On 7/25/2013 4:57 AM, Lars Schimmer wrote: > Hi! > > Maybe I am not the best reader, but if I do use a win AD as a krb5 auth > service and I did not change anything with my keyfiles and everything, > should OpenAFS 1.7.26 on Windows work as usual? > > As I tried on my system it did not work fine. > It did show a ticket/token, but it shows \\AFS\cgv.tugraz.at not > reachable at all. > > And it added a strange icon on that drive-icon... > > So, did I misread anything? > > MfG, > Lars Schimmer
Use Network Identity Manager or klist.exe (not the Windows version) to examine the contents of the credentials cache. In particular, look at the encryption types that are associated with the ticket. The Service EncType is the encryption type used to encrypt the private portion of the ticket which the service shares a key with the KDC. The Session EncType is the encryption type for the key which is distributed by the KDC to both the client and the service. If the session enctype is not DES-*-* then a DES-compatible key will be derived using rxkad-kdf. If the server and client do not agree on the key, there will be a failure. If the session enctype is not DES-*-* and you have not upgraded the server to know about rxkad-kdf, then the ticket will be rejected because the enctype is unknown. Jeffrey Altman
smime.p7s
Description: S/MIME Cryptographic Signature
