[OpenAFS] Windows 2000/XP AFS client

Jeffrey Altman jaltman@columbia.edu
Mon, 01 Dec 2003 15:53:17 -0500


This is a cryptographically signed message in MIME format.

--------------ms040600060904000007020907
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Why do you think the AFS Client Service is not running?  The logs shows 
that it is.

Microsoft Kerberos 5 LSA credentials are not used by OpenAFS.  In fact, 
OpenAFS does not
use Kerberos 5 at all.  If you wish to use Kerberos 5 to obtain AFS 
tokens you must use
Kerberos for Windows and/or other third party tools.

MIT Kerberos for Windows can be obtained from http://web.mit.edu/kerberos/
Add a shortcut to "leash32.exe -autoinit" in your Startup folder.

Jeffrey Altman



Roman Rozinov wrote:

>Jeffrey,
>I am not very proficient with afsd_init.log notation, however when I
>logged on to kerberos realm, and saw that there are no tokens obtained.
>I attempted to obtain tokens manually.  
>The following log was generated by afsd_init.log  (sorry for the
>spamming length):
>1:24:24 PM: Create log file
>1:24:24 PM: Created log file
>1:24:24 PM: osi_InitDebug code 0
>1:24:24 PM: gethostname ittsta04
>1:24:24 PM: Default LAN adapter number
>1:24:24 PM: Default cache size 20480
>1:24:24 PM: Default chunk size 15
>1:24:24 PM: Defaulting to 2 background daemons
>1:24:24 PM: Defaulting to 4 server threads
>1:24:24 PM: Default status cache size 1000
>1:24:24 PM: Logoff token transfer on by default
>1:24:24 PM: Default logoff token transfer timeout 10 seconds
>1:24:24 PM: Default root volume name root.afs
>1:24:24 PM: Default cache path C:\AFSCache
>1:24:24 PM: Set for stand-alone service
>1:24:24 PM: Session startups will be recorded in the Event Log
>1:24:24 PM: Default trace buffer size 5000
>1:24:24 PM: Default sys name i386_nt40
>1:24:24 PM: Default SecurityLevel is clear
>1:24:24 PM: Default to use DNS to find AFS cell servers
>1:24:24 PM: osi_LogCreate log addr 2f4210
>1:24:24 PM: First Network address 81db09f8 SubnetMask ffffffc0
>1:24:24 PM: rx_Init code 0
>1:24:24 PM: rx_NewService addr 2f7e40
>1:24:24 PM: rx_NewService addr 2f88c8
>1:24:24 PM: rx_StartServer
>1:24:24 PM: RPC server listening
>1:24:24 PM: cm_InitDCache code 0
>1:24:24 PM: cm_InitDNS 0
>1:24:24 PM: cm_GetRootCellName code 0 rcn asu.edu
>1:24:24 PM: cm_GetCell addr de2c48
>1:24:24 PM: cm_GetVolumeByName code 0 root vol de2eb8
>1:24:24 PM: cm_GetSCache code 0 scache 2fa628
>1:24:24 PM: cm_InitDaemon
>1:24:24 PM: Netbios NCBRESET lana 0 succeeded
>1:24:24 PM: Netbios NCBADDNAME lana=0 code=0 retcode=0 complete=0
>1:24:24 PM: Netbios NCBADDNAME added new name >ITTSTA04-AFS    <
>1:24:24 PM: smb_Init 
>
>The windows event log does contain one entry that seems to happen
>periodically regardless whether I log on to kerberos realm, or log on
>locally and do obtain AFS tokens.  Event says that the description for
>Event ID 1004 in Source (AFS Client) cannot be found et... The following
>information is part of the event: SMB session startup, 0 ongoing ops.
>
>I am bit clueless as to which way to proceed.  When I do log on to the
>realm, I get the right V5 TGT ticket, not sure how to troubleshoot
>whether that ticket is used by AFS.
>
>Thank you in advance.
>
>~ Roman Rozinov
>
>-----Original Message-----
>From: Jeffrey Altman [mailto:jaltman@columbia.edu] 
>Sent: Monday, December 01, 2003 10:43 AM
>To: Roman Rozinov
>Cc: openafs-info@openafs.org
>Subject: Re: [OpenAFS] Windows 2000/XP AFS client
>
>what does \WINDOWS\afsd_init.log report?
>
>do you have windows event logging turned on?  what is logged to the
>event log?
>
>openafs 1.2.10 and 1.3.5x both work on XP w/SP1 and all additional
>patches
>
>Jeffrey Altman
>
>
>Roman Rozinov wrote:
>
>  
>
>>Dear openAFS forum members,
>>Our network environment contains a Kerberos realm and AFS servers.  
>>Our servers are set up to allow clients to authenticate via V5 tickets
>>    
>>
>
>  
>
>>obtained from Kerberos realm (krb524).
>>
>>My problem is that when a client workstation (Windows 2000 SP2/SP3/SP4
>>    
>>
>
>  
>
>>or XP w/ SP1) is logged on to the realm, the AFS client (I've tried 
>>IBM and openAFS 1.2.X) ceases to function entirely (it prompts with a 
>>general error specifying that service may not be started).  I've 
>>attempted numerous option by turning off integrated log in and trying 
>>to obtain cells manually all unsuccessfully.
>>
>>My only success was using Windows XP client (w/o SP1).
>>If this is a systematic issue, I wanted to consult and seek some 
>>assistance or any additional resources.  So far, I've looked to MIT 
>>and UNCC pages and their utilities but they would not help.
>>
>>Anyone experienced similarities using cross-domain authentication?
>>
>>*________*
>>
>>*Roman Rozinov*
>>Technology Support Analyst
>>Desktop Systems Technology, Information Technology Arizona State 
>>University rroman@asu.edu_ __<__http://www.asu.edu/it/__>_
>>
>>
>>
>>    
>>
>_______________________________________________
>OpenAFS-info mailing list
>OpenAFS-info@openafs.org
>https://lists.openafs.org/mailman/listinfo/openafs-info
>  
>

