[OpenAFS] OpenAFS Windows client will not map drives

Jeffrey Altman jaltman@columbia.edu
Fri, 03 Mar 2006 17:50:37 -0500

This is a cryptographically signed message in MIME format.

Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit


On the Loopback adapter, unbind everything but:

 * Client for Microsoft Networks
 * Internet Protocol

Using the GUIs is not going to help you here so I advise that you stop
trying to use them.

Please read the Debugging OpenAFS section of the release notes that
I pointed you at earlier.  Turn on PIOCTL debugging, Trace Logging,
and obtain a copy of the SysInternals DbgView and FileMon tools.
After setting everything up as described in the Release Notes execute
the following commands from the command line:

 * kinit <user@REALM>
 * aklog -d
 * tokens

Now if you have any form of connectivity with the AFS SMB Server you
will have obtained tokens and been able to list them.  Otherwise, you
will have received another copy of the Network Name Not Found error.

At that point, you need to use "nbtstat -n" to list all of the
registered network names.   The following line should appear once
and only once on the Loopback Adapter:

    AFS            <20>  UNIQUE      Registered

There should be no other names on that adapter with type <20>.  If
there are, you will lose.  If AFS <20> appears on any other adapter,
you will lose.

If you have any machine on your network that is adverting the name
AFS <20>, you will lose.

