[OpenAFS] Samba4 KDC afs service principal?
Sat, 15 Oct 2011 01:50:31 -0400
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
Content-Type: text/plain; charset=UTF-8
On 10/14/2011 6:29 PM, G=C3=A9mes G=C3=A9za wrote:
> In testing for our organizations migration from an
> OpenLDAP/Heimdal/Samba3 based authentication infrastructure to a Samba4=
> one, I've set up a domain. Created a user principal called afs (with
> enctypes: des-cbc-crc and des-cbc-md5) and set up an SPN for it:
> afs/cell@REALM (initially was trying with afs@REALM, but from the KDC
> logs saw that client requested afs/cell@REALM so changed it). Exported
> it to a keytab which was successfully built with asetkey into a KeyFile=
> But when I try to do an aklog with a keytab as Administrator@REALM, it
> aklog: Couldn't get "cell" AFS tickets:
> aklog: unknown RPC error (-1765328324) while getting AFS tickets
> In theory Samba4 (the KDC part being Heimdal) should obey to the settin=
> allow_weak_crypto=3Dtrue from the [kdc] section of krb5.conf. (That
> assumption I'm going to check with the samba-technical mailing list).
-1765328324 =3D Generic error (see e-text)
You need to look at the error text returned in the Kerberos response
from the KDC to determine what the actual error is. Or look in the KDC
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
-----END PGP SIGNATURE-----