Re: [OpenAFS] Integrated Windows Logon

Tue, 10 May 2011 04:57:11 -0700 

On 05/09/2011 08:04 PM, Jeffrey Altman wrote:

On 5/9/2011 2:50 PM, Hugo Monteiro wrote:


The bad news is that even after i change that, i only get tokens for the
first cell at logon time. The good news is that right now i am able to
get the missing tokens by issuing aklog in the windows domain logon
script, which apparently runs only after the afs client has gotten the
tokens for the first cell. The problem is still there, but at least i
managed to go around it. A permanent fix would be nice though...

http://gerrit.openafs.org/#change,4633




Hi Jeffrey,
I've just tried 1.5.7600, from git, and it still didn't work. The kdc log shows the following: 




--- snip ---
2011-05-10T12:45:47 AS-REQ [email protected] from IPv4:10.130.32.38 for krbtgt/[email protected] 2011-05-10T12:45:47 No preauth found, returning PREAUTH-REQUIRED -- [email protected] 
2011-05-10T12:45:47 sending 257 bytes to IPv4:10.130.32.38
2011-05-10T12:45:48 AS-REQ [email protected] from IPv4:10.130.32.38 for krbtgt/[email protected] 
2011-05-10T12:45:48 Client sent patypes: encrypted-timestamp
2011-05-10T12:45:48 Looking for PKINIT pa-data -- [email protected]
2011-05-10T12:45:48 Looking for ENC-TS pa-data -- [email protected]
2011-05-10T12:45:48 ENC-TS Pre-authentication succeeded -- [email protected] using aes256-cts-hmac-sha1-96 2011-05-10T12:45:48 AS-REQ authtime: 2011-05-10T12:45:48 starttime: unset endtime: 2011-05-10T22:45:48 renew till: 2011-05-17T12:45:48 2011-05-10T12:45:48 Client supported enctypes: aes256-cts-hmac-sha1-96, aes128-cts-hmac-sha1-96, des3-cbc-sha1, arcfour-hmac-md5, des-cbc-crc, des-cbc-md5, des-cbc-md4, using aes256-cts-hmac-sha1-96/aes256-cts-hmac-sha1-96 
2011-05-10T12:45:48 Requested flags: renewable, forwardable
2011-05-10T12:45:48 sending 672 bytes to IPv4:10.130.32.38
2011-05-10T12:45:48 AS-REQ [email protected] from IPv4:10.130.32.38 for krbtgt/[email protected] 2011-05-10T12:45:48 No preauth found, returning PREAUTH-REQUIRED -- [email protected] 
2011-05-10T12:45:48 sending 257 bytes to IPv4:10.130.32.38
2011-05-10T12:45:48 AS-REQ [email protected] from IPv4:10.130.32.38 for krbtgt/[email protected] 
2011-05-10T12:45:48 Client sent patypes: encrypted-timestamp
2011-05-10T12:45:48 Looking for PKINIT pa-data -- [email protected]
2011-05-10T12:45:48 Looking for ENC-TS pa-data -- [email protected]
2011-05-10T12:45:48 ENC-TS Pre-authentication succeeded -- [email protected] using aes256-cts-hmac-sha1-96 2011-05-10T12:45:48 AS-REQ authtime: 2011-05-10T12:45:48 starttime: unset endtime: 2011-05-11T12:45:49 renew till: 2011-05-11T12:45:49 2011-05-10T12:45:48 Client supported enctypes: aes256-cts-hmac-sha1-96, aes128-cts-hmac-sha1-96, des3-cbc-sha1, arcfour-hmac-md5, des-cbc-crc, des-cbc-md5, des-cbc-md4, using aes256-cts-hmac-sha1-96/aes256-cts-hmac-sha1-96 
2011-05-10T12:45:48 Requested flags: renewable
2011-05-10T12:45:48 sending 672 bytes to IPv4:10.130.32.38
2011-05-10T12:45:49 TGS-REQ [email protected] from IPv4:10.130.32.38 for afs/[email protected] [canonicalize, renewable] 2011-05-10T12:45:49 TGS-REQ authtime: 2011-05-10T12:45:48 starttime: 2011-05-10T12:45:49 endtime: 2011-05-11T12:45:49 renew till: unset 
2011-05-10T12:45:49 sending 570 bytes to IPv4:10.130.32.38
2011-05-10T12:45:50 AS-REQ [email protected] from IPv4:10.130.32.38 for krbtgt/[email protected] 2011-05-10T12:45:50 No preauth found, returning PREAUTH-REQUIRED -- [email protected] 
2011-05-10T12:45:50 sending 257 bytes to IPv4:10.130.32.38
2011-05-10T12:45:51 AS-REQ [email protected] from IPv4:10.130.32.38 for krbtgt/[email protected] 
2011-05-10T12:45:51 Client sent patypes: encrypted-timestamp
