[OpenAFS] Windows2000 OpenAFS Client unable to obtain tokens

jareds@us.ibm.com jareds@us.ibm.com
Tue, 18 Jun 2002 15:38:49 -0400 

This is a multipart message in MIME format.
--=_alternative 006BDDE985256BDC_=
Content-Type: text/plain; charset="US-ASCII"

I saw a similar problem in a small cell where there was a single Linux 
server and a W2K client, both running OpenAFS.

The problem appeared to be in the way the Linux server was initializing 
the ports for the kaserver.  At least for IBM AFS, we will use the ports 
identified in /etc/services for kerberos, and, if none are defined, we'll 
use the default ports.  So this would be a normal AuthLog:

kerberos4/udp is unknown; check /etc/services.  Using port=750 as default
kerberos5/udp is unknown; check /etc/services.  Using port=88 as default

However, I was seeing strange ports on this particular occassion:

Kerberos4/udp port=60930
Kerberos5/udp port=22528

These ports were not being set anywhere that I could find, and it 
continued to try to use these even when we specifically set them in 
/etc/services.  So I'm not sure how these were getting set.

We never pursued the problem, so I'm not sure what the answer is.  But it 
might be something to look at.


Thanks,


~~~~~~~~~~~~~~~~~~~~~~~~~~~
Jared Spencer, MCSA
AFS Technical Lead
Staff Software Engineer
IBM Pittsburgh Lab
jareds@us.ibm.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~





Derek Atkins <warlord@MIT.EDU>
Sent by: openafs-info-admin@openafs.org
06/18/2002 03:04 PM
 
        To:     "Nathan Davis" <davisn@mailandnews.com>
        cc:     <openafs-info@openafs.org>
        Subject:        Re: [OpenAFS] Windows2000 OpenAFS Client unable to obtain tokens

 

Is your AFS cell using KAserver or K5+aklog?

The windows distribution only supports KAserver.

-derek

"Nathan Davis" <davisn@mailandnews.com> writes:

> Hi,
> 
> I am running an OpenAFS client on Windows2000.  I am able to connect to 
the (only) server, and can read files/directories made available to 
system:anyuser.  However, when I try to authenticate it says "The AFS 
Client was unavle to obtain tokens ... Error: 56 (Authentication Server 
was unavailable)".  The Win2K client is running version 1.2.2b official 
binaries.  The server is running the official binaries for Redhat 7.3 of 
version 1.2.4.  Any idea what the problem is?  Note that the server itself 
is also configured as a client and I have no trouble with authentication 
on it.
> 
> On a related note, I'd like to setup the Win2K box as an additional 
server.  Currently I am unable to do so (because I can't authenticate as 
admin).  Are there any potential issues related to mixing different server 
versions?

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord@MIT.EDU                        PGP key available
_______________________________________________
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info


--=_alternative 006BDDE985256BDC_=
Content-Type: text/html; charset="US-ASCII"


<br><font size=2 face="sans-serif"><br>
I saw a similar problem in a small cell where there was a single Linux server and a W2K client, both running OpenAFS.</font>
<br>
<br><font size=2 face="sans-serif">The problem appeared to be in the way the Linux server was initializing the ports for the kaserver. &nbsp;At least for IBM AFS, we will use the ports identified in /etc/services for kerberos, and, if none are defined, we'll use the default ports. &nbsp;So this would be a normal AuthLog:</font>
<br>
<br><font size=2 face="sans-serif">kerberos4/udp is unknown; check /etc/services. &nbsp;Using port=750 as default</font>
