From: Philon T. <phi...@gm...> - 2004-10-22 14:42:02
|
hello all, so now I'm writing to the devel-list as Thomas Kaiser suggested. Hope, Sam will read this now :) the back story: I was trying to get kerberos authentication working on my FreeBSD 5.2.1 box. I managed to get the port built with kerberos support and the afpd.conf is changed to use kerberos uam. All fine. Now, when I try to connect from a client it starts with the Kerberos authenticator and gives me the key, but then it brings up the dialogue saying "A connection error has occured". the logfile says: - client thinks user is philon - importing name - acquiring credentials (uid = 0, keytab = /etc/krb5.keytab) - No principal in keytab matches desired name what does it look for in the keytab? I can kinit from the server-box without a problem. A tcpdump brings up that no connection to the kdc is started/even tried. so where's the bug? regards, Philon -- log: Oct 22 16:00:11 afpd[82953][afp_config.c:379]: I:AFPDaemon: ASIP started on 192.168.0.9:548(7) (2.0.0) Okt 22 16:01:26 afpd[82953][afp_config.c:434]: E:AFPDaemon: DSIConfigInit: Error registering afp://fileserver.bodysplit.sw:548/?NAME=Fileserver with SRVLOC Okt 22 16:01:26 afpd[82953][auth.c:1012]: D5:AFPDaemon: uam: loading (/usr/local/etc/netatalk/uams/uams_dhx.so) Okt 22 16:01:26 afpd[82953][auth.c:1019]: I:AFPDaemon: uam: uams_dhx.so loaded Okt 22 16:01:26 afpd[82953][auth.c:1012]: D5:AFPDaemon: uam: loading (/usr/local/etc/netatalk/uams/uams_gss.so) Okt 22 16:01:26 afpd[82953][auth.c:1019]: I:AFPDaemon: uam: uams_gss.so loaded Okt 22 16:01:26 afpd[82953][auth.c:130]: I:AFPDaemon: uam: "Client Krb v2" available Okt 22 16:01:26 afpd[82953][auth.c:130]: I:AFPDaemon: uam: "DHCAST128" available Okt 22 16:01:26 afpd[82953][afp_config.c:578]: D5:AFPDaemon: Finished parsing Config File Okt 22 16:01:26 afpd[82953][server_child.c:365]: I:Default: server_child[1] 82956 exited 1 Okt 22 16:01:26 afpd[82957][dsi_tcp.c:208]: I:Default: ASIP session:548(7) from 192.168.0.5:50499(9) Okt 22 16:01:26 afpd[82953][server_child.c:368]: I:Default: server_child[1] 82957 done Okt 22 16:01:27 afpd[82958][dsi_tcp.c:208]: I:Default: ASIP session:548(7) from 192.168.0.5:50500(9) Okt 22 16:01:28 afpd[82958][uams_gss.c:361]: I:UAMSDaemon: uams_gss.c :LoginCont: client thinks user is philon Okt 22 16:01:28 afpd[82958][uams_gss.c:148]: D5:UAMSDaemon: uams_gss.c :do_gss_auth: importing name Okt 22 16:01:28 afpd[82958][uams_gss.c:159]: D5:UAMSDaemon: uams_gss.c :do_gss_auth: acquiring credentials (uid = 0, keytab = /etc/krb5.keytab) Okt 22 16:01:28 afpd[82958][uams_gss.c:82]: I:UAMSDaemon: uams_gss.c :do_gss_auth: acquire_cred Miscellaneous failure (error Bad address) Okt 22 16:01:28 afpd[82958][uams_gss.c:93]: I:UAMSDaemon: uams_gss.c :do_gss_auth: acquire_cred No principal in keytab matches desired name (error Bad address) Okt 22 16:01:28 afpd[82958][uams_gss.c:390]: I:UAMSDaemon: do_gss_auth failed /etc/krb5.keytab: Vno Type Principal 3 des3-cbc-sha1 host/penguin.local.domain@MYSTIC.LOCAL.DOMAIN 3 arcfour-hmac-md5 host/penguin.local.domain@MYSTIC.LOCAL.DOMAIN 3 des-cbc-crc host/penguin.local.domain@MYSTIC.LOCAL.DOMAIN 3 des3-cbc-sha1 afpserver/fileserver.local.domain@MYSTIC.LOCAL.DOMAIN 3 arcfour-hmac-md5 afpserver/fileserver.local.domain@MYSTIC.LOCAL.DOMAIN 3 des-cbc-crc afpserver/fileserver.local.domain@MYSTIC.LOCAL.DOMAIN MYSTIC is my OSX-server and KDC Penguin is my unixbox fileserver is the ipalias running netatalk afpd.conf: "Fileserver" -ipaddr 192.168.0.9 -uamlist uams_dhx.so,uams_gss.so -nosavepassword -uampath /usr/local/etc/netatalk/uams -icon -nosetpassword -advertise_ssh -fqdn fileserver.local.domain:548 -noddp -tcp -k5service afpserver -k5realm MYSTIC.LOCAL.DOMAIN -k5keytab /etc/krb5.keytab -setuplog "default log_maxdebug /var/log/netatalk.log" |