On Fri, 28 Nov 2003, Jeffrey Altman wrote: > Based upon the etypes list, this is a request coming from Windows > itself. My guess is that since you are logged into the machine via the > Kerberos LSA, Windows is trying to authenticate the access to the SMB > name published by OpenAFS with Kerberos. > > You will most likely have to add service principals to your KDC for the > -AFS extended host names if you want to avoid the error messages. > Remember that all of the principals for a given host have to use the > same password.
That's what I had concluded after all. I had hoped someone would be able to point me to a cool registry hack that fixed windows icky behavior. I tried monkeying around with the "Running AFS on Loopback" that I read about in the AFS Wiki. I later read your comments on disabling loopback hack. Knowing that a future release will not support the loopback hack, I decided against continuing it's use. The nice thing about it was that W13-AFS didn't appear in the NBTSTAT -n output for the "real" network interface. For a while, the windows kerberos madness stopped. (I went through a bazillion iterations today, so I may not be remembering correctly.) But I do have a functioning single sign on network now. Only MIT Kerberos 5 does my authentication now and everything I run uses it. w00t! Later, Jason ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