<br><font size=2 face="sans-serif">kerberos5/udp is unknown; check /etc/services. &nbsp;Using port=88 as default</font>
<br>
<br><font size=2 face="sans-serif">However, I was seeing strange ports on this particular occassion:</font>
<br>
<br><font size=2><tt>Kerberos4/udp port=60930<br>
Kerberos5/udp port=22528</tt></font>
<br>
<br><font size=2 face="sans-serif">These ports were not being set anywhere that I could find, and it continued to try to use these even when we specifically set them in /etc/services. &nbsp;So I'm not sure how these were getting set.</font>
<br>
<br><font size=2 face="sans-serif">We never pursued the problem, so I'm not sure what the answer is. &nbsp;But it might be something to look at.</font>
<br>
<br>
<br><font size=2 face="sans-serif">Thanks,</font>
<br><font size=2 face="sans-serif"><br>
<br>
~~~~~~~~~~~~~~~~~~~~~~~~~~~<br>
Jared Spencer, MCSA<br>
AFS Technical Lead<br>
Staff Software Engineer<br>
IBM Pittsburgh Lab<br>
jareds@us.ibm.com<br>
~~~~~~~~~~~~~~~~~~~~~~~~~~~<br>
</font>
<br>
<br>
<br>
<table width=100%>
<tr valign=top>
<td>
<td><font size=1 face="sans-serif"><b>Derek Atkins &lt;warlord@MIT.EDU&gt;</b></font>
<br><font size=1 face="sans-serif">Sent by: openafs-info-admin@openafs.org</font>
<p><font size=1 face="sans-serif">06/18/2002 03:04 PM</font>
<td><font size=1 face="Arial">&nbsp; &nbsp; &nbsp; &nbsp; </font>
<br><font size=1 face="sans-serif">&nbsp; &nbsp; &nbsp; &nbsp; To: &nbsp; &nbsp; &nbsp; &nbsp;&quot;Nathan Davis&quot; &lt;davisn@mailandnews.com&gt;</font>
<br><font size=1 face="sans-serif">&nbsp; &nbsp; &nbsp; &nbsp; cc: &nbsp; &nbsp; &nbsp; &nbsp;&lt;openafs-info@openafs.org&gt;</font>
<br><font size=1 face="sans-serif">&nbsp; &nbsp; &nbsp; &nbsp; Subject: &nbsp; &nbsp; &nbsp; &nbsp;Re: [OpenAFS] Windows2000 OpenAFS Client unable to obtain tokens</font>
<br>
<br><font size=1 face="Arial">&nbsp; &nbsp; &nbsp; &nbsp;</font></table>
<br>
<br><font size=2><tt>Is your AFS cell using KAserver or K5+aklog?<br>
<br>
The windows distribution only supports KAserver.<br>
<br>
-derek<br>
<br>
&quot;Nathan Davis&quot; &lt;davisn@mailandnews.com&gt; writes:<br>
<br>
&gt; Hi,<br>
&gt; <br>
&gt; I am running an OpenAFS client on Windows2000. &nbsp;I am able to connect to the (only) server, and can read files/directories made available to system:anyuser. &nbsp;However, when I try to authenticate it says &quot;The AFS Client was unavle to obtain tokens ... Error: 56 (Authentication Server was unavailable)&quot;. &nbsp;The Win2K client is running version 1.2.2b official binaries. &nbsp;The server is running the official binaries for Redhat 7.3 of version 1.2.4. &nbsp;Any idea what the problem is? &nbsp;Note that the server itself is also configured as a client and I have no trouble with authentication on it.<br>
&gt; <br>
&gt; On a related note, I'd like to setup the Win2K box as an additional server. &nbsp;Currently I am unable to do so (because I can't authenticate as admin). &nbsp;Are there any potential issues related to mixing different server versions?<br>
<br>
-- <br>
 &nbsp; &nbsp; &nbsp; Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory<br>
 &nbsp; &nbsp; &nbsp; Member, MIT Student Information Processing Board &nbsp;(SIPB)<br>
 &nbsp; &nbsp; &nbsp; URL: http://web.mit.edu/warlord/ &nbsp; &nbsp;PP-ASEL-IA &nbsp; &nbsp; N1NWH<br>
 &nbsp; &nbsp; &nbsp; warlord@MIT.EDU &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;PGP key available<br>
_______________________________________________<br>
OpenAFS-info mailing list<br>
OpenAFS-info@openafs.org<br>
https://lists.openafs.org/mailman/listinfo/openafs-info<br>
</tt></font>
<br>
--=_alternative 006BDDE985256BDC_=--