Solved: [OpenAFS] OpenAFS 1.6.0 and Windows 2008R2 Active Directory
Sun, 02 Oct 2011 12:44:24 +0200
> Our school currently uses a Samba3+OpenLDAP+Heimdal combo to hold the
> authentication+account databases.
> OpenAFS works problem-less with this setup (once I allowed weak crypto
> in Heimdal).
> Sooner or later we will need to upgrade to Samba4 (which uses an Active
> Directory like database (and Heimdal internally)).
> To test the effect of the upgrade on OpenAFS I've configured a Windows
> 2008R2 based Active Directory and a Debian (Squeeze) box (going to act
> as the OpenAFS pt- vl- and dafs- server for the testcell) I've followed
> http://workshop.openafs.org/afsbpw06/talks/shadow-AD.pdf in creating the
> KeyFile. Everything went file until I've tried to obtain afs tokens (I
> have successfully got krb5 tickets for krbtgt but not for afs) with both
> aklog and afslog (from Heimdal), they gives:
> aklog: Couldn't get kzs.ad AFS tickets:
> aklog: unknown RPC error (-1765328370) while getting AFS tickets
> afslog: krb5_afslog(<default cell>): KDC has no support for encryption type
> I've tried to make the Windows2008R2 KDC accept the requested enctype
> with KdcUseRequestedEtypesForTickets as described in:
> http://support.microsoft.com/default.aspx?scid=kb;en-us;833708 but the
> enctype problem remains. :-(
> Thank you!
> OpenAFS-info mailing list
I've successfully solved the problem by applying the hotfix: