RE: [OpenAFS] Windows AD Kerberos - "bad ticket" error

2010-02-27 Thread Assarsson, Emil
t: fredag den 26 februari 2010 20:55 To: openafs-info Subject: Re: [OpenAFS] Windows AD Kerberos - "bad ticket" error First, thanks so much for the detailed and fast responses from both of you (Douglas and Brandon). And for being willing to work through some of these details with me. I&#

Re: [OpenAFS] Windows AD Kerberos - "bad ticket" error

2010-02-26 Thread Jonathan Nilsson
> There is a problem with the W2003 SP1 ktpass. See: >> http://support.microsoft.com/kb/919557 >> > Interestingly, even though I am running the latest service pack of Window Server 2003 R2 SP2, the file info on my version of ktpass.exe does not match the information in the KB article. So I applied

Re: [OpenAFS] Windows AD Kerberos - "bad ticket" error

2010-02-26 Thread Jonathan Nilsson
First, thanks so much for the detailed and fast responses from both of you (Douglas and Brandon). And for being willing to work through some of these details with me. I'll reply to some of your questions, though I suspect that I know what I need to do now... - The "afs/mycell.edu" service princ

Re: [OpenAFS] Windows AD Kerberos - "bad ticket" error

2010-02-26 Thread Douglas E. Engert
Jonathan Nilsson wrote: On Fri, Feb 26, 2010 at 10:44, Brandon S. Allbery KF8NH mailto:allb...@ece.cmu.edu>> wrote: On Feb 26, 2010, at 13:24 , Jonathan Nilsson wrote: [09:57 r...@afs1 ~]# kvno -c /tmp/krb5cc_0 afs a...@ss2k-devel.uci.edu

Re: [OpenAFS] Windows AD Kerberos - "bad ticket" error

2010-02-26 Thread Brandon S. Allbery KF8NH
I'm speculating, but that would be a problem with how Windows implements the "ktpass mapuser" function and then returns tickets for a mapped user with the same kvno as the principal. So both the user "afs" and the principal "afs/mycell.edu" are returning tickets with the same kvno. And I

Re: [OpenAFS] Windows AD Kerberos - "bad ticket" error

2010-02-26 Thread Brandon S. Allbery KF8NH
On Feb 26, 2010, at 14:03 , Jonathan Nilsson wrote: On Fri, Feb 26, 2010 at 10:44, Brandon S. Allbery KF8NH > wrote: On Feb 26, 2010, at 13:24 , Jonathan Nilsson wrote: [09:57 r...@afs1 ~]# kvno -c /tmp/krb5cc_0 afs a...@ss2k-devel.uci.edu: kvno = 2 [09:57 r...@afs1 ~]# kvno -c /tmp/krb5cc_0 afs/

Re: [OpenAFS] Windows AD Kerberos - "bad ticket" error

2010-02-26 Thread Douglas E. Engert
Jonathan Nilsson wrote: Hello, I've spent a good amount of time trying to figure out how to use Windows Active Directory as my Kerberos Realm. So first off, tell me if this is not a supported scenario... although from the reading I've done, it should work. That said, I am having strange prob

Re: [OpenAFS] Windows AD Kerberos - "bad ticket" error

2010-02-26 Thread Jonathan Nilsson
On Fri, Feb 26, 2010 at 10:44, Brandon S. Allbery KF8NH wrote: > On Feb 26, 2010, at 13:24 , Jonathan Nilsson wrote: > >> [09:57 r...@afs1 ~]# kvno -c /tmp/krb5cc_0 afs >> a...@ss2k-devel.uci.edu: kvno = 2 >> [09:57 r...@afs1 ~]# kvno -c /tmp/krb5cc_0 afs/mycell.edu >> afs/mycell@mycell.edu:

Re: [OpenAFS] Windows AD Kerberos - "bad ticket" error

2010-02-26 Thread Brandon S. Allbery KF8NH
On Feb 26, 2010, at 13:24 , Jonathan Nilsson wrote: [09:57 r...@afs1 ~]# kvno -c /tmp/krb5cc_0 afs a...@ss2k-devel.uci.edu: kvno = 2 [09:57 r...@afs1 ~]# kvno -c /tmp/krb5cc_0 afs/mycell.edu afs/mycell@mycell.edu: kvno = 2 You put both of these in the KeyFile? With the same kvno? This wil

[OpenAFS] Windows AD Kerberos - "bad ticket" error

2010-02-26 Thread Jonathan Nilsson
Hello, I've spent a good amount of time trying to figure out how to use Windows Active Directory as my Kerberos Realm. So first off, tell me if this is not a supported scenario... although from the reading I've done, it should work. That said, I am having strange problems with my tickets/tokens