On 4/3/2012 9:34 PM, clark wrote:
I have the same probleme. I try to use the AD Kdc for my new cell authentification ... I found a lot of doc : http://wiki.openafs.org/AFSLore/win2008r2adaskdc/ http://irp.nain-t.net/doku.php/320kerberos:70_kerberos-ad http://technet.microsoft.com/en-us/library/bb742433.aspx http://technet.microsoft.com/en-us/library/cc753771%28v=ws.10%29.aspx http://technet.microsoft.com/en-us/library/dd560670%28v=ws.10%29.aspx http://www.mail-archive.com/openafs-info@openafs.org/msg24908.html http://comments.gmane.org/gmane.comp.file-systems.openafs.general/27328 But "pts: ticket contained unknown key version number" is already present. I check, kvno is the same in AD and in AFS KeyFile (asetkey) Anybody have a solution ??
Running Wireshark while doing the aklog might help, as it is good at formatting the Kerberos tickets returned by AD and show the KVNOs. If any of the DCs are read only (RODC) there may be an issue as Microsoft is using part of the KVNO in the ticket to indicate a read only DC. Google for: RODC OpenAFS as there has been other discussions. http://blogs.msdn.com/b/openspecification/archive/2011/05/11/notes-on-kerberos-kvno-in-windows-rodc-environment.aspx
_______________________________________________ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
-- Douglas E. Engert <deeng...@anl.gov> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 _______________________________________________ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
