[OpenAFS] Windows XP problems getting an AFS token when logged into a Kerberos
Realm
James Durand
JDDURAND@asu.edu
Tue, 23 Nov 2004 15:01:58 -0700
Hello,
I have OpenAFS 1.3.74 installed on a Windows XP system. I have done the =
following to set it up so that I can log it in using our ASU.EDU MIT =
Kerberos Realm.
1. I created user accounts on the AD domain server that matched the AFS =
and KDC account principal names.
2. I setup trust between the AD domain and the MIT kerberos realm.
3. I ran ksetup on the client machine pointing it to our KDC's
4. I set the Kerberos "Name Mapping" in the AD domain to matching the =
<username>@ASU.EDU where <username> matches the username in the AD =
domain....
Using this setup and logging into the machine under the AD domain I am =
able to get an AFS token using either kinit/aklog or getting a token =
directly using the AFS authentication in the systray.
When I login to the machine using the ASU.EDU (Kerberos) domain I am not =
able to get a token any way that I try.
The error that comes back using either kinit/aklog or the AFS Client =
Authentication is as follows:
AFS Client: The AFS Client was unable to obtain tokens as <username> =
in cell asu.edu
ERROR: 118627916 (Uknown Code KTC7)
Aklog -d : Unable to obtain tokens for cell asu.edu (Status: =
11862791).
What could be causing this. We want to implement SSO using our MIT =
Kerberos server and get AFS tokens at the same time in an Open AFS =
integrated login but are getting stuck at this point.
Thanks for your help...