[OpenAFS] OpenAFS client

Jeffrey Altman jaltman@columbia.edu
Mon, 19 Jul 2004 09:04:06 -0400


This is a cryptographically signed message in MIME format.

--------------ms080509020903090307080507
Content-Type: multipart/alternative;
 boundary="------------070009010300010907080403"

This is a multi-part message in MIME format.
--------------070009010300010907080403
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

Ron Croonenberg wrote:

>Hello,
>
>I have a new OpenAFS server running, and it seems to be working when I connect
>to the server using the OpenAFS client on Linux.
>
>However when I use the OpenAFS client on windows XP things don't seem to work.
>
>So I figured something is wrong with the client on the windows machine, however
>when I connect to an older  OpenAFS server we have running everything seems to
>be working ok. Might the problem be that the windows version of the client
>allows me to connect to one OpenAFS server ...but when I try to connect to
>another one, things go wrong ? (I changed all the settings for the new OpenAFS
>server).
>
>Is there a way to figure out what goes/went wrong when connecting to that new
>cell I built ?
>
>thanks,
>
>Ron
>
>  
>
Your descriptions of problems are simply too vague to provide much 
assistance. 

When installed with the default settings, OpenAFS for Windows uses 
Freelance mode (dynamic roots) and
therefore the "default cell" is mostly meaningless.  The first time the 
cell is accessed a dynamic mount point
will be created for the cell.  Or you can manually create mount points 
using the "fs mkmount" command.

Switching between cells is therefore unnecessary.  Just make sure your 
CellServDB entries are available OR the AFSDB DNS records are published.

How do you have the Windows client configured?  The last section of 
output from %WINDIR%\TEMP\afsd_init.log would do to describe this?

Is the following a good summary of your problem?

    You installed OpenAFS for Windows 1.3.65 with all of the defaults
    except that you downloaded a custom CellServDB file containing your
    cell info/ /and specified your.old.cellname as your default cell.  
    Under this configuration everything works fine.  You are able to
    access the cell, obtain tokens, etc.

    Now you just installed a new cell.  You modified the default cell
    name and added new cell server info to CellServDB.  No other changes
    to the OpenAFS for Windows configuration.   You are no longer able
    to obtain tokens.

If so, the questions which come mind are:

    * which version of OpenAFS for Windows?
    * is KFW installed?  if so, you are using Kerberos 5 for
      authentication.  Does your new cell have a Kerberos 5 server and
      did you update your Kerberos 5 configuration or DNS SRV records to
      allow KFW to obtain tickets. 
    * if KFW is not installed, you are using Kerberos 4 over UDP via the
      built-in Kerberos 4 kauth library.  This assumes the KDC is
      running on the same machines as the AFS servers listed in the
      CellServDB file.  (ie, kaserver).  Is this in fact running?
    * Are you able to contact the cell unauthenticated?
    * What does "DIR \\afs\cellname" report?
    * What does "fs listcells" report?  "fs checkservers"?
    * What about "vos examine root.afs <cellname>"?

Certainly provide more details will help. 

Jeffrey Altman


--------------070009010300010907080403
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
  <title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
Ron Croonenberg wrote:<br>
<blockquote cite="mid20040719.000B68DA@4x4-cowboy" type="cite">
  <pre wrap="">Hello,

I have a new OpenAFS server running, and it seems to be working when I connect
to the server using the OpenAFS client on Linux.

However when I use the OpenAFS client on windows XP things don't seem to work.

So I figured something is wrong with the client on the windows machine, however
when I connect to an older  OpenAFS server we have running everything seems to
be working ok. Might the problem be that the windows version of the client
allows me to connect to one OpenAFS server ...but when I try to connect to
another one, things go wrong ? (I changed all the settings for the new OpenAFS
server).

Is there a way to figure out what goes/went wrong when connecting to that new
cell I built ?

