Hi, Our AD admins replaced our local DC. We were working great when the DC was Win2k3--since they replaced it with a Win2k8 DC, none of my OpenAFS servers are able to supply tokens. (Not sure if this is relevant... But the admin who did the upgrade had a number of issues and was unable to promote the box to a RW DC, he was only able to promote it to an RO DC.)
I am able to acquire a kerberos ticket on every machine (clients included). But when I run aklog from the file server: ----- AKLOG aklog -d domain.local -k DOMAIN.LOCAL Authenticating to cell domain.local (server server01.domain.local). We were told to authenticate to realm DOMAIN.LOCAL. Getting tickets: afs/[email protected] Getting tickets: afs/[email protected] Kerberos error code returned by get_cred : -1765328370 aklog: Couldn't get domain.local AFS tickets: aklog: unknown RPC error (-1765328370) while getting AFS tickets ----- END AKLOG When I run it from a Mac client: ----- AKLOG aklog -d domain.local -k DOMAIN.LOCAL Authenticating to cell domain.local (server server01.domain.local). We were told to authenticate to realm DOMAIN.LOCAL. Getting tickets: afs/[email protected] Getting tickets: afs/[email protected] Kerberos error code returned by get_cred : -1765328353 aklog: Couldn't get domain.local AFS tickets: aklog: Decrypt integrity check failed while getting AFS tickets ----- END AKLOG I'm not really sure where to go with this... Nothing has changed other than our local DC. Everything I've found regarding errors like this points to a kerberos problem, but I am able to get tickets just fine. _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
