If I tell aklog to go after RESOURCE.NET explicitly, I end up with the
same error that started this thread:
[root@afs1c afs]# aklog -d -c afs1.bedrock.iu.edu -k RESOURCE.NET
Authenticating to cell afs1.bedrock.iu.edu (server afs1.bedrock.iu.edu).
We were told to authenticate to realm RESOURCE.NET.
Getting tickets: afs/[email protected]
Getting tickets: afs/[email protected]
Kerberos error code returned by get_cred : -1765328228
aklog: Couldn't get afs1.bedrock.iu.edu AFS tickets:
aklog: unknown RPC error (-1765328228) while getting AFS tickets
This looks like AFS is trying to get the ticket from RESOURCE.NET, and
fails with
"-1765328228 KRB5_KDC_UNREACH Cannot contact any KDC for requested realm"
Now, RESOURCE.NET does not authenticate users, but it knows about the
service afs/afs1.bedrock.iu.edu, and the asetkey is derived from a
keytab for RESOURCE.NET.
Danko
Andrew Deason wrote:
On Tue, 19 Jul 2011 14:56:01 -0400
"Danko Antolovic" <[email protected]> wrote:
You are correct, there is no [email protected]; there is
[email protected], and there is also a local user dantolov with AFS ID
2. I did not see [email protected] as a member of
system:[email protected] at any time. Are you saying that the presence
of the local user is the problem?
No, but it's probably making this more confusing.
[root@afs1c afs]# aklog -d -c afs1.bedrock.iu.edu
Authenticating to cell afs1.bedrock.iu.edu (server afs1.bedrock.iu.edu).
Trying to authenticate to user's realm IU.EDU.
Getting tickets: afs/[email protected]
I thought your afs service principal was
afs/[email protected] ? This is making aklog think you
are not a foreign user, and so it's not trying the automatic
registration thing.
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
