[OpenAFS] RAID, AFS and tokens
Shyh-Wei Luan
luan@almaden.ibm.com
Wed, 27 Feb 2002 00:05:38 -0800
Well, like others and yourself, I don't understand how the fact of using a
RAID itself would cause an authentication problem for any client platform.
I think it might be something else that got changed as a by-product in your
cell environment.
Here are some questions. (They don't necessarily link to each other.)
Are you using a Kerberos 5 authentication server or the kaserver that comes
with AFS? If you are using a kerberos 5 server, do you see the following
error message in the KDC log?
krb5kdc: Invalid message type - while dispatching
If you are using kaserver, is the machine with the new RAID an
authentication server? Do you have multiple authentication servers in your
cell? If so, do they *all* listen to both port 88 and 750? Are they
running on the same platforms and are they running the same version of
Transarc AFS or OpenAFS? Would it be possible that the server with the new
RAID configured was not really functioning correctly and completely as an
authentication server? In this case, all the clients would then be
authenticating with other authentication server(s), if you have any. Maybe
the Windows clients are not dealing with the fail-over situation or the
other authentication server as well as the other client platforms do???
Shyh-Wei Luan
Petros Triantafyllidis <trian@itc.auth.gr>@openafs.org on 02/26/2002
02:50:31 AM
Sent by: openafs-info-admin@openafs.org
To: Shyh-Wei Luan/Almaden/IBM@IBMUS
cc: OpenAFS Info List <openafs-info@openafs.org>, Charles Clancy
<security@xauth.net>
Subject: Re: [OpenAFS] RAID, AFS and tokens
I still cannot understand why this should have been affected by the
plugged RAID. The server listens on both ports, 88 and 750.
On Mon, 25 Feb 2002, Shyh-Wei Luan wrote:
>
> Your Windows clients are probably using port 750 and your authentication
> server probably does not listen on this port. Usually the AFS
> authentication servers (kaserver) listen on both port 88 and port 750.
> But some of them may fail to do so. For example, I know that AIX servers
> have to change their /etc/services file to allow port 750 to be used by
> kaserver. You can check with your server admin to find out whether this
> was the case. Alternatively you can try yourself by changing the port
> number from 750 to 88 for kerberos-iv in your
> "WINNT\system32\drivers\services" file. On Windows 9x, change the port
> number for kerberos in your "Windows\services" file from 750 to 88.
>
> Shyh-Wei Luan
>
> A patch needed for the AIX /etc/services file.
>
> <old
> >new
>
> < kerberos 88/tcp # Kerberos
> < kerberos 88/udp # Kerberos
> ---
> > kerberos5 88/tcp # Kerberos
> > kerberos5 88/udp # Kerberos
>
> < rfile 750/tcp
> < loadav 750/udp
> ---
> > #rfile 750/tcp
> > #loadav 750/udp
> > kerberos 750/tcp
> > kerberos 750/udp
>
> Petros Triantafyllidis <trian@itc.auth.gr> on 02/24/2002 11:52:57 PM
>
> To: OpenAFS Info List <openafs-info@openafs.org>
> cc: Charles Clancy <security@xauth.net>, Shyh-Wei
Luan/Almaden/IBM@IBMUS
> Subject: Re: [OpenAFS] RAID, AFS and tokens
>
>
>
> > Can you take a look at the Application Log under "Control Pannel -
> > Admistrative Tools - Event Viewer" to see what AFS client error
> message(s)
> > you might have there?
> [...]
>
> This is the error message I got:
>
> "The AFS Client was unable to obtain tokens as username in cell
> itc.auth.gr.
>
> Error: 56 (Authentication Server was unavailable)"
>
> Thanks a lot,
>
> --
> Dr. TRIANTAFYLLIDIS PETROS E-MAIL: trian@itc.auth.gr
> ^^^^^^^^^^^^^^^^^^^^^^^^^^ http://afs.itc.auth.gr/~trian
> AFS Technical Support Team
> Aristotle University - Information Technology Center (KYTP)
> POBox 888,54006 Thessaloniki-GREECE-TEL:+30-31-998444,FAX:998302
>
_______________________________________________
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info