[OpenAFS] AFS In a Windows World

James Nurmi jnurmi-openafs-info@qwe.cc
Tue, 04 Feb 2003 12:04:13 -0500 

Hrmm, correction to the below (which is actually held up in moderation 
since i forgot to adjust my email addy before sending).

AFS windows client works, but not authenticated...  If I actually do the 
"retrieve tokens" style thing, it wont let me connect at all, but if I 
discard all my tokens, /then// browse around, I can play all the good 
little games with it, and it behaves perfectly (per of course anonymous 
permissions on the system).  Any clues on this one?

James D. Nurmi


------------------------------------------------------------------------

Subject:
AFS in a Windoze World
From:
"James D. Nurmi" <jnurmi@vt.edu>
Date:
Mon, 03 Feb 2003 19:37:58 -0500

To:
openafs-info@openafs.org

Message-ID:
<3E3FF1A2.2070001@openafs.org>
User-Agent:
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.3a) Gecko/20021212
X-Accept-Language:
en-us, en
MIME-Version:
1.0
Content-Type:
multipart/mixed; boundary="------------040809020603000201030809"


<div class="moz-text-flowed" style="font-family: -moz-fixed">Ok, I've 
googled, I've searched the archives, and finally my sanity is stretched 
too thin to figure this one out on my own.  Here's the gist of whats 
goin' on:

- After many hours I got kerberos and AFS to dance on a Debian box.
- In fact I have 2 unix boxes phoning into it as clients, they work 
fantabulously.
- At some point in my toying around with it, I actually had two windows 
machines get in, for about all of five minutes :-D  and indeed mounted.

I disconned' the drives onthe windows machines, and now on trying to 
reconnect them, I get a random assortment of errors, but most commonly:
"H:\ is not accessible.  The remote server has been paused or is in the 
process of being started"

I get tokens from the system, just fine, indeed the output is pretty 
much identical to the unix one...

One oddity, that I suspect has bearing are the following 2 things.

one, to get the windows client to auth w/ kerberos, I had to pass 
krb5kdc the -4full parameter, but it seems perfectly happy with that to 
grab tokens now.  I can deal w/ that...

two, is that a lot of the functions in windows give me an error...  see:

C:\PROGRA~1\IBM\AFS\Client\Program>klog jnurmi
Password:

C:\PROGRA~1\IBM\AFS\Client\Program>tokens

Tokens held by the Cache Manager:

User jnurmi's tokens for afs@econ.vt.edu [Expires Feb 04 05:30]
  --End of list --

C:\PROGRA~1\IBM\AFS\Client\Program>pts listentries
Name                          ID  Owner Creator
pts: security object was passed a bad ticket ; unable to list entries

Indeed most of the functional proggies throw the same sort of error:

C:\PROGRA~1\IBM\AFS\Client\Program>vos listaddrs
vos: could not list the server addresses
rxk: security object was passed a bad ticket


So, I'm at a loss, im not sure what changed in the 5 minutes of working 
AFSed-ness to now.  Since then I've rebooted every machine involved, 
added a couple of unix boxen to play with it, and they're perfectly 
happy to do anything I please.


As a side question, anybody have any word on getting roaming profiles 
working over AFS?  (not as important, but an end goal)

Thanks in advance

James D. Nurmi
Systems & Services, VPI & SU (ECON)

</div>