Hi, In testing for our organizations migration from an OpenLDAP/Heimdal/Samba3 based authentication infrastructure to a Samba4 one, I've set up a domain. Created a user principal called afs (with enctypes: des-cbc-crc and des-cbc-md5) and set up an SPN for it: afs/cell@REALM (initially was trying with afs@REALM, but from the KDC logs saw that client requested afs/cell@REALM so changed it). Exported it to a keytab which was successfully built with asetkey into a KeyFile. But when I try to do an aklog with a keytab as Administrator@REALM, it gives: aklog: Couldn't get "cell" AFS tickets: aklog: unknown RPC error (-1765328324) while getting AFS tickets In theory Samba4 (the KDC part being Heimdal) should obey to the setting allow_weak_crypto=true from the [kdc] section of krb5.conf. (That assumption I'm going to check with the samba-technical mailing list).
Thanks for any idea! Cheers Geza _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
