[OpenAFS] WinNT/2000 with NetWare client, password problem

Brent Putman putmanb@georgetown.edu
Sun, 03 Jun 2001 15:55:49 -0400

I've discovered a curious problem in trying to run the OpenAFS client
v1.0.4 for Windows NT/2000 on machines which also have the Novell
NetWare Client for NT/2000 installed.  I wanted to see if anyone else
has experienced a similar issue.

On a machine with the NetWare Client installed (vers. 4.7 and 4.8), when
trying to obtain an AFS token, I'm getting an error:  "The AFS Client
was unable to obtain tokens as <userid>  in cell <my cell name>.  Error
62 (password was incorrect)."  No valid AFS userid/password combo works.
(Yes, I have verified the correctness of the passwords being used *many*
times....)  The client *does* seem to be communicating properly with the
cell's kaserver.  For example, if an invalid userid is input as the
username, the following error is returned instead:  "Error 8 (user
doesn't exist)".  Also, the client is still able to map drives to
directories in the AFS file space which have the ACL "system:anyuser rl"
set without first obtaining a token.

If the NetWare client is removed, the OpenAFS client functions properly
and valid accounts are able to obtain tokens without the password error.

I suspected it had something to do with the NWGINA.DLL used by the
NetWare client somehow screwing up the password that is used to generate
the key for the Kerberos/AFS credentials.  However, replacing NWGINA in
the Registry config with the MS standard MSGINA.DLL did not solve the

Has anyone else seen this and know of a solution or workaround?  We're
actually contemplating a campus-wide replacement of all NetWare file
services with OpenAFS (on Solaris), and we might have a need for
coexistence of the 2 clients during the migration period.  Thanks for
any insight you can provide.

Brent Putman
Georgetown University
University Information Services