On 10/14/2011 6:29 PM, Gémes Géza wrote: > Hi, > > In testing for our organizations migration from an > OpenLDAP/Heimdal/Samba3 based authentication infrastructure to a Samba4 > one, I've set up a domain. Created a user principal called afs (with > enctypes: des-cbc-crc and des-cbc-md5) and set up an SPN for it: > afs/cell@REALM (initially was trying with afs@REALM, but from the KDC > logs saw that client requested afs/cell@REALM so changed it). Exported > it to a keytab which was successfully built with asetkey into a KeyFile. > But when I try to do an aklog with a keytab as Administrator@REALM, it > gives: > aklog: Couldn't get "cell" AFS tickets: > aklog: unknown RPC error (-1765328324) while getting AFS tickets > In theory Samba4 (the KDC part being Heimdal) should obey to the setting > allow_weak_crypto=true from the [kdc] section of krb5.conf. (That > assumption I'm going to check with the samba-technical mailing list).
-1765328324 = Generic error (see e-text) You need to look at the error text returned in the Kerberos response from the KDC to determine what the actual error is. Or look in the KDC logs. Jeffrey Altman
signature.asc
Description: OpenPGP digital signature
