Solved: [OpenAFS] OpenAFS 1.6.0 and Windows 2008R2 Active Directory enctype problem

Gémes Géza
Sun, 02 Oct 2011 12:44:24 +0200

> Hi,
> Our school currently uses a Samba3+OpenLDAP+Heimdal combo to hold the
> authentication+account databases.
> OpenAFS works problem-less with this setup (once I allowed weak crypto
> in Heimdal).
> Sooner or later we will need to upgrade to Samba4 (which uses an Active
> Directory like database (and Heimdal internally)).
> To test the effect of the upgrade on OpenAFS I've configured a Windows
> 2008R2 based Active Directory and a Debian (Squeeze) box (going to act
> as the OpenAFS pt- vl- and dafs- server for the testcell) I've followed
> in creating the
> KeyFile. Everything went file until I've tried to obtain afs tokens (I
> have successfully got krb5 tickets for krbtgt but not for afs) with both
> aklog and afslog (from Heimdal), they gives:
> aklog: Couldn't get AFS tickets:
> aklog: unknown RPC error (-1765328370) while getting AFS tickets
> and
> afslog: krb5_afslog(<default cell>): KDC has no support for encryption type
> I've tried to make the Windows2008R2 KDC accept the requested enctype
> with KdcUseRequestedEtypesForTickets as described in:
>;en-us;833708 but the
> enctype problem remains. :-(
> Thank you!
> Geza
> _______________________________________________
> OpenAFS-info mailing list

I've successfully solved the problem by applying the hotfix:
And following: