[OpenAFS] Help - Failed to load AFS client
Tommy Mann
tmann@black.ils.unc.edu
Mon, 4 Nov 2002 18:18:31 -0500 (EST)
No, it has never worked on this machine. I'm not sure what ports need to
be open in ipchains for openafs to work, but here's what my ipchains file
looks like:
# Firewall configuration written by lokkit
# Manual customization of this file is not recommended.
# Note: ifup-post will punch the current nameservers through the
# firewall; such entries will *not* be listed here.
:input ACCEPT
:forward ACCEPT
:output ACCEPT
-A input -s 0/0 -d 0/0 20 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 21 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 143 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 443 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 993 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 8080 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 8081 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 8082 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 8083 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 8084 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 8085 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 10000 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 22 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 25 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 80 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 -i lo -j ACCEPT
-A input -s 152.2.21.1 53 -d 0/0 -p udp -j ACCEPT
-A input -s 152.2.253.100 53 -d 0/0 -p udp -j ACCEPT
-A input -s 0/0 -d 0/0 -p tcp -y -j REJECT
-A input -s 0/0 -d 0/0 -p udp -j REJECT
I'm not familiar with how to see what's going on in iptables -- I also see
netfilter on this machine and I'm not sure if that's a potential culprit?
Tommy
On 4 Nov 2002, Derek Atkins wrote:
> Tommy Mann <tmann@black.ils.unc.edu> writes:
>
> > I don't think I have a firewall, but I'll have to check to make sure --
> > I'm not the only one with root access on this box. Anyway, I rebooted and
> > while it was rebooting I saw "lost contact with openafs.org" message
> > scroll by about a donzen times before saying something like "Can't mount
> > on afs(22)".
> >
> > I looks, though, that AFS started up correctly after the reboot:
>
> Just because these processes are running does _NOT_ mean that "AFS
> started up correctly". In fact, from the errors you get above I would
> conclude that AFS is definitely _NOT_ running.
>
> > [tmann@black tmann]$ ps -ef | grep afs
> > root 1042 2 0 16:24 ? 00:00:00 [afs_rxlistener]
> > root 1047 2 0 16:24 ? 00:00:00 [afs_callback]
> > root 1049 2 0 16:24 ? 00:00:00 [afs_rxevent]
> > root 1050 2 0 16:24 ? 00:00:00 [afsd]
> > root 1051 2 0 16:24 ? 00:00:00 [afs_checkserver]
> > root 1052 2 0 16:24 ? 00:00:00 [afs_background]
> > root 1053 2 0 16:24 ? 00:00:00 [afs_background]
> > root 1054 2 0 16:24 ? 00:00:00 [afs_background]
> > root 1056 2 0 16:24 ? 00:00:00 [afs_cachetrim]
> >
> > Does all of this look okay? Should there be multiple afs_background
> > processes??
>
> Yes, this looks ok, and yes, there should be multiple background
> processes. However, you're still not getting AFS service.
>
> Has it _ever_ worked on this machine?
>
> Can you check if you have any iptable or ipchain firewall rules that
> may be blocking responses from the servers?
>
> > Thanks again for all the help!
> >
> > Tommy
>
> -derek
>
> >
> >
> > On 4 Nov 2002, Derek Atkins wrote:
> >
> > > Tommy Mann <tmann@black.ils.unc.edu> writes:
> > >
> > > > I haven't yet rebooted (I will reboot around 4pm US East Coast), but now
> > > > that I have openafs.org in ThisCell I don't see anymore "lost contact
> > > > with..." messages. I'm guessing that's because afs isn't running?
> > >
> > > Well, you'll see the messages once and then you'll never see them again...
> > >
> > > > Tried this 'vos examine root.afs -noauth -cell openafs.org' (note: I have
> > > > left ThisCell and CellServDB as the default install contents) and it hung
> > > > indefinitely -- I had to stop the process myself after a few minutes.
> > >
> > > Sounds like you might have a firewall installed. Do you have a "personal
> > > firewall" configured on your Linux box?
> > >
> > > -derek
> > >
> > >
> >
> >
>
>