thanks,

Ron

  </pre>
</blockquote>
Your descriptions of problems are simply too vague to provide much
assistance.&nbsp; <br>
<br>
When installed with the default settings, OpenAFS for Windows uses
Freelance mode (dynamic roots) and<br>
therefore the "default cell" is mostly meaningless.&nbsp; The first time the
cell is accessed a dynamic mount point<br>
will be created for the cell.&nbsp; Or you can manually create mount points
using the "fs mkmount" command.<br>
<br>
Switching between cells is therefore unnecessary.&nbsp; Just make sure your
CellServDB entries are available OR the AFSDB DNS records are published.<br>
<br>
How do you have the Windows client configured?&nbsp; The last section of
output from %WINDIR%\TEMP\afsd_init.log would do to describe this?<br>
<br>
Is the following a good summary of your problem?<br>
<blockquote>You installed OpenAFS for Windows 1.3.65 with all of the
defaults except that you downloaded a custom CellServDB file containing
your cell info<span style="font-size: 10pt; font-family: Verdana;"><i> </i>and
specified your.old.cellname as your default cell.&nbsp;&nbsp; Under this
configuration everything works fine.&nbsp; You are able to access the cell,
obtain tokens, etc.<br>
  <br>
Now you just installed a new cell.&nbsp; You modified the default cell name
and added new cell server info to CellServDB.&nbsp; No other changes to the
OpenAFS for Windows configuration.&nbsp;&nbsp; You are no longer able to obtain
tokens.<br>
  </span></blockquote>
If so, the questions which come mind are: <br>
<ul>
  <li>which version of OpenAFS for Windows?<br>
  </li>
  <li>is KFW installed?&nbsp; if so, you are using Kerberos 5 for
authentication.&nbsp; Does your new cell have a Kerberos 5 server and did
you update your Kerberos 5 configuration or DNS SRV records to allow
KFW to obtain tickets.&nbsp; <br>
  </li>
  <li>if KFW is not installed, you are using Kerberos 4 over UDP via
the built-in Kerberos 4 kauth library.&nbsp; This assumes the KDC is running
on the same machines as the AFS servers listed in the CellServDB file.&nbsp;
(ie, kaserver).&nbsp; Is this in fact running?</li>
  <li>Are you able to contact the cell unauthenticated?</li>
  <li>What does "DIR \\afs\cellname" report?</li>
  <li>What does "fs listcells" report?&nbsp; "fs checkservers"?</li>
  <li>What about "vos examine root.afs &lt;cellname&gt;"?</li>
</ul>
Certainly provide more details will help.&nbsp; <br>
<br>
Jeffrey Altman<br>
<br>
<span style="font-size: 10pt; font-family: Verdana;"></span>
</body>
</html>

