[OpenAFS] Krb auth working but unable to acquire token on any clients
Sun, 22 Jan 2012 22:57:16 -0700
I am getting the following errors when attempting to get a token from =
our AFS server:
aklog: Couldn't get domain.tld AFS tickets:
aklog: unknown RPC error (-1765328370) while getting AFS tickets
I get this exact error on all *NIX-based systems (Linux and Mac). My =
Windows clients get a different error but with the same result--they are =
unable to acquire a token.
aklog: Couldn't get domain.tld AFS tickets: KDC has no support for =
Kerberos authentication is working fine on all clients--Windows, Linux =
Everything that I've found so far regarding these errors points to a =
problem with DES support on the KDC (Server 2008 R2), but I've confirmed =
with our admins that this is enabled. In fact, the server has been =
working for nearly a year without any problems, authenticating against =
the same Win2k8 servers.
The one thing that did change in the last day or two was that our admins =
updated Windows on our GCs. Otherwise, I'm told that no configuration =
changes were made--just Windows Updates (which includes SP1).
Can anyone offer any insight into this problem? I'm not really sure =
where to go from here.
Note that we are on OpenAFS 1.4.12 on the Linux boxes (server and =
clients), 1.5.9904 on our Windows clients (with some older versions of =
the 1.5.x series out there too), and 1.6.1 on our Mac clients.
PS: Our admins just sent me an error they discovered in the event logs =
that may be relevant:
"While processing a TGS request for the target server afs/domain.tld, =
the account email@example.com did not have a suitable key for generating a =
Kerberos ticket (the missing key has an ID of 8). The requested etypes =
were 1. The accounts available etypes were 23 -133 -128 18 17 3 =