[OpenAFS] AFS client behind NAT

Tue, 15 Jan 2008 19:39:29 -0800 

Hi,
I'm new here and I hope you can help me.
I have 2 AFS Servers, already working for a while, they manage two different cells. We call them Server A and B 


These two servers are are in two different class-c nets and my  
university manages routing between them.
The computer of Server A is simultaniusly a router to a thrid subnet,  
which is a private net and has nothing to do with the other router.


I have one kerberos-Server based in the b-net. LDAP is there also.


My problem comes along while I was changing my homedirectory from one  
cell to the other.
In former times I had my homedir in the AFS directory of server B.  
Getting tickets and tokens was no problem. GSSAPI, that means  
passwordless ssh-logins through keytabs over kerberos worked fine


Now I changed my homedirectory to AFS-Server B.
Logins do work! But not SSH!

Login from C to A: works


Login from B to C: Could no chdir to home directory [...] Permission  
denied
klist says that I have a ticket, but aklog says: Incorrect net  
address while getting AFS tickets

-> I need to redo kinit and aklog to get access to my homedir


Login from C to C: Could no chdir to home directory [...] Permission  
denied

But different than before can I do aklog!
When I try to access my homedir: Connection timed out

Login from C to B: works

Login from B to C: works

I cannot login from B to A as there is no route

I'm not sure if it is a problem with pam or with kerberos


When Login from B to C there comes a error message in auth.log on  
kerberos-server:



Jan 14 08:15:05 server3 krb5kdc[1386]: TGS_REQ (1 etypes {1})  
129.217.160.210: PROCESS_TGS: authtime 0,  <unknown client> for afs/ 
e4.physik.uni-dortmund.d

[EMAIL PROTECTED], Incorrect net address

Jan 14 08:15:05 server3 krb5kdc[1386]: TGS_REQ (1 etypes {1})  
129.217.160.210: PROCESS_TGS: authtime 0,  <unknown client> for afs/ 
e4.physik.uni-dortmund.d

[EMAIL PROTECTED], Incorrect net address

Jan 14 08:15:05 server3 krb5kdc[1386]: TGS_REQ (1 etypes {1})  
129.217.160.210: PROCESS_TGS: authtime 0,  <unknown client> for afs/ 
[EMAIL PROTECTED]

UNI-DORTMUND.DE, Incorrect net address

Jan 14 08:15:05 server3 krb5kdc[1386]: TGS_REQ (1 etypes {1})  
129.217.160.210: PROCESS_TGS: authtime 0,  <unknown client> for afs/ 
[EMAIL PROTECTED]

UNI-DORTMUND.DE, Incorrect net address

but not when I login from C to C


If you have any idea, what to do so please let me know. I despair of it

Georg
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info






















					Reply via email to