[OpenAFS] ktc 7 error on Openafs 1.7.17 on Windows 6 2005 (64 bit)

Jeffrey Altman jaltman@your-file-system.com
Fri, 07 Sep 2012 12:47:18 -0400


This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig6267200ABB49ED88D1979421
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On 9/7/2012 11:11 AM, John Tang Boyland wrote:
> Dear OpenAFS community,
>    I have a new crop of students attempting to get OpenAFS working on
> their computers.  OpenAFS 1.7 is working better than OpenAFS 1.6=20
>   <digression>
>   except that the
>   need to edit krb5.conf to add "allow_weak_crypto =3D true" is annoyin=
g.
>   Students (1) can't find the file and give up (ProgramData is "hidden"=
),
>   or (2) find it and edit it and find they can't save it, because they
>   don't know what it means to "edit as administrator".  So they save
>   as krb5.conf.txt, and then don't get a useful error message
>   back from NIM -- it simply tries "openafs.org" instead.
>   aklog gives more useful messages.
>   </digression>

Windows Installer provides support for MSI Transforms to permit
organizations to distribute installers that are pre-configured for
the needs of their environment.  Documentation on how to build
transforms for OpenAFS is included in the OpenAFS Release Notes CHM.
Talks on how to develop them have been given at AFS and Kerberos Best
Practice Workshops.

If "openafs.org" is the configured cell on the machine, that has nothing
to do with the configuration of "krb5.conf".  "krb5.conf" is
Kerberos configuration, not AFS configuration.

> but I was surprised to see someone still getting "ktc 7" error when
> using aklog.
>=20
> Network Identity Manager is able to get credentials and AFS tokens (alb=
eit
> with a LONG delay).

But these tokens are not visible to "tokens.exe"?   What is wrong with
these tokens?

> kinit works fine.  aklog works until the
> very last step, when it gets unknown error (ktc 7).

What is the output of "aklog -d"?

> With the setup, we able to access \\afs\cs.uwm.edu\users\classes
> but not able to access the actual class, almost certainly
> because up to this point requires no tokens, but
> tokens are required to get into the class.
>=20
> It seems that OpenAFS is running and NIM/Kerberos are running fine,
> but it is not possible to get the tokens from NIM to openafs.
>=20
> I tried:
> 	net view \\afs
> and got the error
> 	'net' is not known as a command, batch file, ...

net.exe is a Windows provided tool located in c:\windows\system32.
If you cannot find net.exe, something is wrong with the PATH on the
system in question.

Jeffrey Altman




--------------enig6267200ABB49ED88D1979421
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)

iQEcBAEBAgAGBQJQSiUbAAoJENxm1CNJffh4CTkIAJRE0GVVH7wA1qywdwsJZXA0
kxTKQ3neFCEQLp2Z8yDcrH25ja8nYuArAcNKG2SIc+v80LZzTf2ouwL2Zas0FXsr
SvAngbU05s7szQf8485uf95OXdqcKKSDULwfrLS5W910ihx/1/hCNkm2TBAoup7/
ODyOZEK4+y/1sbICvBCiI+HV22VeeyY61b4VroSeLnHVSnW+yn3p79IxAwTge7JQ
KrFBhp590/GReJ/Vvgj0aJf6pA/7E/yk2u76N37uGzdi1Fs52/EPiA6BMyvca5CM
M/gKqqIUYh1j1XuUGusN8ADyvqMJA8EJtoUJ7FdLu+tA2CdaxSbjMGnbXOjrzcA=
=WtwG
-----END PGP SIGNATURE-----

--------------enig6267200ABB49ED88D1979421--