Windows with Krb5
Kevin Coffman
kwc@citi.umich.edu
Thu, 10 May 2001 16:46:53 -0400
We just installed Patch 2 (AFS 3.6 2.14) on a couple of Windows 2000
boxes and they both exhibit the same behavior. The kerberos request
packet they are sending is malformed, causing the following message in
the (MIT K5 1.2.1) KDC log:
krb5kdc: Invalid message type - while dispatching
The client -- after timing out to all the KDCs, since it never gets a
reply -- displays:
The AFS client was unable to obtain tokens as kwc in cell umich.edu
Error: 56 (Authentication Server was unavailable)
Anyone else seen this?
K.C.
> Has anyone successfully used the Windows AFS client in an AFS cell with Ken
> Hornstein's NRL AFS-Kerberos5 migration kit (which allow you to run a
> normal Krb5 server, storing afs3, krb5, and krb4 keys)? We've successfully
> used it with unix clients (using aklog to obtain AFS tokens from krb5
> tickets) and have preserved the ability for users from foreign cells to
> authenticate to our servers by running "fakeka", which decodes just enough
> of the RX packet to forward the authentication request to the krb5 server.
> So far so good... but the Windows AFS client has looked more attractive to
> us lately and we cannot get it to work with our modified setup...
>
> I can browse AFS filespace unauthenticated just fine. I can
> successfully obtain tokens for an unmodified AFS.
>
> But authenticating to the KDC Server i got at first the error
> The AFS Client was unable to obtain tokens as x30 in cell urz.uni-heidelberg.de
> Error: 37 (unknown authentication error 37).
>
> This was an result of bad skewed times on Win and Kdc-Server (sol 7)
> But after correctin this problem i got an expired token (!) with
> expiration time 11:41:00 12/12/17 (!!!).
> Has anyone an idea ?
>
> Thank for help.
>
> Elmar
>
> ------------------------------------------------------------------------
> Dr. Elmar Abeln email: Elmar.Abeln@URZ.Uni-Heidelberg.DE
> Universitaetsrechenzentrum
> Im Neuenheimer Feld 293 phone: +49 (6221) 54 4513
> D 69120 Heidelberg fax: +49 (6221) 54 5581
> ---------------------------------------------------------------------------