[OpenAFS] AFS access at home
Steven Jenkins
steven.jenkins@ieee.org
Tue, 24 Jun 2003 14:02:03 -0700
I'm having the same problem Brian Cashman reported earlier with OpenAFS
on a Windows 2k laptop. (I'm actually running IBM AFS 3.6 2.26 with
identical symptoms.)
I tried a few combinations as summarized in the following table:
+----------------------------------------------------------------+
| test | machine | interface | location | login | vpn | result |
|------+---------+-----------+----------+--------+-----+---------|
| 1 | | | | | no | success |
|------| desktop | wired | home | local |-----+---------|
| 2 | | | | | yes | success |
|------+---------+-----------+----------+--------+-----+---------|
| 3 | | | | | no | success |
|------| | | | local |-----+---------|
| 4 | | | | | yes | success |
|------| | | home |--------+-----+---------|
| 5 | | | | | no | failure |
|------| | wired | | domain |-----+---------|
| 6 | | | | | yes | success |
|------| | |----------+--------+-----+---------|
| 7 | | | | | no | success |
|------| | | work | domain |-----+---------|
| 8 | | | | | yes | success |
|------| laptop |-----------+----------+--------+-----+---------|
| 9 | | | | | no | success |
|------| | | | local |-----+---------|
| 10 | | | | | yes | success |
|------| | | home |--------+-----+---------|
| 11 | | | | | no | failure |
|------| | wireless | | domain |-----+---------|
| 12 | | | | | yes | failure |
|------| | |----------+--------+-----+---------|
| 13 | | | | | no | success |
|------| | | work | domain |-----+---------|
| 14 | | | | | yes | success |
+----------------------------------------------------------------+
My home networking is cable through a Linksys BEFW11S4 router/wireless
access point.
"local" vs "domain" refers to logging into a local account on the
machine, or into a Windows domain account at work.
"vpn" refers to a Cisco 5000 client. When "vpn" is "yes" that means I
brought up the VPN tunnel before logging in.
"failure" means I received this message when trying to acquire tokens:
"The AFS Client was unable to obtain tokens as sjenkins in cell
jpl.nasa.gov. Error: 11862791 (AFS service may not have started)". The
AFS service has definitely started.
I do not have "Obtain AFS tokens when logging into Windows enabled".
Tests 5 and 6 seem to indicate that AFS needs to contact the domain
controller to get a token if the user is logged into a domain account.
Is this true, and if so, why? (You can login to a domain account without
a connection to the domain controller. W2k uses cached credentials in a
way I don't understand. But it works.)
I really don't understand Test 12. If 6 works, then 12 ought to work.
I'm certain that Test 12 used to work for me--that was my normal
operating configuration at home. What changed and when is a mystery.
I should also mention that in Tests 3-6 and 9-12, success or failure was
immediate with the VPN on and delayed 10-15 s with it off.
Any clues?
Steve