[OpenAFS] Integrated Windows Logon
Hugo Monteiro
hugo.monteiro@fct.unl.pt
Mon, 09 May 2011 17:18:14 +0100
On 05/09/2011 03:25 PM, Jeffrey Altman wrote:
> Now I understand why aklog works for you but afscreds and afslogon do
> not. aklog always tries the service principal afs/<cell>@<USER-REALM>
> first regardless of what the VLDB host to domain mapping resolves to.
>
> I would still like to see the output from nslookup for the AFSDB records.
>
> Jeffrey Altman
>
Hi Jeffrey,
I am assuming that the AFSDB records are to be specified under the dns
zone that the client uses as its primary dns suffix. That said, and
since the client dns suffix is oper.ci.fct.unl.pt,
~$ dig -t AFSDB oper.ci.fct.unl.pt
; <<>> DiG 9.7.0-P1 <<>> -t AFSDB oper.ci.fct.unl.pt
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 501
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;oper.ci.fct.unl.pt. IN AFSDB
;; ANSWER SECTION:
oper.ci.fct.unl.pt. 86400 IN AFSDB 1 staff-afs1.ci.fct.unl.pt.
oper.ci.fct.unl.pt. 86400 IN AFSDB 2 staff-afs2.ci.fct.unl.pt.
;; Query time: 3 msec
;; SERVER: 10.130.16.34#53(10.130.16.34)
;; WHEN: Mon May 9 17:10:27 2011
;; MSG SIZE rcvd: 116
Either way, i have also tried by specifying the servers under the
CellServDB file, and the result was the same.
the client krb5.ini file contains
[libdefaults]
default_realm = FCT.UNL.PT
allow_weak_crypto = true
[realms]
FCT.UNL.PT = {
kdc = kdc1.fct.unl.pt:88
kdc = kdc2.fct.unl.pt:88
default_domain = fct.unl.pt
}
[domain_realms]
.fct.unl.pt = FCT.UNL.PT
Thanks for all your help,
Hugo Monteiro.
--
fct.unl.pt:~# cat .signature
Hugo Monteiro
Email : hugo.monteiro@fct.unl.pt
Telefone : +351 212948300 Ext.15307
Web : http://hmonteiro.net
Divisão de Informática
Faculdade de Ciências e Tecnologia da
Universidade Nova de Lisboa
Quinta da Torre 2829-516 Caparica Portugal
Telefone: +351 212948596 Fax: +351 212948548
www.fct.unl.pt apoio@fct.unl.pt
fct.unl.pt:~# _