[OpenAFS] Unable to authenticate from remote linux PC
Derek Atkins
warlord@MIT.EDU
14 Jan 2003 18:27:17 -0500
Run a tcpdump on your side and also at the server and see what packets
are being seen and what is not being seen.
Then modify your firewall rules appropriately.
-derek
Francisco Yumiceva <yumiceva@sc.edu> writes:
> Hi,
>
> The firewall people from my university claims that all the ports that I
> need for afs are opened but I still cannot get a token from any computer
> outside my university (from home and from other institutions).
>
> The firewall also don't allow to ping IPs in any direction. Can this
> rule be a problem? I remember to see some change about the fileserver to
> use pings to allocate threats.
>
> How can I trace down my problem? Is there some log file that I can check
> to get more clues.
>
> Thanks,
> Francisco
>
> > I meant "remote linux PCs".
> >
> > > When you say "remote PC" are you coming from a remote Unix machine or a PC
> > > running Windows? If it's the latter, you will also need to open up port
> > > 88 UDP if you're using the Windows NT/2000/XP client, and port 750 UDP if
> > > you're running the Windows 9x client. (These are Kerberos ports.)
> >
> > The log file has messages like this:
> >
> > Jan 13 17:32:29 localhost kernel: afs: Lost contact with volume location
> > server
> > 129.252.78.77 in cell hep.sc.edu
> >
> > The ports seems to be open so I don't know what is the problem.
> >
> > Francisco
> >
> > > On Mon, Jan 13, 2003 at 06:32:58PM -0500, Francisco Yumiceva wrote:
> > > > Hi,
> > > >
> > > > I can see from outside the university (from home) these ports:
> > > >
> > > > 7000/udp open afs3-fileserver
> > > > 7001/udp open afs3-callback
> > > > 7002/udp open afs3-prserver
> > > > 7003/udp open afs3-vlserver
> > > > 7004/udp open afs3-kaserver
> > > > 7005/udp open afs3-volser
> > > > 7007/udp open afs3-bos
> > > >
> > > > 1024/udp open unknown
> > > > 1025/udp open
> > > > 1028/udp open ms-lsa
> > > > 1030/udp open iad1
> > > > 1031/udp open iad2
> > > > 1032/udp open
> > > > ... and more ports...
> > > >
> > > > so why I still get:
> > > > Unable to authenticate to AFS because Authentication Server was
> > > > unavailable.
> > > >
> > > > What is wrong?
> > > >
> > > > Francisco
> --
> _________________________________________________
> Francisco Yumiceva
> High Energy Group - Dept. of Physics & Astronomy
> University of South Carolina
> phone: 803.7771438
>
> http://www.slac.stanford.edu/~yumiceva
> _________________________________________________
>
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord@MIT.EDU PGP key available