Win logon to a MIT Kerberos V KDC

Dietrich Schroff d.schroff at web.de
Thu May 8 02:53:02 EDT 2003


Hi,

I read the short Howto for installing and integrating Kerberos to
Windows on this mailing-list (http://mailman.mit.edu/pipermail/kerberos/2002-October/001857.html). 
Here my setup:

Debian Woody MIT Kerberos
W2k Professional
SP3

I executed the same ksetup commands and the kadmin command:
kadmin.local -e des-cbc-crc:normal -q "ank -pw password
host/ruhp3.physik.uni-freiburg.de"

Up to step 3 everything is okay. I can login in with a kerberos user.
But when i try to install Openafs, i can only use it as local user. The
kerberos user get the following message, when trying to get a token:

Error 11862791 (afs service may not have started)

But it is started. On the web i found that this is due to a cache
error...

The krb5kdc.log at the MIT Kerberos-Server showed the following entries:
for a local user:
May 07 21:59:22 hepafs krb5kdc[181](info): PROCESS_V4:Initial ticket request Host: 132.230.77.3 User: "schroff" ""
May 07 21:59:22 hepafs krb5kdc[181](info): PROCESS_V4:INITIAL request from schroff. for afs.

for a mapped user:
May 07 22:02:16 hepafs krb5kdc[181](info): TGS_REQ (7 etypes {23 -133 -128 3 1 24 -135}) 132.230.77.3(88): UNKNOWN_SERVER: authtime 1052337735,  schroff at PHYSIK.UNI-FREIBURG.DE for HOST/RUHP3-AFS at PHYSIK.UNI-FREIBURG.DE, Server not found in Kerberos database
May 07 22:02:16 hepafs krb5kdc[181](info): TGS_REQ (7 etypes {23 -133 -128 3 1 24 -135}) 132.230.77.3(88): UNKNOWN_SERVER: authtime 1052337735,  schroff at PHYSIK.UNI-FREIBURG.DE for HOST/RUHP3-AFS at PHYSIK.UNI-FREIBURG.DE, Server not found in Kerberos database
May 07 22:02:16 hepafs krb5kdc[181](info): TGS_REQ (7 etypes {23 -133 -128 3 1 24 -135}) 132.230.77.3(88): PROCESS_TGS: authtime 0,  <unknown client> for HOST/RUHP3-AFS at PHYSIK.UNI-FREIBURG.DE, Request is a replay

The W2K machine has the name ruph3. So why is there this -afs? If i add this HOST/RUHP3-AFS to the Kerberos-database, i get the same entries as a local user, but the same error code on w2k as bevor..

So can anybody help me, that mapped users can get a token, too?


Thanks
Dietrich

PS: Installing the openafs-server was done as described in 
http://www.debianplanet.org/node.php?id=816
____________________________________________________________________________
Jetzt bei WEB.DE FreeMail anmelden = 1qm Regenwald schützen! Helfen
Sie mit! Nutzen Sie den Serien-Testsieger. http://user.web.de/Regenwald




More information about the Kerberos mailing list