[OpenAFS] ktc 7 error on Openafs 1.7.17 on Windows 6 2005 (64 bit)

Jeffrey Altman jaltman@your-file-system.com
Fri, 07 Sep 2012 12:47:18 -0400

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On 9/7/2012 11:11 AM, John Tang Boyland wrote:
> Dear OpenAFS community,
>    I have a new crop of students attempting to get OpenAFS working on
> their computers.  OpenAFS 1.7 is working better than OpenAFS 1.6=20
>   <digression>
>   except that the
>   need to edit krb5.conf to add "allow_weak_crypto =3D true" is annoyin=
>   Students (1) can't find the file and give up (ProgramData is "hidden"=
>   or (2) find it and edit it and find they can't save it, because they
>   don't know what it means to "edit as administrator".  So they save
>   as krb5.conf.txt, and then don't get a useful error message
>   back from NIM -- it simply tries "openafs.org" instead.
>   aklog gives more useful messages.
>   </digression>

Windows Installer provides support for MSI Transforms to permit
organizations to distribute installers that are pre-configured for
the needs of their environment.  Documentation on how to build
transforms for OpenAFS is included in the OpenAFS Release Notes CHM.
Talks on how to develop them have been given at AFS and Kerberos Best
Practice Workshops.

If "openafs.org" is the configured cell on the machine, that has nothing
to do with the configuration of "krb5.conf".  "krb5.conf" is
Kerberos configuration, not AFS configuration.

> but I was surprised to see someone still getting "ktc 7" error when
> using aklog.
> Network Identity Manager is able to get credentials and AFS tokens (alb=
> with a LONG delay).

But these tokens are not visible to "tokens.exe"?   What is wrong with
these tokens?

> kinit works fine.  aklog works until the
> very last step, when it gets unknown error (ktc 7).

What is the output of "aklog -d"?

> With the setup, we able to access \\afs\cs.uwm.edu\users\classes
> but not able to access the actual class, almost certainly
> because up to this point requires no tokens, but
> tokens are required to get into the class.
> It seems that OpenAFS is running and NIM/Kerberos are running fine,
> but it is not possible to get the tokens from NIM to openafs.
> I tried:
> 	net view \\afs
> and got the error
> 	'net' is not known as a command, batch file, ...

net.exe is a Windows provided tool located in c:\windows\system32.
If you cannot find net.exe, something is wrong with the PATH on the
system in question.

Jeffrey Altman

Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

Version: GnuPG v1.4.9 (MingW32)