[OpenAFS] Re: OpenAFS 1.6.0 with Microsoft Active Directory 2008 - Questions about DES

Andrew Deason adeason@sinenomine.net
Tue, 10 Jan 2012 10:02:39 -0500

On Mon, 09 Jan 2012 17:13:57 -0500
Jeff White <jaw171@pitt.edu> wrote:

> Other possibly useful pieces of information:
> sAMAccountName: afs
> userPrincipalName: afs/pitt.edu@PITT.EDU

Just one more possible guess: are you sure you're talking to the
right kdc? I would expect the windows event log will log something when
a failure occurs when you do things like:

> > [root@afs-dev-03 ~]# kinit afs/pitt.edu@PITT.EDU
> > kinit: Client not found in Kerberos database while getting initial
> > credentials

And maybe the log event would give more useful information. I don't
really expect it to, but you never know. A more accurate test may be to
try 'kinit -k -t afs.keytab afs/pitt.edu@PITT.EDU' or
'kvno afs/pitt.edu@PITT.EDU' (after you've "kinit"d with a normal
princ), but of course the error you've already given is an issue.

Andrew Deason