--------------ms040600060904000007020907
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJUDCC
AwYwggJvoAMCAQICAwpxijANBgkqhkiG9w0BAQQFADCBkjELMAkGA1UEBhMCWkExFTATBgNV
BAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMQ8wDQYDVQQKEwZUaGF3dGUx
HTAbBgNVBAsTFENlcnRpZmljYXRlIFNlcnZpY2VzMSgwJgYDVQQDEx9QZXJzb25hbCBGcmVl
bWFpbCBSU0EgMjAwMC44LjMwMB4XDTAzMDczMDAyMDkyOFoXDTA0MDcyOTAyMDkyOFowRjEf
MB0GA1UEAxMWVGhhd3RlIEZyZWVtYWlsIE1lbWJlcjEjMCEGCSqGSIb3DQEJARYUamFsdG1h
bkBjb2x1bWJpYS5lZHUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBtDG6ZyGA
sK+rZOfKPKGBn6oCTLYSLk/mpeX9QTmTG71qh308KUeN35qqoRXjLvscfw6NPOYXiuxE/RqL
sx7WKEnK3C4gzzpioCTX1b7o4M7YbpvCRBFPE9Jgsd0yz2EN+mk/pPuK1GP+iQNot2m4A56A
aPe6F5T25GqffU535GNIdAtWPao6wHcOm17se25ny/TNzb9mlA4UzYl9XP7MF1fkpJyaDDAy
DNNTSSjxBdPVs2EaYq1p/xadXbIpysQiySXAxoeiZusgJopRHLcBsBmmY9QVD4QnUqZVmfJ5
f1CiNri5vlexKCmdFSrxMLuoLr4EQZCECdusp6ZnIt75AgMBAAGjMTAvMB8GA1UdEQQYMBaB
FGphbHRtYW5AY29sdW1iaWEuZWR1MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEEBQADgYEA
DPKe/CuAgEUxsrPskJQx2fL6soAEG2iqrqOGIRREHDaXWDBNMEWEbOEMLvh3+yhqHOUc9x3r
2IfsP/XHnujaqsMVXLagokVTnpPN675wv8LZ8hLHblLnykaTCq6RZpVskh2iAiJwpYMcKNF6
jyYaQyGHBGT3PK8uVGVCG4Pp9k4wggMGMIICb6ADAgECAgMKcYowDQYJKoZIhvcNAQEEBQAw
gZIxCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUg
VG93bjEPMA0GA1UEChMGVGhhd3RlMR0wGwYDVQQLExRDZXJ0aWZpY2F0ZSBTZXJ2aWNlczEo
MCYGA1UEAxMfUGVyc29uYWwgRnJlZW1haWwgUlNBIDIwMDAuOC4zMDAeFw0wMzA3MzAwMjA5
MjhaFw0wNDA3MjkwMjA5MjhaMEYxHzAdBgNVBAMTFlRoYXd0ZSBGcmVlbWFpbCBNZW1iZXIx
IzAhBgkqhkiG9w0BCQEWFGphbHRtYW5AY29sdW1iaWEuZWR1MIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAwbQxumchgLCvq2TnyjyhgZ+qAky2Ei5P5qXl/UE5kxu9aod9PClH
jd+aqqEV4y77HH8OjTzmF4rsRP0ai7Me1ihJytwuIM86YqAk19W+6ODO2G6bwkQRTxPSYLHd
Ms9hDfppP6T7itRj/okDaLdpuAOegGj3uheU9uRqn31Od+RjSHQLVj2qOsB3Dpte7HtuZ8v0
zc2/ZpQOFM2JfVz+zBdX5KScmgwwMgzTU0ko8QXT1bNhGmKtaf8WnV2yKcrEIsklwMaHombr
ICaKURy3AbAZpmPUFQ+EJ1KmVZnyeX9Qoja4ub5XsSgpnRUq8TC7qC6+BEGQhAnbrKemZyLe
+QIDAQABozEwLzAfBgNVHREEGDAWgRRqYWx0bWFuQGNvbHVtYmlhLmVkdTAMBgNVHRMBAf8E
AjAAMA0GCSqGSIb3DQEBBAUAA4GBAAzynvwrgIBFMbKz7JCUMdny+rKABBtoqq6jhiEURBw2
l1gwTTBFhGzhDC74d/soahzlHPcd69iH7D/1x57o2qrDFVy2oKJFU56Tzeu+cL/C2fISx25S
58pGkwqukWaVbJIdogIicKWDHCjReo8mGkMhhwRk9zyvLlRlQhuD6fZOMIIDODCCAqGgAwIB
AgIQZkVyt8x09c9jdkWE0C6RATANBgkqhkiG9w0BAQQFADCB0TELMAkGA1UEBhMCWkExFTAT
BgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMRowGAYDVQQKExFUaGF3
dGUgQ29uc3VsdGluZzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lv
