You will most likely have to add service principals to your KDC for the
-AFS extended host names if you want to avoid the error messages. Remember that all of the principals for a given host have to use the same password.
Jeffrey Altman
Jason C. Wells wrote:
The OpenAFS client for windows uses an additional netbios name such that the hostname of the computer is appended with -AFS. Windows incessantly attempts TGS_REQs for this netbios name. My hostname is w13. For example:
Nov 28 13:46:40 s2.stradamotorsports.com krb5kdc[56463](info): TGS_REQ (7 etypes {23 -133 -128 3 1 24 -135}) 192.168.1.13: UNKNOWN_SERVER: authtime 1070053633, [EMAIL PROTECTED] for HOST/[EMAIL PROTECTED], Server not fo und in Kerberos database
I do not have a host that is actually named w13-afs on my network so I do not have a host/w13-afs principal in my kerberos database.
Except for spamming this heck out of my logs, windows authenticating to my MIT KDC works fine.
I would prefer to not have to add a phoney host principle just to suppress windows goofy behavior.
Does anybody know how to get windows to stop making requests for this extra netbios name?
Thanks, Jason C. Wells
________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
