[OpenAFS] ktc 7 error on Openafs 1.7.17 on Windows 6 2005 (64 bit)
John Tang Boyland
Fri, 07 Sep 2012 13:06:55 -0500
On Fri, 07 Sep 2012 12:47:18 EDT, email@example.com wrote:
] On 9/7/2012 11:11 AM, John Tang Boyland wrote:
] > Dear OpenAFS community,
] > I have a new crop of students attempting to get OpenAFS working on
] > their computers. OpenAFS 1.7 is working better than OpenAFS 1.6=20
] > <digression>
] > except that the
] > need to edit krb5.conf to add "allow_weak_crypto =3D true" is annoyin=
] > Students (1) can't find the file and give up (ProgramData is "hidden"=
] > or (2) find it and edit it and find they can't save it, because they
] > don't know what it means to "edit as administrator". So they save
] > as krb5.conf.txt, and then don't get a useful error message
] > back from NIM -- it simply tries "openafs.org" instead.
] > aklog gives more useful messages.
] > </digression>
] Windows Installer provides support for MSI Transforms to permit
] organizations to distribute installers that are pre-configured for
] the needs of their environment. Documentation on how to build
] transforms for OpenAFS is included in the OpenAFS Release Notes CHM.
] Talks on how to develop them have been given at AFS and Kerberos Best
] Practice Workshops.
OK. I may be able to find someone who can do this. Thanks.
] If "openafs.org" is the configured cell on the machine, that has nothing
] to do with the configuration of "krb5.conf". "krb5.conf" is
] Kerberos configuration, not AFS configuration.
Yes. I agree. It's NIM that falls back to openafs.org, it seems
(even if openafs was installed with cell cs.uwm.edu).
(I'm not completely sure, perhaps students are misinstalling openafs too.)
] > but I was surprised to see someone still getting "ktc 7" error when
] > using aklog.
] > Network Identity Manager is able to get credentials and AFS tokens (alb=
] > with a LONG delay).
] But these tokens are not visible to "tokens.exe"? What is wrong with
] these tokens?
Tokens held by the Cache Manager
AFS Device may not have been started.
My guess is (since AFS is accessible without tokens, i.e. with
system:anyuser) that the cache manager is running but it cannot be
] > kinit works fine. aklog works until the
] > very last step, when it gets unknown error (ktc 7).
] What is the output of "aklog -d"?
> aklog -d -c cs.uwm.edu
Authenticating to cell cs.uwm.edu.
Getting v5 tickets: afs/cs.uwm.edu@CS.UWM.EDU
About to resolve name xxxx@CS.UWM.EDU to id
Set username to xxxx@CS.UWM.EDU
aklog: Unknown code ktc 7 (11862791) while obtaining tokens for cell cs.uwm.edu
] > With the setup, we able to access \\afs\cs.uwm.edu\users\classes
] > but not able to access the actual class, almost certainly
] > because up to this point requires no tokens, but
] > tokens are required to get into the class.
] > It seems that OpenAFS is running and NIM/Kerberos are running fine,
] > but it is not possible to get the tokens from NIM to openafs.
] > I tried:
] > net view \\afs
] > and got the error
] > 'net' is not known as a command, batch file, ...
] net.exe is a Windows provided tool located in c:\windows\system32.
] If you cannot find net.exe, something is wrong with the PATH on the
] system in question.
Yes, something (unrelated NIM/KfW/AFS) seems to be wrong with the