2011-05-10T12:45:51 Looking for PKINIT pa-data -- [email protected]
2011-05-10T12:45:51 Looking for ENC-TS pa-data -- [email protected]
2011-05-10T12:45:51 ENC-TS Pre-authentication succeeded -- [email protected] using aes256-cts-hmac-sha1-96 2011-05-10T12:45:51 AS-REQ authtime: 2011-05-10T12:45:51 starttime: unset endtime: 2011-05-11T12:45:51 renew till: 2011-05-11T12:45:51 2011-05-10T12:45:51 Client supported enctypes: aes256-cts-hmac-sha1-96, aes128-cts-hmac-sha1-96, des3-cbc-sha1, arcfour-hmac-md5, des-cbc-crc, des-cbc-md5, des-cbc-md4, using aes256-cts-hmac-sha1-96/aes256-cts-hmac-sha1-96 
2011-05-10T12:45:51 Requested flags: renewable
2011-05-10T12:45:51 sending 672 bytes to IPv4:10.130.32.38
2011-05-10T12:45:51 TGS-REQ [email protected] from IPv4:10.130.32.38 for krbtgt/[email protected] [renewable] 2011-05-10T12:45:51 Server not found in database: krbtgt/[email protected]: no such entry found in hdb 
2011-05-10T12:45:51 Failed building TGS-REP to IPv4:10.130.32.38
2011-05-10T12:45:51 sending 105 bytes to IPv4:10.130.32.38
2011-05-10T12:45:51 TGS-REQ [email protected] from IPv4:10.130.32.38 for krbtgt/[email protected] [renewable] 2011-05-10T12:45:51 Server not found in database: krbtgt/[email protected]: no such entry found in hdb 
2011-05-10T12:45:51 Failed building TGS-REP to IPv4:10.130.32.38
2011-05-10T12:45:51 sending 107 bytes to IPv4:10.130.32.38
2011-05-10T12:45:57 TGS-REQ [email protected] from IPv4:10.130.32.38 for krbtgt/[email protected] [renew, canonicalize, renewable, forwardable] 2011-05-10T12:45:57 TGS-REQ authtime: 2011-05-10T12:45:48 starttime: 2011-05-10T12:45:57 endtime: 2011-05-10T22:45:57 renew till: 2011-05-17T12:45:48 
2011-05-10T12:45:57 sending 680 bytes to IPv4:10.130.32.38
2011-05-10T12:45:58 TGS-REQ [email protected] from IPv4:10.130.32.38 for krbtgt/[email protected] [canonicalize, renewable, forwardable] 2011-05-10T12:45:58 Server (krbtgt/[email protected]) has no support for etypes 
2011-05-10T12:45:58 Failed building TGS-REP to IPv4:10.130.32.38
2011-05-10T12:45:58 sending 107 bytes to IPv4:10.130.32.38
2011-05-10T12:45:58 TGS-REQ [email protected] from IPv4:10.130.32.38 for krbtgt/[email protected] [renewable, forwardable] 2011-05-10T12:45:58 Server (krbtgt/[email protected]) has no support for etypes 
2011-05-10T12:45:58 Failed building TGS-REP to IPv4:10.130.32.38
2011-05-10T12:45:58 sending 107 bytes to IPv4:10.130.32.38
2011-05-10T12:45:58 TGS-REQ [email protected] from IPv4:10.130.32.38 for afs/[email protected] [canonicalize, renewable, forwardable] 2011-05-10T12:45:59 TGS-REQ authtime: 2011-05-10T12:45:48 starttime: 2011-05-10T12:45:58 endtime: 2011-05-10T22:45:57 renew till: 2011-05-17T12:45:48 
2011-05-10T12:45:59 sending 605 bytes to IPv4:10.130.32.38

--- snip ---
Has you can see, there are several requests for krbtgt/[email protected], which doesn't exist. But the bad part is that i don't see a single request for afs/[email protected]. It seems as, in the end, it starts repeating the queries for fct.unl.pt cell, instead of trying the second cell staff.fct.unl.pt. 

If i'm dead wrong, just tell me to shut up :)

Please advise.


Regards,

Hugo Monteiro.

--
fct.unl.pt:~# cat .signature

Hugo Monteiro
Email    : [email protected]
Telefone : +351 212948300 Ext.15307
Web      : http://hmonteiro.net

Divisão de Informática
Faculdade de Ciências e Tecnologia da
                   Universidade Nova de Lisboa
Quinta da Torre   2829-516 Caparica   Portugal
Telefone: +351 212948596   Fax: +351 212948548
www.fct.unl.pt                [email protected]

fct.unl.pt:~# _

_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info

Reply via email to