Jeffrey Altman

Sean Caron wrote:
> Thanks for the suggestions so far. What I am doing is: I have a couple
> of spare machines in my office that I am
> testing various configurations of the OpenAFS client on, so I can try
> all sorts of funky things and not have to
> worry about messing up a machine that someone is actually using. I set
> one up to test the behaviour of the
> client with the loopback adapter on, as so:
> (1) Wiped a machine a did a fresh load of our disk image (XP, Novell
> client, etc). Computer name is SPH-2002-0196.
> I saw some old post on the Internet implying that dashes in the hostname
> might cause problems with the AFS
> client, but they dated from 2002 or 2003, so I'm assuming it doesn't
> matter these days. I think I mentioned earlier
> that I tried a system with a boring alphanumeric only name (SPHAFSTEST)
> and it didn't help anything.
> (reboot)
> (2) Installed MIT Kerberos v3.0.0 with all default settings on; krb5.ini
> has been properly customized for our site.
> Kerberos is set to start automatically when Windows starts (as would
> make sense). (side note: MIT Kerberos seems to
> work fine in and of itself. It gladly will go authenticate and get
> tokens). I did this as an administrator; normal users wouldn't
> normally be allowed to install software given the way we have security
> set up on our workstation disk image.
> (reboot)
> (3) Installed OpenAFS Windows Client v1.4.0 (as an administrator) WITH
> the loopback adaptor installed this time. Use our
> CellServDB file that actually includes our site. Set AFS cell name to
> "sph.umich.edu <http://sph.umich.edu>". Everything else is set per
> installation
> defaults (AFS crypt security = on, AFS freelance client = on, DNS
> cellserver search = on, start afscreds on login = on, auto
> initialize afscreds = on, renew drivemaps = on, ip change detection =
> on, quiet = on). Installer completes successfully.
> (reboot)
> (4) Now my test workstation is back online, sitting at the login prompt.
> I try to login to the Novell network (client version 4.91, by
> the way). Now it doesn't work! "The tree or server cannot be found.
> Choose a different tree or server....". OK. Let's log in as
> "Workstation only". Did the Novell client get bound up in the loopback
> adapter or something? Can this be dealt with? I know very
> little about Novell (I am a new hire at SPH, and mostly a UNIX guy).
> (5) So I log in to the local machine only and get the AFS Client "Obtain
> New AFS tokens" dialog box. Enter username and password
> and authenticate to cell "sph.umich.edu <http://sph.umich.edu>". Wait a
> minute or two, and the tickets show up in the MIT Kerberos Network Identity
> Manager. So at least authentication and ticketing is all good.
> (6) Testing: Start->Run. "\\afs\all". I get the message: "This file does
> not have a program associated with it for performing this action.
> Create an association in the Folder Options control panel".
> OK.
> Testing: Start->Run. "\\afs\sph.umich.edu". Same message.
> Testing: Start->Run. "\\afs\sph.umich.edu\user\s\scaron". Wait a second
> or two... same message.
> Testing: Start->Run. "cmd". From command prompt: "net use
> \\afs\sph.umich.edu\user\s\scaron h:". We get the message: "The
> network name cannot be found (system error 67)".
> Testing: Click "Drive Letters" tab in AFS client. It sits for a while
> (30 secs - 1 minute). Click "Add". Select "Drive F", AFS path
> "\afs\sph.umich.edu\user\s\scaron", submount "homes". I get the error:
> "AFS was unable to map the network drive to the specified path in AFS.
> Check to make sure the drive letter is not currently in use"
> "Error 0x00000043"
> (i was thinking about it and it hit me that 43 hex = 67 decimal so i
> guess NETWORK NAME CANNOT BE FOUND is the issue here)
> (7) Check network properties. We have two connections installed.
> One is called AFS and is bound to the loopback adaptor. Uses items:
> Novell client for Windows, Client for Microsoft networks, Remote
> management, Novell workstation manager, Novell distributed print
> services, TCP/IP
> The other is the default Local Area Network connection. Uses items:
> Novell client for Windows, Client for Microsoft networks, QoS
> packet scheduler, Remote management, Novell workstation manager, Novell
> distributed print services, TCP/IP. Windows firewall is
> on. We use DHCP to get all network card parameters & DNS server
> information. TCP/IP filtering is off. NetBIOS is set to "Use NetBIOS
> setting from DHCP server. If static IP address is used or DHCP server
> does not provide NetBIOS setting, enable NetBIOS over TCP/IP"
> I see that we don't actually have a NetBIOS protocol installed by
> default on our load. Let's do it manually for now.
> (8) Add protocol: NWLink IPX/SPX/NetBIOS Compatible Transport Protocol
> (this is the only NetBIOS protocol available in the list).
> Install it.
> (reboot)
> (9) So we're back at the login prompt and you still can't log in to
> Novell. We get the same "The tree or server cannot be found..." message.
> Let's login to local workstation only again and proceed. Once again I am
> able to successfully log in, authenticate to sph.umich.edu
> <http://sph.umich.edu>, and
> obtain tokens.
> (10) Try the same testing suite again:
> Testing: Start->Run. "\\afs\all". I get the message: "This file does not
> have a program associated with it for performing this action.
> Create an association in the Folder Options control panel".
> Testing: Start->Run. "\\afs\sph.umich.edu". Same message.
> Testing: Start->Run. "\\afs\sph.umich.edu\user\s\scaron". Same message.
> Testing: Start->Run. "cmd". From command prompt: "net use
> \\afs\sph.umich.edu\user\s\scaron h:". We get the message: "The
> network name cannot be found (system error 67)".
> Testing: Click "Drive Letters" tab in AFS client. It comes up instantly
> this time around. Click "Add". Select "Drive F", AFS path
> "\afs\sph.umich.edu\user\s\scarno", submount "homes". I again get the error:
> "AFS was unable to map the network drive to the specified path in AFS.
> Check to make sure the drive letter is not currently in use"
> "Error 0x00000043"
> That didn't seem to help anything.
> (11) Go to Network Connections->Advanced Settings. In "adapters and
> bindings" I move the AFS (loopback) connection to the top of
> the pile. Go to Provider Order tab and move OpenAFSDaemon to the very
> top of the heap (it was at the very bottom).
> (reboot)
> (12) I'm not even going to try and log into the Novell network this time
> around. Log in to local machine only and run my series of test
> commands again. Same results as above.
> (13) It was suggested that I perhaps unbind NWLink IPX/SPX/NetBIOS
> Compatible Transport Protocol from the Client for Microsoft
> Networks. Go back into Network->Advanced Settings and do that. While I'm
> at it, I see that TCP/IP has become unbound from the
> Novell client. So I bind that back up while I'm there.
> (reboot)
> (14) Why not try and log into Novell this boot around? I still get the
> "Tree or server cannot be found" error. Let's login to the workstation
> only and proceed again.
> (15) Run my little suite of test commands again. Same results as above
> (no change).
> This is about where I stand now. I've tried some various other things:
> Hard setting "NetBIOS over TCP/IP" to ON instead of taking settings
> based on DHCP values, manually entering DNS servers, turning off Windows
> firewall, etc. All seem to have no effect. I've repeated all this
> for both the cases of loopback adaptor installed, and loopback adaptor
> not installed, basically, with (roughly) the same effects. Some of
> the errors I got without the loopback adaptor were a little different (I
> remember getting a system error 53 a couple of times, among other
> things).
> I tried to be as exhaustive as possible in compiling my little report
> here; I hope it isn't entirely too much wasted reading and writing for
> myself and all of you out there on the list. I'm really hoping to be
> able to get this to work, or, failing that, at least be able to go to my
> supervisor and say without a doubt that "the AFS client for Windows will
> not work with [our] Novell installation [because]...", so I want
> to be sure that I pretty much left no stone unturned.
> Thanks, everyone, for all the help thus far. Please don't hesitate to
> ask me about anything if you feel that you might need more knowledge
> about my system environment to be able to offer any useful suggestions.
> Regards,
> Sean Caron
> Associate Systems Administrator
> University of Michigan School of Public Health
> 1-734-763-4206
> scaron@umich.edu <mailto:scaron@umich.edu>
> On 3/3/06, *Rodney M Dyer* <rmdyer@uncc.edu <mailto:rmdyer@uncc.edu>> wrote:
>     At 12:12 PM 3/3/2006, Jeffrey Altman wrote:
>     >I have heard of other organizations having problems with both
>     Novell and
>     >OpenAFS clients on the same machines.  I have not had access to such a
>     >configuration to be able to debug it.
>     Just a note.  We run the Novell client without issues with OpenAFS
>     and the
>     loopback adapter.  We DO NOT however use the Novell GINA
>     module.  After we
>     install the Novell client, we replace the nwgina.dll back to
>     msgina.dll.  We also place the afslogon.dll authenticator first in the
>     providers list.
>     Rodney
>     Rodney M. Dyer
>     Windows Systems Programmer
>     Mosaic Computing Group
>     William States Lee College of Engineering
>     University of North Carolina at Charlotte
>     Email: rmdyer@uncc.edu <mailto:rmdyer@uncc.edu>
>     Web: http://www.coe.uncc.edu/~rmdyer
>     Phone: (704)687-3518
>     Help Desk Line: (704)687-3150
>     FAX: (704)687-2352
>     Office:  Cameron Applied Research Center, Room 232

Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature