[OpenAFS] Krb auth working but unable to acquire token on any
Mon, 23 Jan 2012 04:41:56 -0500
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
Content-Type: text/plain; charset=UTF-8
On 1/23/2012 12:57 AM, Thomas Smith wrote:
> I am getting the following errors when attempting to get a token from o=
ur AFS server:
> aklog: Couldn't get domain.tld AFS tickets:
> aklog: unknown RPC error (-1765328370) while getting AFS tickets
Kerberos v5 error -1765328370 =3D KDC has no support for encryption type
You need to turn on support for DES-CBC-CRC or DES-CBC-MD5.
> I get this exact error on all *NIX-based systems (Linux and Mac). My Wi=
ndows clients get a different error but with the same result--they are un=
able to acquire a token.
> aklog: Couldn't get domain.tld AFS tickets: KDC has no support for encr=
> Kerberos authentication is working fine on all clients--Windows, Linux =
> Everything that I've found so far regarding these errors points to a pr=
oblem with DES support on the KDC (Server 2008 R2), but I've confirmed wi=
th our admins that this is enabled. In fact, the server has been working =
for nearly a year without any problems, authenticating against the same W=
> The one thing that did change in the last day or two was that our admin=
s updated Windows on our GCs. Otherwise, I'm told that no configuration c=
hanges were made--just Windows Updates (which includes SP1).
They obviously updated the policy to disable support for DES.
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
-----END PGP SIGNATURE-----