[OpenAFS] Strange behavior with Windows client.

Anders Magnusson ragge@ltu.se
Fri, 24 Apr 2009 17:20:46 +0200


Environment:
- Laptop, Windows XP SP3 32-bit, domain member.
- OpenAFS client 1.5.59
- Heimdal Kerberos server with trust to the AD domain.


If I connect the computer to a network somewhere, and logs in with 
cached credentials, there
is no way to talk to the AFS client; it just gives a strange error 
message, see below.
Note that the identity manager fetches kerberos tickets without problem.


C:\Documents and Settings\anha>dir \\afs\all <file://%5C%5Cafs%5Call>
The system detected a possible attempt to compromise security. Please 
ensure that you can contact the server that authenticated you.
C:\Documents and Settings\anha>aklog
aklog: Couldn't determine realm of user: -1765328189

Logging in as a local user and get tickets and tokens works just fine, 
it's when logging
in with cached credentials things don't work. 
If the machine is plugged in to a network that can reach the domain 
controller
(while still logged in with cached credentials, no reboots) the AFS 
client starts responding.

The afsd_init.log don't say anything strange; and after all, the client 
seems to work when
logging in as a local user.

Any hints?

-- Ragge