[OpenAFS] Re: OpenAFS and AD trusts
Andrew Deason
adeason@sinenomine.net
Tue, 19 Jul 2011 15:47:52 -0500
On Tue, 19 Jul 2011 15:56:17 -0400
Danko Antolovic <dantolov@indiana.edu> wrote:
> If I tell aklog to go after RESOURCE.NET explicitly, I end up with the
> same error that started this thread:
>
> [root@afs1c afs]# aklog -d -c afs1.bedrock.iu.edu -k RESOURCE.NET
> Authenticating to cell afs1.bedrock.iu.edu (server afs1.bedrock.iu.edu).
> We were told to authenticate to realm RESOURCE.NET.
> Getting tickets: afs/afs1.bedrock.iu.edu@RESOURCE.NET
> Getting tickets: afs/afs1.bedrock.iu.edu@RESOURCE.NET
> Kerberos error code returned by get_cred : -1765328228
> aklog: Couldn't get afs1.bedrock.iu.edu AFS tickets:
> aklog: unknown RPC error (-1765328228) while getting AFS tickets
>
> This looks like AFS is trying to get the ticket from RESOURCE.NET, and
> fails with
> "-1765328228 KRB5_KDC_UNREACH Cannot contact any KDC for requested realm"
This seems more of a kerberos issue than an afs issue. After you kinit,
can you run 'kvno afs/afs1.bedrock.iu.edu@RESOURCE.NET'? (if successful,
you should see the afs/afs1.bedrock.iu.edu@RESOURCE.NET service ticket
in 'klist' afterwards) Do you have the RESOURCE.NET KDCs specified in
your krb5.conf ?
--
Andrew Deason
adeason@sinenomine.net