On 05/06/2011 07:12 PM, Hugo Monteiro wrote:
On 05/06/2011 07:00 PM, Hugo Monteiro wrote:
On 05/06/2011 06:51 PM, Jeffrey Altman wrote:
On 5/6/2011 1:46 PM, Hugo Monteiro wrote:
I have just tried with 1.6.0pre5 and it's still not working. :(
Tokens for the first (default) cell arrive but it's failing again for
the second cell defined at TheseCells.
Error now is
KFW_AFS_get_cred uname=[[email protected]] smbname=[staff\user]
cell=[staff.fct.unl.pt] code=[-1765328377]
Is it me that am overlooking anything?
The error is KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN. In other words, the KDC
has reported that the service principal for
afs/staff.fct.unl.pt@<REALM>
is not a recognized principal.
Jeffrey Altman
Hi Jeffrey,
The problem is that afs/[email protected] is in fact a
recognized principal.
similarly, in a linux machine, in which i'm using the TheseCells
parameter:
user@DIVINF-PC15:~$ kinit user
[email protected]'s Password:
user@DIVINF-PC15:~$ afslog
user@DIVINF-PC15:~$ klist
Credentials cache: FILE:/tmp/krb5cc_1000
Principal: [email protected]
Issued Expires Principal
May 6 18:56:26 May 7 04:56:25 krbtgt/[email protected]
May 6 18:56:26 May 7 04:56:25 afs/[email protected]
May 6 18:56:26 May 7 04:56:25 afs/[email protected]
user@DIVINF-PC15:~$ tokens
Tokens held by the Cache Manager:
User's (AFS ID 1000) tokens for [email protected] [Expires May 7
04:59]
User's (AFS ID 1000) tokens for [email protected] [Expires May 7 04:59]
--End of list--
... and thanks for the swift reply.
Regards,
Hugo Monteiro.
Hello again,
I've looked into the kdc's log and i found something interesting.
Apparently, and although i've set the realm FCT.UNL.PT to be used with
the second cell staff.fct.unl.pt, it's trying to get the principal
krbtgt/[email protected] which in fact does not exist.
Shouldn't it only be using the principal krbtgt/[email protected]
(there's only one REALM after all) instead of trying them both?
Regards,
Hugo Monteiro.
Me, again,
I should also mention that i have set the following keys
[HKEY_LOCAL_MACHINE\SOFTWARE\OpenAFS\Client\Realms]
[HKEY_LOCAL_MACHINE\SOFTWARE\OpenAFS\Client\Realms\FCT.UNL.PT]
[HKEY_LOCAL_MACHINE\SOFTWARE\OpenAFS\Client\Realms\FCT.UNL.PT\fct.unl.pt]
"MethodName"="Kerberos5"
"Realm"="FCT.UNL.PT"
[HKEY_LOCAL_MACHINE\SOFTWARE\OpenAFS\Client\Realms\FCT.UNL.PT\staff.fct.unl.pt]
"MethodName"="Kerberos5"
"Realm"="FCT.UNL.PT"
That said, i would expect that only realm FCT.UNL.PT (and it's
principals) would be queried.
Please advise.
Regards,
Hugo Monteiro.
--
fct.unl.pt:~# cat .signature
Hugo Monteiro
Email : [email protected]
Telefone : +351 212948300 Ext.15307
Web : http://hmonteiro.net
Divisão de Informática
Faculdade de Ciências e Tecnologia da
Universidade Nova de Lisboa
Quinta da Torre 2829-516 Caparica Portugal
Telefone: +351 212948596 Fax: +351 212948548
www.fct.unl.pt [email protected]
fct.unl.pt:~# _
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
