[OpenAFS] OT: NIM question
Wed, 20 Aug 2014 11:08:29 -0400 (EDT)
I'm trying to configure NIM correctly for OpenAFS on a Windows PC. The
kerberos flavor I'm attempting to use is Heimdal, per the recommendation on
Secure Endpoints' website.
I can get everything working well enough using user-specific settings,
however I'm trying to poke the registry so all users logging into that PC
have reasonable defaults.
I have what I think is a valid krb5.conf at
C:\ProgramData\Kerberos\krb5.conf. It seems to work fine for getting
tickets and tokens.
Under the NIM configuration settings (NIM > Kerberos v5) there's a place to
choose the Default Realm which also shows the location of the kerberos
- The Configuration file location shown in the window is
C:\Windows\KRB5.INI, which doesn't exist on this PC and doesn't seem
correct for Heimdal. MIT KfW has never been installed on this PC, so I'm
confused by this.
- The Default Realm entry is blank. When I click the down-arrow to choose
a configured realm, I see no realms (just ~3 blank lines).
- NIM will allow me to type my realm into the Default Realm box. When I do
and click Apply, I get the following error:
The Kerberos v5 profile file could not be written
The file <gibberish> could not be opened as a profile file for
Click here for more...
"<gibberish>" above is a short string of non-ascii characters. They appear
Chinese or Korean, but I cannot positively identify them.
I've tried running NIM as admin, giving everyone full perms on
C:\ProgramData\Kerberos\krb5.conf, and creating C:\Windows\KRB5.INI (both
empty and proper krb5.conf format). None of those seemed to affect the
behavior at all.
I've seen this now on two different PCs, both with the following configs
Windows 7 64-bit, up-to-date patches
Member of an AD domain
OpenAFS 1.7.31 (64-bit)
Heimdal 18.104.22.168 (64-bit)
netidmgr 22.214.171.1247 (64-bit)
OpenAFS 32-bit tools
Can anyone provide additional insight? I can provide a screenshot of the
gibberish or other diagnostic info if it might be helpful.