[OpenAFS] Integrated Windows Logon

Hugo Monteiro hugo.monteiro@fct.unl.pt
Mon, 09 May 2011 11:21:41 +0100 

On 05/06/2011 10:22 PM, Jeffrey Altman wrote:
> On 5/6/2011 4:46 PM, Hugo Monteiro wrote:
>
>> Hi Jeffrey,
>>
>> i'm using DNS to publish AFSDB records and it's able to find the AFS
>> servers. But apparently domain translation isn't happening.
>>
>> My /etc/krb5.conf file, at the vldb servers, contains
>>
>> [domain_realm]
>>          .fct.unl.pt = FCT.UNL.PT
>>
>> So i assume it should use the same domain for both cells.
>>
>> I'm sorry if all this seems rather obvious, but the fact is that i don't
>> know which road to take.
>>
>> Best Regards,
>>
>> Hugo Monteiro.
> I cannot verify that AFSDB records exist from my client systems although
> I am able to see SRV records for _kerberos._udp.fct.unl.pt.
>
> What does "aklog -d staff.fct.unl.pt" report when you try to obtain
> tokens with a user principal in FCT.UNL.PT?
>
> Jeffrey Altman
>
>
>


Hello Jeffrey,

C:\Users\user>aklog -d staff.fct.unl.pt
Authenticating to cell staff.fct.unl.pt.
aklog: Couldn't determine realm of user: No credentials cache found

This will also happen if i specify the default cell fct.unl.pt.

If i specify which realm to use, through -k, the result is the same.


Now the weird part is that if i choose the AFS Client from the tray, and 
i click on obtain new tokens, not only it does get the new token for the 
default cell (fct.unl.pt) but if i then issue the aklog command i get:

C:\Users\user>aklog -d staff.fct.unl.pt
Authenticating to cell staff.fct.unl.pt.
Getting v5 tickets: afs/staff.fct.unl.pt@FCT.UNL.PT
About to resolve name user@FCT.UNL.PT to id
Id 12345
Set username to user@FCT.UNL.PT
Getting tokens.


C:\Users\user>tokens

Tokens held by the Cache Manager:

User user@FCT.UNL.PT's tokens for afs@fct.unl.pt [Expires May 10 11:17]
User user@FCT.UNL.PT's tokens for afs@staff.fct.unl.pt [Expires May 10 
11:17]
    --End of list --


I'm lost and any help would be much appreciated.

Thanks in advance,

Hugo Monteiro.

-- 
fct.unl.pt:~# cat .signature

Hugo Monteiro
Email	 : hugo.monteiro@fct.unl.pt
Telefone : +351 212948300 Ext.15307
Web      : http://hmonteiro.net

Divisão de Informática
Faculdade de Ciências e Tecnologia da
		   Universidade Nova de Lisboa
Quinta da Torre   2829-516 Caparica   Portugal
Telefone: +351 212948596   Fax: +351 212948548
www.fct.unl.pt                apoio@fct.unl.pt

fct.unl.pt:~# _