[OpenAFS-devel] RE: Windows 2000 Token authentication problems

[James Peterson]

>At my site, there are a couple of instances where we would like to access
>files from AFS in NT/2000/XP while no one is logged in. In one instance,
we
>have a customized Gina that pulls a "message of the day" from a file on
AFS
>and displays it in the login dialog. In another instance, we would like to
>be able to use a GPO out in ADS to run system startup/shutdown scripts
which
>reside in AFS. In both of these cases, NT will be attempting to access
files
>in the system context, without a user logged in.

>When I have OpenAFS 1.0.4a or OpenAFS 1.1.1a installed while I am trying
to
>perform either of these tasks, the AFS Client service dies right around
the
>time that the relevent files are being accessed from AFS. Instead of
>quitting and sending (hopefully) usefull messages to the Event Log, the
Dr.
>Watson catches the fault with the following message:

>The application, afsd_service.exe, generated an application error.
>The error occurred on 09/06/2001 @ 17:15:10.768.
>The exception generated was C0000005 at address 61702A8E
(lock_ObtainMutex).

This could be a problem with the changes made to integrated logon.   At
least it certainly sounds like the solution could be found looking at this
portion of the code.

Did previous versions (before v1.0.4a) work?

I would link to know if GINA is called before or after NPLogonNotify().
Within NPLogonNotify procedure the AFSD_SERVICE is confirmed to be running
and a suspend is done until the service is active.  The routine also makes
a call to ka_UserAuthenticateGeneral().

Because of the "suspend" code it seem possible that the service may not me
running and something similar could be happing to GINA.   A thrown
exception obtaining a mutex may be likely be a timing error.

Maybe a timing pause in GINA code would help.

James Peterson
"Your response is appreciated."