadow@gmail.com
Wed, 15 Oct 2008 15:30:18 -0400
On Wed, Oct 15, 2008 at 1:57 PM, Wenping Yang <yangw3@umdnj.edu> wrote:
>
> Derrick Brashear wrote:
>>
>> is MESH.UMDNJ.EDU in krb.conf on the AFS servers?
>>
>>
>
> No, MESH.UMDNJ.EDU is not on AFS servers. I saw a message talking about
> adding "-realm" in AFS fileserver, but I am not sure how to make it work
> for two realms.
put it in /usr/afs/etc/krb.conf (or equivalent) on the fileservers, or
it's not going to work.
>
>> Also, can you kinit with the password you're using to ktutil add on
>> the linux machine when creating the keytab for the AD domain?
>>
>
> No, it did not work.
>
> [root@RArwjmsIST1 ~]# kinit afs/med.umdnj.edu@MESH.UMDNJ.EDU
> Password for afs/med.umdnj.edu@MESH.UMDNJ.EDU:
> kinit(v5): Preauthentication failed while getting initial credentials
ok, well, that error doesn't say the password is bad, so it's not
pertinent. (service principal presumably won't let you password
authenticate)
--
Derrick