Re: [OpenAFS] Windows AD Kerberos - "bad ticket" error

> There is a problem with the W2003 SP1 ktpass. See: >> http://support.microsoft.com/kb/919557 >> > Interestingly, even though I am running the latest service pack of Window Server 2003 R2 SP2, the file info on my version of ktpass.exe does not match the information in the KB article. So I applied

[OpenAFS] Re: Windows AD Kerberos - "bad ticket" error

On Fri, 26 Feb 2010 14:12:34 -0500 "Brandon S. Allbery KF8NH" wrote: > > Otherwise, is there a way for aklog to not bother getting a ticket > > for the "a...@mycell.edu" principal, and just use > > "afs/mycell@mycell.edu "? > > That's what it should be doing; only if that principal can't be

Re: [OpenAFS] Windows AD Kerberos - "bad ticket" error

First, thanks so much for the detailed and fast responses from both of you (Douglas and Brandon). And for being willing to work through some of these details with me. I'll reply to some of your questions, though I suspect that I know what I need to do now... - The "afs/mycell.edu" service princ

Re: [OpenAFS] Windows AD Kerberos - "bad ticket" error

Jonathan Nilsson wrote: On Fri, Feb 26, 2010 at 10:44, Brandon S. Allbery KF8NH mailto:allb...@ece.cmu.edu>> wrote: On Feb 26, 2010, at 13:24 , Jonathan Nilsson wrote: [09:57 r...@afs1 ~]# kvno -c /tmp/krb5cc_0 afs a...@ss2k-devel.uci.edu

Re: [OpenAFS] Windows AD Kerberos - "bad ticket" error

I'm speculating, but that would be a problem with how Windows implements the "ktpass mapuser" function and then returns tickets for a mapped user with the same kvno as the principal. So both the user "afs" and the principal "afs/mycell.edu" are returning tickets with the same kvno. And I

Re: [OpenAFS] Windows AD Kerberos - "bad ticket" error

On Feb 26, 2010, at 14:03 , Jonathan Nilsson wrote: On Fri, Feb 26, 2010 at 10:44, Brandon S. Allbery KF8NH > wrote: On Feb 26, 2010, at 13:24 , Jonathan Nilsson wrote: [09:57 r...@afs1 ~]# kvno -c /tmp/krb5cc_0 afs a...@ss2k-devel.uci.edu: kvno = 2 [09:57 r...@afs1 ~]# kvno -c /tmp/krb5cc_0 afs/

Re: [OpenAFS] Windows AD Kerberos - "bad ticket" error

Jonathan Nilsson wrote: Hello, I've spent a good amount of time trying to figure out how to use Windows Active Directory as my Kerberos Realm. So first off, tell me if this is not a supported scenario... although from the reading I've done, it should work. That said, I am having strange prob

Re: [OpenAFS] Windows AD Kerberos - "bad ticket" error

On Fri, Feb 26, 2010 at 10:44, Brandon S. Allbery KF8NH wrote: > On Feb 26, 2010, at 13:24 , Jonathan Nilsson wrote: > >> [09:57 r...@afs1 ~]# kvno -c /tmp/krb5cc_0 afs >> a...@ss2k-devel.uci.edu: kvno = 2 >> [09:57 r...@afs1 ~]# kvno -c /tmp/krb5cc_0 afs/mycell.edu >> afs/mycell@mycell.edu:

Re: [OpenAFS] Windows AD Kerberos - "bad ticket" error

On Feb 26, 2010, at 13:24 , Jonathan Nilsson wrote: [09:57 r...@afs1 ~]# kvno -c /tmp/krb5cc_0 afs a...@ss2k-devel.uci.edu: kvno = 2 [09:57 r...@afs1 ~]# kvno -c /tmp/krb5cc_0 afs/mycell.edu afs/mycell@mycell.edu: kvno = 2 You put both of these in the KeyFile? With the same kvno? This wil

[OpenAFS] Windows AD Kerberos - "bad ticket" error

Hello, I've spent a good amount of time trying to figure out how to use Windows Active Directory as my Kerberos Realm. So first off, tell me if this is not a supported scenario... although from the reading I've done, it should work. That said, I am having strange problems with my tickets/tokens

Re: [OpenAFS] Re: Question regarding the PreferencePane for Mac OS X in 1.4.12rc4

On 26 Feb 2010, at 16:45, Derrick Brashear wrote: at this point in time you may be out of luck. I'd hope 'for all time'. I'd really rather not see us integrating new code to support kaserver, given our commitment to removing it entirely. S. ___

Re: [OpenAFS] Re: Question regarding the PreferencePane for Mac OS X in 1.4.12rc4

On Fri, Feb 26, 2010 at 11:37 AM, Sebastian Hagedorn wrote: > --On 26. Februar 2010 11:27:32 -0500 Derrick Brashear > wrote: > for get tocken you use aklog or klog? >>> >>> klog. When I try aklog, I get this: >>> >>> % aklog >>> aklog: Couldn't get rrz.uni-koeln.de AFS tickets: >>> aklog: un

Re: [OpenAFS] Re: Question regarding the PreferencePane for Mac OS X in 1.4.12rc4

--On 26. Februar 2010 11:27:32 -0500 Derrick Brashear wrote: for get tocken you use aklog or klog? klog. When I try aklog, I get this: % aklog aklog: Couldn't get rrz.uni-koeln.de AFS tickets: aklog: unknown RPC error (-1765328377) while getting AFS tickets aklog requires krb5, and you sa

Re: [OpenAFS] Re: Question regarding the PreferencePane for Mac OS X in 1.4.12rc4

On Fri, Feb 26, 2010 at 9:18 AM, Sebastian Hagedorn wrote: > Hi Claudio, > > thanks for your reply. > > --On 26. Februar 2010 14:04:40 +0100 Claudio Bisegni > wrote: > >> for the login windows and k5 at login time it's known issue, i'm >> investigating this problem. Anyway if you turn off the opt

[OpenAFS] Re: [OpenAFS-announce] OpenAFS 1.4.12 release candidate 4 available

Just to let you know, pre3 clients on sun4x_510 are working, and I am on vacation next week so can't test pre4. We are also in the process of moving out testbed machines from one building to another, so don't have any AFS server to test with either. We hope to get this resolved in the next week o

[OpenAFS] Re: Question regarding the PreferencePane for Mac OS X in 1.4.12rc4

Hi Claudio, thanks for your reply. --On 26. Februar 2010 14:04:40 +0100 Claudio Bisegni wrote: for the login windows and k5 at login time it's known issue, i'm investigating this problem. Anyway if you turn off the option to show the icon on login panel it work. for the other problem: anyw

[OpenAFS] Question regarding the PreferencePane for Mac OS X in 1.4.12rc4

Hi, I installed OpenAFS 1.4.12rc4 on a new iMac (i.e. running Snow Leopard) today. I tried to use the functionality in the PreferencePane to get a token during login, but it doesn't work for me. Before I file a bug report I wanted to make sure that I'm using it right. I tried logging in with