[OpenAFS] Windows 2000/XP AFS client

Roman Rozinov rroman@asu.edu
Mon, 01 Dec 2003 16:30:38 -0700 

Jeff,
The problem that I got is after I log in to the realm and try to get a
token, I get a dialog box with error 11862791. From
http://www.central.org/pages/numbers/et/KTC.html, I started speculating
that something internally in AFS is not working.

Using Leash32, if I script -autoinit, I only have V5 ticket in the
credentials. Running aklog (MIT's) gives me no ticket file error.
Alternatively, I ran Leash32 and instructed to initialize tickets, I
received both V5 and V4 tickets.  Running aklog in this instance
produced the error that I just described earlier.

Any ideas how to debug that error?

~ Roman Rozinov

-----Original Message-----
From: Jeffrey Altman [mailto:jaltman@columbia.edu]=20
Sent: Monday, December 01, 2003 1:53 PM
To: Roman Rozinov
Cc: openafs-info@openafs.org
Subject: Re: [OpenAFS] Windows 2000/XP AFS client

Why do you think the AFS Client Service is not running?  The logs shows
that it is.

Microsoft Kerberos 5 LSA credentials are not used by OpenAFS.  In fact,
OpenAFS does not use Kerberos 5 at all.  If you wish to use Kerberos 5
to obtain AFS tokens you must use Kerberos for Windows and/or other
third party tools.

MIT Kerberos for Windows can be obtained from
http://web.mit.edu/kerberos/ Add a shortcut to "leash32.exe -autoinit"
in your Startup folder.

Jeffrey Altman



Roman Rozinov wrote:

>Jeffrey,
>I am not very proficient with afsd_init.log notation, however when I=20
>logged on to kerberos realm, and saw that there are no tokens obtained.
>I attempted to obtain tokens manually. =20
>The following log was generated by afsd_init.log  (sorry for the=20
>spamming length):
>1:24:24 PM: Create log file
>1:24:24 PM: Created log file
>1:24:24 PM: osi_InitDebug code 0
>1:24:24 PM: gethostname ittsta04
>1:24:24 PM: Default LAN adapter number
>1:24:24 PM: Default cache size 20480
>1:24:24 PM: Default chunk size 15
>1:24:24 PM: Defaulting to 2 background daemons
>1:24:24 PM: Defaulting to 4 server threads
>1:24:24 PM: Default status cache size 1000
>1:24:24 PM: Logoff token transfer on by default
>1:24:24 PM: Default logoff token transfer timeout 10 seconds
>1:24:24 PM: Default root volume name root.afs
>1:24:24 PM: Default cache path C:\AFSCache
>1:24:24 PM: Set for stand-alone service
>1:24:24 PM: Session startups will be recorded in the Event Log
>1:24:24 PM: Default trace buffer size 5000
>1:24:24 PM: Default sys name i386_nt40
>1:24:24 PM: Default SecurityLevel is clear
>1:24:24 PM: Default to use DNS to find AFS cell servers
>1:24:24 PM: osi_LogCreate log addr 2f4210
>1:24:24 PM: First Network address 81db09f8 SubnetMask ffffffc0
>1:24:24 PM: rx_Init code 0
>1:24:24 PM: rx_NewService addr 2f7e40
>1:24:24 PM: rx_NewService addr 2f88c8
>1:24:24 PM: rx_StartServer
>1:24:24 PM: RPC server listening
>1:24:24 PM: cm_InitDCache code 0
>1:24:24 PM: cm_InitDNS 0
>1:24:24 PM: cm_GetRootCellName code 0 rcn asu.edu
>1:24:24 PM: cm_GetCell addr de2c48
>1:24:24 PM: cm_GetVolumeByName code 0 root vol de2eb8
>1:24:24 PM: cm_GetSCache code 0 scache 2fa628
>1:24:24 PM: cm_InitDaemon
>1:24:24 PM: Netbios NCBRESET lana 0 succeeded
>1:24:24 PM: Netbios NCBADDNAME lana=3D0 code=3D0 retcode=3D0 =
complete=3D0
>1:24:24 PM: Netbios NCBADDNAME added new name >ITTSTA04-AFS    <
>1:24:24 PM: smb_Init
>
>The windows event log does contain one entry that seems to happen=20
>periodically regardless whether I log on to kerberos realm, or log on=20
>locally and do obtain AFS tokens.  Event says that the description for=20
>Event ID 1004 in Source (AFS Client) cannot be found et... The=20
>following information is part of the event: SMB session startup, 0
ongoing ops.
>
>I am bit clueless as to which way to proceed.  When I do log on to the=20
>realm, I get the right V5 TGT ticket, not sure how to troubleshoot=20
>whether that ticket is used by AFS.
>
>Thank you in advance.
>
>~ Roman Rozinov
>
>-----Original Message-----
>From: Jeffrey Altman [mailto:jaltman@columbia.edu]
>Sent: Monday, December 01, 2003 10:43 AM
>To: Roman Rozinov
>Cc: openafs-info@openafs.org
>Subject: Re: [OpenAFS] Windows 2000/XP AFS client
>
>what does \WINDOWS\afsd_init.log report?
>
>do you have windows event logging turned on?  what is logged to the=20
>event log?
>
>openafs 1.2.10 and 1.3.5x both work on XP w/SP1 and all additional=20
>patches
>
>Jeffrey Altman
>
>
>Roman Rozinov wrote:
>
> =20
>
>>Dear openAFS forum members,
>>Our network environment contains a Kerberos realm and AFS servers. =20
>>Our servers are set up to allow clients to authenticate via V5 tickets
>>   =20
>>
>
> =20
>
>>obtained from Kerberos realm (krb524).
>>
>>My problem is that when a client workstation (Windows 2000 SP2/SP3/SP4
>>   =20
>>
>
> =20
>
>>or XP w/ SP1) is logged on to the realm, the AFS client (I've tried=20
>>IBM and openAFS 1.2.X) ceases to function entirely (it prompts with a=20
>>general error specifying that service may not be started).  I've=20
>>attempted numerous option by turning off integrated log in and trying=20
>>to obtain cells manually all unsuccessfully.
>>
>>My only success was using Windows XP client (w/o SP1).
>>If this is a systematic issue, I wanted to consult and seek some=20
>>assistance or any additional resources.  So far, I've looked to MIT=20
>>and UNCC pages and their utilities but they would not help.
>>
>>Anyone experienced similarities using cross-domain authentication?
>>
>>*________*
>>
>>*Roman Rozinov*
>>Technology Support Analyst
>>Desktop Systems Technology, Information Technology Arizona State=20
>>University rroman@asu.edu_ __<__http://www.asu.edu/it/__>_
>>
>>
>>
>>   =20
>>
>_______________________________________________
>OpenAFS-info mailing list
>OpenAFS-info@openafs.org
>https://lists.openafs.org/mailman/listinfo/openafs-info
> =20
>