--------------070009010300010907080403--

--------------ms080509020903090307080507
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJPzCC
AvowggJjoAMCAQICAwxk8TANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJaQTElMCMGA1UE
ChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNv
bmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EwHhcNMDQwNTI3MTc1ODU4WhcNMDUwNTI3MTc1ODU4
WjBrMQ8wDQYDVQQEEwZBbHRtYW4xFTATBgNVBCoTDEplZmZyZXkgRXJpYzEcMBoGA1UEAxMT
SmVmZnJleSBFcmljIEFsdG1hbjEjMCEGCSqGSIb3DQEJARYUamFsdG1hbkBjb2x1bWJpYS5l
ZHUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDc3JqO5AsZrozd+mJ2mPuCTYo2
+nJ9Qq6jtUYtp7YTMW4d2Q6GLhNaHb1l9m74SxuY4f5vP6JtZjr6p9+LCCxD0w0NVLKRgUDp
z+tKFitbkJe9BSCxCURRvY3vdWA71gSCUvZAN3346hHb4oGVqgdpmfFJXYAHWpC46wiL72N9
WxySzY17/0eU0c8+r9dNoLpPQeL43O66O80jCl1qnXMaXaakZPsfm+5W90MYXhpQ1WIQpv02
lBn3BH5YE8xwbsNrw5AF4v7pjMuW85GI6FrDmfbpJX473Rpl5rmv3TpXkJ+7UsIIO1puyS8r
1o7kjDZ5EUYJxxglTGR6XL/RNzqHAgMBAAGjMTAvMB8GA1UdEQQYMBaBFGphbHRtYW5AY29s
dW1iaWEuZWR1MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEEBQADgYEAZYeVFCMP0iV+UVa0
eFoXkzMVl61CNAVY2YQ9/QQazO3G4qNiif35ArrnjPRDRj5M7WTeOCFqPVuvCttyJRiDKsEe
L4Yah22mRA3mR7x52j2FquPYZ9qCr1IhrNGzsMk+gopX5G0fTHZb6+uDu5SeMPNNcIznGA7M
CMpXAJ2PcKgwggL6MIICY6ADAgECAgMMZPEwDQYJKoZIhvcNAQEEBQAwYjELMAkGA1UEBhMC
WkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1Ro
YXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBMB4XDTA0MDUyNzE3NTg1OFoXDTA1
MDUyNzE3NTg1OFowazEPMA0GA1UEBBMGQWx0bWFuMRUwEwYDVQQqEwxKZWZmcmV5IEVyaWMx
HDAaBgNVBAMTE0plZmZyZXkgRXJpYyBBbHRtYW4xIzAhBgkqhkiG9w0BCQEWFGphbHRtYW5A
Y29sdW1iaWEuZWR1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3NyajuQLGa6M
3fpidpj7gk2KNvpyfUKuo7VGLae2EzFuHdkOhi4TWh29ZfZu+EsbmOH+bz+ibWY6+qffiwgs
Q9MNDVSykYFA6c/rShYrW5CXvQUgsQlEUb2N73VgO9YEglL2QDd9+OoR2+KBlaoHaZnxSV2A
B1qQuOsIi+9jfVscks2Ne/9HlNHPPq/XTaC6T0Hi+NzuujvNIwpdap1zGl2mpGT7H5vuVvdD
GF4aUNViEKb9NpQZ9wR+WBPMcG7Da8OQBeL+6YzLlvORiOhaw5n26SV+O90aZea5r906V5Cf
u1LCCDtabskvK9aO5Iw2eRFGCccYJUxkely/0Tc6hwIDAQABozEwLzAfBgNVHREEGDAWgRRq
YWx0bWFuQGNvbHVtYmlhLmVkdTAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBBAUAA4GBAGWH
lRQjD9IlflFWtHhaF5MzFZetQjQFWNmEPf0EGsztxuKjYon9+QK654z0Q0Y+TO1k3jghaj1b
rwrbciUYgyrBHi+GGodtpkQN5ke8edo9harj2Gfagq9SIazRs7DJPoKKV+RtH0x2W+vrg7uU
njDzTXCM5xgOzAjKVwCdj3CoMIIDPzCCAqigAwIBAgIBDTANBgkqhkiG9w0BAQUFADCB0TEL
MAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2FwZSBUb3du
MRowGAYDVQQKExFUaGF3dGUgQ29uc3VsdGluZzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBT
ZXJ2aWNlcyBEaXZpc2lvbjEkMCIGA1UEAxMbVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIENB
MSswKQYJKoZIhvcNAQkBFhxwZXJzb25hbC1mcmVlbWFpbEB0aGF3dGUuY29tMB4XDTAzMDcx
NzAwMDAwMFoXDTEzMDcxNjIzNTk1OVowYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0
ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVl
bWFpbCBJc3N1aW5nIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEpjxVc1X7TrnK
mVoeaMB1BHCd3+n/ox7svc31W/Iadr1/DDph8r9RzgHU5VAKMNcCY1osiRVwjt3J8CuFWqo/
cVbLrzwLB+fxH5E2JCoTzyvV84J3PQO+K/67GD4Hv0CAAmTXp6a7n2XRxSpUhQ9IBH+nttE8
YQRAHmQZcmC3+wIDAQABo4GUMIGRMBIGA1UdEwEB/wQIMAYBAf8CAQAwQwYDVR0fBDwwOjA4
oDagNIYyaHR0cDovL2NybC50aGF3dGUuY29tL1RoYXd0ZVBlcnNvbmFsRnJlZW1haWxDQS5j
cmwwCwYDVR0PBAQDAgEGMCkGA1UdEQQiMCCkHjAcMRowGAYDVQQDExFQcml2YXRlTGFiZWwy
LTEzODANBgkqhkiG9w0BAQUFAAOBgQBIjNFQg+oLLswNo2asZw9/r6y+whehQ5aUnX9MIbj4
Nh+qLZ82L8D0HFAgk3A8/a3hYWLD2ToZfoSxmRsAxRoLgnSeJVCUYsfbJ3FXJY3dqZw5jowg
T2Vfldr394fWxghOrvbqNOUQGls1TXfjViF4gtwhGTXeJLHTHUb/XV9lTzGCAzswggM3AgEB
MGkwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0
ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBAgMMZPEw
CQYFKw4DAhoFAKCCAacwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUx
DxcNMDQwNzE5MTMwNDA2WjAjBgkqhkiG9w0BCQQxFgQUP3Ig+LIxp0UZQLxgRZkXPHqcgRcw
UgYJKoZIhvcNAQkPMUUwQzAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcN
AwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgweAYJKwYBBAGCNxAEMWswaTBiMQswCQYD
VQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UE
AxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0ECAwxk8TB6BgsqhkiG9w0B
CRACCzFroGkwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQ
dHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENB
AgMMZPEwDQYJKoZIhvcNAQEBBQAEggEAvEs3nJjrHhI34PBXP4Nm86bWP/blU7MQ6tDlXuqn
Ygxe5xQK6eOmAOR/sY//KdPt5fF6bL6KDPU/A4o5Lwa4963kYwHxchvAOFRsIYMpGtZtEdmp
+1AKRHw5KaA1N3NASWicQ20eMmq++WRHdi7uQg2CH+lv4li+1SldPCsmujTYvoLakT0D+nMI
HopwXGkLDdcpVUENWLJUWSIf3CPj/lU1E6YmzV7zkNbPmdSHm7Bs7w9077VbApoy2rDT+V+3
G/N01PqOdiJ+FqIQWtY1Tu0Xf4cI+hmfQ0c68BrtyyIucYBoyGf+/y1lngtV37JyMaSKIOT6
9U4UFNxdnug1KQAAAAAAAA==
--------------ms080509020903090307080507--