> Hi, > > Our school currently uses a Samba3+OpenLDAP+Heimdal combo to hold the > authentication+account databases. > OpenAFS works problem-less with this setup (once I allowed weak crypto > in Heimdal). > Sooner or later we will need to upgrade to Samba4 (which uses an Active > Directory like database (and Heimdal internally)). > To test the effect of the upgrade on OpenAFS I've configured a Windows > 2008R2 based Active Directory and a Debian (Squeeze) box (going to act > as the OpenAFS pt- vl- and dafs- server for the testcell) I've followed > http://workshop.openafs.org/afsbpw06/talks/shadow-AD.pdf in creating the > KeyFile. Everything went file until I've tried to obtain afs tokens (I > have successfully got krb5 tickets for krbtgt but not for afs) with both > aklog and afslog (from Heimdal), they gives: > > aklog: Couldn't get kzs.ad AFS tickets: > aklog: unknown RPC error (-1765328370) while getting AFS tickets > > and > > afslog: krb5_afslog(<default cell>): KDC has no support for encryption type > > I've tried to make the Windows2008R2 KDC accept the requested enctype > with KdcUseRequestedEtypesForTickets as described in: > http://support.microsoft.com/default.aspx?scid=kb;en-us;833708 but the > enctype problem remains. :-( > > Thank you! > > Geza > _______________________________________________ > OpenAFS-info mailing list > [email protected] > https://lists.openafs.org/mailman/listinfo/openafs-info Hi,
I've successfully solved the problem by applying the hotfix: http://support.microsoft.com/kb/978055 And following: http://social.technet.microsoft.com/Forums/en-US/winserversecurity/thread/18419b87-8ed1-4139-80b8-0c8e09456a31/ Cheers Geza _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
