[OpenAFS] Drive Z not accessable

Jeffrey Hutzelman jhutz@cmu.edu
Mon, 9 Jul 2001 10:37:06 -0400 (EDT)


On Mon, 9 Jul 2001, Christophe BERNARD wrote:

> Hello.
> 
> I fear this question has been asked before, but browsing the web and the
> afs mailing lists, I could not find any clue, so here is my problem:
> 
> I set up a linux openafs (1.0.4) server for redhat 6.2 which is working
> cleanly (except for an init script that looks for the 'bos' command in the
> wrong directory).
> 
> I installed the Windows 95/98 client on a windows 98 (first
> release) machine. I had to manually add a more recent 'mfc42.dll' for the
> client UI to start properly.
> 
> However, connecting to the server fails. In more detail:
> 
> 1. Enable AFS client console (OK in 1s)
> 2. "Authenication" also OK within 1sec.
> 3. 'Connect drive letter map points' takes long, and a popup then follows:
> 
>   "Unable to open explorer. Drive Z is connected but not accessable."
> 
> Any hint of why this happens ? Note that the firewalling configuration
> accepts ANY input from the client host. Also, various server programs seem
> to be listening to the afs UDP ports on the server.

Sounds to me like you have a firewall between the client and server, and
haven't configured it properly.  In order for things to work, you need to
allow at least the following UDP traffic:

- Server ports 7000, 7003 from port 7001
- Server port 7004 from any port, if you are using the kaserver
- Server port 7002 from any port, if you want to use pts
- Server port 7003 from any port, if you want to use vos
- Server port 7005 from any port, if you want to use bos
- Server ports 750 and/or 88 from any port, if you are using Kerberos

Note that you must allow traffic in _both_ directions.  UDP is
connectionless, so a reply packet from the server is just that -- from the
server, not the client.  This is probably the source of your current
problem.

Also, bear in mind that some (all) versions of the windows clients always
use the Kerberos V4 protocol for authentication; for those clients you
will have to open up port 750 even if you are running a kaserver.

-- Jeffrey T. Hutzelman (N3NHS) <jhutz+@cmu.edu>
   Sr. Research Systems Programmer
   School of Computer Science - Research Computing Facility
   Carnegie Mellon University - Pittsburgh, PA