This is getting stranger and stranger -- Jeff, I finally got the name of another service to test.. below is a screen shot of what happened.
On Thu, Oct 23, 2008 at 7:11 PM, Jeffrey Altman < [EMAIL PROTECTED]> wrote: > David Bear wrote: > > KFW is version 3.2.2 -- resintalled today. > > Windows is XP Pro with SP2 > > credential cache is API: -- we do make use of windows logon credentials. > > I've stopped using kinit and only use NIM to get and destroy tickets. I > > do succesfully get tickets in asu.edu <http://asu.edu>, as the output > > of klist shows: > > Ticket cache: API:[EMAIL PROTECTED] <[EMAIL PROTECTED]> <mailto: > [EMAIL PROTECTED] <[EMAIL PROTECTED]>> > > Default principal: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > > > > Valid starting Expires Service principal > > 10/23/08 15:34:38 10/24/08 01:34:39 krbtgt/ASU.EDU > > <http://ASU.EDU>@ASU.EDU <http://ASU.EDU> > > renew until 10/30/08 15:30:56 > > > > but I'm not getting the [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > > credential.. ?? > > why? > > So, does this indicate the problem is with KfW instead of openafs? > > You have not received any service tickets. All you have is a TGT. > > Can you obtain service tickets for any service? > > kvno.exe <service-ticket-name> > > You could also turn on logging in NIM and examine the log. > > My guess is that assuming you have the AFS credential acquisition > properly configured for NIM that the clock on the machine is not > set correctly. Wrong time or wrong time zone. > > I check the date/time.. It syncing with the domain controls which sync the the kerb servers. It all works. I did the following in a cmd shell: C:\Documents and Settings\bvossoug>klist Ticket cache: API:[EMAIL PROTECTED] <[EMAIL PROTECTED]> Default principal: [EMAIL PROTECTED] Valid starting Expires Service principal 10/30/08 08:45:08 10/30/08 18:45:10 krbtgt/[EMAIL PROTECTED] renew until 11/06/08 08:44:55 C:\Documents and Settings\bvossoug>aklog pioctl temp != 0: 0x66543218 NOTE how AKLOG fails. Then, testing with kvno to get another service, works okay. C:\Documents and Settings\bvossoug>kvno host/[EMAIL PROTECTED] host/[EMAIL PROTECTED]: kvno = 4 NOW the thing thats weird is that AFTER i did the kvno, NIM suddenly updated itself and suddenly I had [EMAIL PROTECTED] service tickets. So I check using the tokens command C:\Documents and Settings\bvossoug>tokens Tokens held by the Cache Manager: User [EMAIL PROTECTED]'s tokens for [EMAIL PROTECTED] [Expires Oct 30 18:45] pioctl temp != 0: 0x66543218 --End of list ---- So, tokens finally says that the user as an AFS token, but still returns the pioctrol error. This is getting curiouser and curiouser... -- David Bear College of Public Programs at ASU 602-464-0424
