Re: [OpenAFS] unknown RPC error (-1765328370) while getting AFS tickets

Tue, 27 Mar 2012 04:51:07 -0700 

https://lists.openafs.org/pipermail/openafs-info/2011-June/036188.html

On Tue, Mar 27, 2012 at 3:45 AM, Stefan Michael Guenther
<s.guent...@in-put.de> wrote:
> Hello,
>
> I'm currently trying to setup OpenAFS 1.6.0-1 together with MIT Kerberos 
> 1.9.1 on an Ubuntu System.
>
> All necessary processes are running but something seems to be wrong with my 
> Kerberos configuration:
>
> intranet:/var/log# kinit admin
> Password for ad...@in-put.de:
>
> intranet:/var/log# klist
> Ticket cache: FILE:/tmp/krb5cc_0
> Default principal: ad...@in-put.de
>
> Valid starting     Expires            Service principal
> 03/27/12 09:13:32  03/27/12 19:13:32  krbtgt/in-put...@in-put.de
>        renew until 03/28/12 09:13:29
>
>
> intranet:/var/log# aklog -d
> Authenticating to cell IN-PUT.DE (server intranet.in-put.de).
> Trying to authenticate to user's realm IN-PUT.DE.
> Getting tickets: afs/in-put...@in-put.de
> We've deduced that we need to authenticate to realm IN-PUT.DE.
> Getting tickets: afs/in-put...@in-put.de
> Getting tickets: afs/in-put...@in-put.de
> Getting tickets: a...@in-put.de
> Kerberos error code returned by get_cred : -1765328370
> aklog: Couldn't get IN-PUT.DE AFS tickets:
> aklog: unknown RPC error (-1765328370) while getting AFS tickets
>
>
> According to a number of postings the error is related to ticket encryption, 
> but I guess I have the right settings in the Kerberos config files:
>
> /etc/krb5.conf
> -------------------
>
> [libdefaults]
>        default_realm = IN-PUT.DE
>        krb4_config = /etc/krb.conf
>        krb4_realms = /etc/krb.realms
>        kdc_timesync = 1
>        ccache_type = 4
>        forwardable = true
>        proxiable = true
>        fcc-mit-ticketflags = true
>
> [realms]
>        IN-PUT.DE = {
>                kdc = intranet.in-put.de
>                admin_server = intranet.in-put.de
>        }
>
> [domain_realm]
>        .in-put.de = IN-PUT.DE
>        in-put.de = IN-PUT.DE
>
> [login]
>        krb4_convert = true
>        krb4_get_tickets = false
>
> /etc/krb5kdc/kdc.conf
> ------------------------------
>
> [kdcdefaults]
>    kdc_ports = 750,88
>
> [realms]
>    IN-PUT.DE = {
>        database_name = /var/lib/krb5kdc/principal
>        admin_keytab = FILE:/etc/krb5kdc/kadm5.keytab
>        acl_file = /etc/krb5kdc/kadm5.acl
>        key_stash_file = /etc/krb5kdc/stash
>        kdc_ports = 750,88
>        max_life = 10h 0m 0s
>        max_renewable_life = 7d 0h 0m 0s
>        master_key_type = des3-hmac-sha1
>        supported_enctypes = #supported_enctypes = aes256-cts:normal 
> arcfour-hmac:normal des3-hmac-sha1:normal des-cbc-crc:normal des:normal 
> des:v4 des:norealm des:onlyrealm des:afs3
>        default_principal_flags = +preauth
>    }
>
> Thanks for any hints or suggestions,
>
> Stefan



-- 
Derrick
_______________________________________________
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Reply via email to