Windows TGS_REQ on alternate Netbios Names

Jeffrey Altman jaltman2 at nyc.rr.com
Fri Nov 28 20:18:19 EST 2003


Based upon the etypes list, this is a request coming from Windows 
itself.  My guess is that since you are logged into the machine via the 
Kerberos LSA, Windows is trying to authenticate the access to the SMB 
name published by OpenAFS with Kerberos.

You will most likely have to add service principals to your KDC for the
-AFS extended host names if you want to avoid the error messages. 
Remember that all of the principals for a given host have to use the 
same password.

Jeffrey Altman



Jason C. Wells wrote:
> The OpenAFS client for windows uses an additional netbios name such that
> the hostname of the computer is appended with -AFS. Windows incessantly
> attempts TGS_REQs for this netbios name.  My hostname is w13.  For
> example:
> 
> Nov 28 13:46:40 s2.stradamotorsports.com krb5kdc[56463](info): TGS_REQ (7
> etypes {23 -133 -128 3 1 24 -135}) 192.168.1.13: UNKNOWN_SERVER: authtime
> 1070053633, jcw at STRADAMOTORSPORTS.COM for
> HOST/W13-AFS at STRADAMOTORSPORTS.COM, Server not fo und in Kerberos database
> 
> I do not have a host that is actually named w13-afs on my network so I do
> not have a host/w13-afs principal in my kerberos database.
> 
> Except for spamming this heck out of my logs, windows authenticating to my
> MIT KDC works fine.
> 
> I would prefer to not have to add a phoney host principle just to suppress
> windows goofy behavior.
> 
> Does anybody know how to get windows to stop making requests for this
> extra netbios name?
> 
> Thanks,
> Jason C. Wells
> 


More information about the Kerberos mailing list