bjEkMCIGA1UEAxMbVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIENBMSswKQYJKoZIhvcNAQkB
FhxwZXJzb25hbC1mcmVlbWFpbEB0aGF3dGUuY29tMB4XDTAwMDgzMDAwMDAwMFoXDTA0MDgy
NzIzNTk1OVowgZIxCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNV
BAcTCUNhcGUgVG93bjEPMA0GA1UEChMGVGhhd3RlMR0wGwYDVQQLExRDZXJ0aWZpY2F0ZSBT
ZXJ2aWNlczEoMCYGA1UEAxMfUGVyc29uYWwgRnJlZW1haWwgUlNBIDIwMDAuOC4zMDCBnzAN
BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA3jMypmPHCSVFPtJueCdngcXaiBmClw7jRCmKYzUq
bXA8+tyu9+50bzC8M5B/+TRxoKNtmPHDT6Jl2w36S/HW3WGl+YXNVZo1Gp2Sdagnrthy+boC
9tewkd4c6avgGAOofENCUFGHgzzwObSbVIoTh/+zm51JZgAtCYnslGvpoWkCAwEAAaNOMEww
KQYDVR0RBCIwIKQeMBwxGjAYBgNVBAMTEVByaXZhdGVMYWJlbDEtMjk3MBIGA1UdEwEB/wQI
MAYBAf8CAQAwCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBBAUAA4GBADGxS0dd+QFx5fVTbF15
1j2YwCYTYoEipxL4IpXoG0m3J3sEObr85vIk65H6vewNKjj3UFWobPcNrUwbvAP0teuiR59s
ogxYjTFCCRFssBpp0SsSskBdavl50OouJd2K5PzbDR+dAvNa28o89kTqJmmHf0iezqWf54TY
yWJirQXGMYID1TCCA9ECAQEwgZowgZIxCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJu
IENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEPMA0GA1UEChMGVGhhd3RlMR0wGwYDVQQLExRD
ZXJ0aWZpY2F0ZSBTZXJ2aWNlczEoMCYGA1UEAxMfUGVyc29uYWwgRnJlZW1haWwgUlNBIDIw
MDAuOC4zMAIDCnGKMAkGBSsOAwIaBQCgggIPMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEw
HAYJKoZIhvcNAQkFMQ8XDTAzMTIwMTIwNTMxN1owIwYJKoZIhvcNAQkEMRYEFBJtLR/V45iy
GgYa9xXPlgeG0lKlMFIGCSqGSIb3DQEJDzFFMEMwCgYIKoZIhvcNAwcwDgYIKoZIhvcNAwIC
AgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMCAgEoMIGrBgkrBgEEAYI3
EAQxgZ0wgZowgZIxCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNV
BAcTCUNhcGUgVG93bjEPMA0GA1UEChMGVGhhd3RlMR0wGwYDVQQLExRDZXJ0aWZpY2F0ZSBT
ZXJ2aWNlczEoMCYGA1UEAxMfUGVyc29uYWwgRnJlZW1haWwgUlNBIDIwMDAuOC4zMAIDCnGK
MIGtBgsqhkiG9w0BCRACCzGBnaCBmjCBkjELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rl
cm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMQ8wDQYDVQQKEwZUaGF3dGUxHTAbBgNVBAsT
FENlcnRpZmljYXRlIFNlcnZpY2VzMSgwJgYDVQQDEx9QZXJzb25hbCBGcmVlbWFpbCBSU0Eg
MjAwMC44LjMwAgMKcYowDQYJKoZIhvcNAQEBBQAEggEAa8AC+Fj1/XjG8/8mck2AxEGA9CZ2
472t4XmsyPAK4lF2WloTX3tiGHaBc9VzwdppFfVm/Iib6KKWBvLuPJ+fmV9IxpFo2Dlay+Nu
DukpAx84p9wNpgBVFpTtbHSfRuuZIoAs3egXhpICi7dUDHxP2NT4qvmxgN7Rci9FTngFq7k6
rH0gV4aAXSHnSJwZgiv980GdFbjSEuXeHGcikASYT2waC/CHVEGkk8F/ZtUWS9Vi/vlLdxiX
z/PgXUXqEx4eKspxnf27BnDDiFez8/CAE7wl2VkR2/+mXiyTj59AYvsQL99JALZ8evJVza33
6M6Q9Rbc98ZrcRwmgDJi0WDQbgAAAAAAAA==
--------------ms040600060904000007020907--