[OpenAFS] Windoze NT Client can't obtain new token

Hamish Marson hamish@travellingkiwi.com
Mon, 03 Feb 2003 16:34:09 +0000 

Hamish Marson wrote:

> Paul Blackburn wrote:
>
>> Hamish Marson wrote:
>>
>>> I have an existing AFS (IBM's AFS 1.2.4) cell that I'm trying to get 
>>> my (Shudder) windoze NT desktop to use. I've installed the AFS 
>>> client on the windoze box, and it can mount the afs root volume on 
>>> z:, but when I try to authenticate ta the PC and get a token, I get 
>>> (Afetr a long pause)
>>>
>>> The AFS client was unable to obtain tokens as <user> in cell <cellname>
>>>
>>> Error: 56 (Authentication Server was unavailable).
>>>
>>> Using tcpdump on the database server with kaserver running on it, I 
>>> see packets incoming to port 750... And nothing is listening on 
>>> there... Authentication works fine from all my Unix hosts... So I'm 
>>> a wee bit confused as to why windoze need to talk to my db server on 
>>> port 750 while my Unix hosts don't...
>>>
>>> Looking on the archives (No search avail?) I found one thread from 
>>> last month that looked similiar, but it was a firewall problem, and 
>>> doesn't look exactly like mine... Anyone got any ideas?
>>>
>> Hello Hamish,
>>
>> IIRC, you need to edit /etc/services on your (AIX) database server(s).
>> Ours has:
>>
>> #rfile          750/tcp
>> #loadav         750/udp
>> kerberos        750/tcp
>> kerberos        750/udp
>>
>> HTH.
>> -- 
>> cheers
>> paul                           http://acm.org/~mpb
>>
>>
> I already have kerberos in there though... It comes as standard on AIX 
> for port 88 (e.g.
>
> kerberos        88/tcp                          # Kerberos
> kerberos        88/udp                          # Kerberos
> kerberos-adm    749/tcp                         # kerberos administration
> kerberos-adm    749/udp                         # kerberos administration
> kerberos5               88/udp  kdc
>
>
> It's the same on my linux box, although I have an extra line on my 
> Mandrake system
>
> kerberos-iv     750/udp    kerberos version iv
>
>
>
> So do I need to add 750 in addition to 88 (Does kaserver understand 
> multiple udp ports?) or add it as kerberos-iv, or something else?
>
> H
>
>
And a little playing later I discover that moving the kerberos 88/udp 
entry to kerberos 750/udp means that kaserver listens on BOTH ports, as 
it opens 88/udp for kerberos5 anyway....


Many thanks Paul


Hamish.


-- 

I don't suffer from Insanity... 	| Linux User #16396
	I enjoy every minute of it...	|
					|
http://www.travellingkiwi.com/		|