Hi,
I hope you can help me:
We have an AFS cell and a kerberos server with public IPs. Cluster
worker nodes are located in a private subnet. It is possible to do
passwordless login from one PC (SL3) to another, as long these are
not located in the private subnet.
But If I try to login from one PC with 2 interfaces, one in the
public ip range and one in the private one, to a worker node (SL4) in
the private subnet, one gets:
Could not chdir to home directory [...] Permission denied
#klist
Default principal: [EMAIL PROTECTED]
Valid starting Expires Service principal
01/14/08 19:27:36 01/15/08 14:17:40 krbtgt/[EMAIL PROTECTED]
Kerberos 4 ticket cache: /tmp/tktXXXX
Principal: me@ REALM
Issued Expires Principal
01/14/08 17:35:22 01/15/08 19:01:43 [EMAIL PROTECTED]
#aklog
aklog: Couldn't get e4.physik.uni-dortmund.de AFS tickets:
aklog: Incorrect net address while getting AFS tickets
From pam_krb5 we get:
Jan 14 18:58:17 XXXXX sshd[10573]: pam_krb5[10573]: got error -1
(Unknown code
____ 255) while obtaining tokens for afs.cell
Kerberos-auth-log:
Jan 14 11:08:27 kerberos krb5kdc[1386]: TGS_REQ (1 etypes {1})
129.217.160.210: PROCESS_TGS: authtime 0, <unknown client> for afs/
[EMAIL PROTECTED], Incorrect net address
/etc/krb5.conf of a worker node located in the private subnet:
[libdefaults]
default_realm = REALM
ticket_lifetime = 25h
renew_lifetime = 120h
forwardable = true
proxiable = true
noaddresses = true
[realms]
REALM = {
kdc = kerberos.realm
kpasswd_server = kerberos. realm
admin_server = kerberos. realm
}
[domain_realm]
. realm = REALM
realm = REALM
[appdefaults]
; options for Red Hat pam_krb5-2
pam = {
debug = true
external = true
ticket_lifetime = 25h
afs_cells = afs.cell
}
If you have any idea please let me know.
Thanks in advance,
Moritz
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
