[OpenAFS] Re: OpenAFS Windows client will not map drives
Sean Caron
caron.sean@gmail.com
Mon, 6 Mar 2006 10:00:28 -0500
------=_Part_7079_10873838.1141657228928
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
OK
i look: only things checked on loopback adaptor AFS are Client for Microsof=
t
Networks,
TCP/IP. Novell client is not bound to loopback adaptor in any way.
(at this point i have to say, it was my error earlier in stating that the
AFS client broke the
Novell client. it just gives this impression because for some reason, it
seems as if it is
necessary to wait around 2-3 minutes at the login prompt before trying to
log in or else
you will get the "Tree or server cannot be found" error. if you wait, it
will eventually work.
but why? i could see this being something that would really confuse and
irritate a user)
so ok, let's proceed.
i have the open afs client set up for monitoring with debugview and filemon=
.
i follow the manual token-getting procedure:
C:\> kinit -5 -V -d scaron
Kerberos 5 is ready
Password for scaron@SPH.UMICH.EDU:
Authenticated to Kerberos v5
C:\> aklog -d
Authenticating to cell sph.umich.edu.
Getting v5 tickets: afs/sph.umich.edu@SPH.UMICH.EDU
Getting v5 tickets: afs@SPH.UMICH.EDU
pioctl temp !=3D 0: 0x66543200
About to resolve name scaron@SPH.UMICH.EDU to id
Id 32766
Set username to scaron@SPH.UMICH.EDU
Getting tokens.
C:\> tokens
Tokens held by the Cache Manager:
User scaron@SPH.UMICH.EDU's tokens for afs@sph.umich.edu [Expires Mar 06
19:15]
pioctl temp !=3D 0: 0x66543218
so it looks like, as i stated earlier, there is no problem in actually
obtaining the tokens from
the server. running nbtstat -n, we obtain, on the loopback adaptor, the
results:
SPH-2002-0892 <00> UNIQUE Registered
SPH <00> UNIQUE Registered
AFS <20> UNIQUE Registered
on the real LAN connection, we have the results:
SPH-2002-0892 <00> UNIQUE Registered
SPH <00> UNIQUE Registered
so the AFS service is uniquely registered on the loopback adaptor, as it
should be.
so now i try and hit up an AFS share using the command: Start->Run
\\afs\sph.umich.edu
i wait maybe, 15-20 seconds and get the message:
"This file does not have a program associated with it for performing this
action. Create an association in the Folder Options control panel"
if i try to set up an actual drive mapping with NET USE, e.g.
NET USE \\afs.sph.umich.edu\user\s\scaron h:
i get the same "System error 67: Network name cannot be found" error.
SO:
i don't see anything that looks glaringly erroneous popping up in debugview=
.
looking in filemonon, i see that explorer.exe is pulling off READ/QUERY
INFORMATION/CLOSE calls to the paths that i want to access correctly. that
is, the result code is SUCCESS. this is the case for \\afs\sph.umich.edu,
\\afs\sph.umich.edu\user\s\scaron, etc. so i would guess that is a good
sign.
i also am seeing that afsd_service.exe keeps trying to find a file,
AFSDHOOK.DLL, that it is not finding. this is unsurprising, since the file
does not exist on the filesystem, nor does it seem to be included in the
installer (i searched through the MSI file looking for it). could the lack
of this file be the cause of the "no program associated with..." errors?
this is feeling more like a problem with how openafs and windows interact
together, rather than a problem with just openafs itself. i think openafs i=
s
mostly acting correctly. it just seems like windows doesnt know how to deal
with it properly.
any suggestions on how to further proceed?
thanks,
sean caron
On 3/3/06, Jeffrey Altman <jaltman@columbia.edu> wrote:
>
> Sean:
>
> On the Loopback adapter, unbind everything but:
>
> * Client for Microsoft Networks
> * Internet Protocol
>
> Using the GUIs is not going to help you here so I advise that you stop
> trying to use them.
>
> Please read the Debugging OpenAFS section of the release notes that
> I pointed you at earlier. Turn on PIOCTL debugging, Trace Logging,
> and obtain a copy of the SysInternals DbgView and FileMon tools.
> After setting everything up as described in the Release Notes execute
> the following commands from the command line:
>
> * kinit <user@REALM>
> * aklog -d
> * tokens
>
> Now if you have any form of connectivity with the AFS SMB Server you
> will have obtained tokens and been able to list them. Otherwise, you
> will have received another copy of the Network Name Not Found error.
>
> At that point, you need to use "nbtstat -n" to list all of the
> registered network names. The following line should appear once
> and only once on the Loopback Adapter:
>
> AFS <20> UNIQUE Registered
>
> There should be no other names on that adapter with type <20>. If
> there are, you will lose. If AFS <20> appears on any other adapter,
> you will lose.
>
> If you have any machine on your network that is adverting the name
> AFS <20>, you will lose.
>
> Jeffrey Altman
>
>
>
> Sean Caron wrote:
> > Thanks for the suggestions so far. What I am doing is: I have a couple
> > of spare machines in my office that I am
> > testing various configurations of the OpenAFS client on, so I can try
> > all sorts of funky things and not have to
> > worry about messing up a machine that someone is actually using. I set
> > one up to test the behaviour of the
> > client with the loopback adapter on, as so:
> >
> > (1) Wiped a machine a did a fresh load of our disk image (XP, Novell
> > client, etc). Computer name is SPH-2002-0196.
> > I saw some old post on the Internet implying that dashes in the hostnam=
e
> > might cause problems with the AFS
> > client, but they dated from 2002 or 2003, so I'm assuming it doesn't
> > matter these days. I think I mentioned earlier
> > that I tried a system with a boring alphanumeric only name (SPHAFSTEST)
> > and it didn't help anything.
> >
> > (reboot)
> >
> > (2) Installed MIT Kerberos v3.0.0 with all default settings on; krb5.in=
i
> > has been properly customized for our site.
> > Kerberos is set to start automatically when Windows starts (as would
> > make sense). (side note: MIT Kerberos seems to
> > work fine in and of itself. It gladly will go authenticate and get
> > tokens). I did this as an administrator; normal users wouldn't
> > normally be allowed to install software given the way we have security
> > set up on our workstation disk image.
> >
> > (reboot)
> >
> > (3) Installed OpenAFS Windows Client v1.4.0 (as an administrator) WITH
> > the loopback adaptor installed this time. Use our
> > CellServDB file that actually includes our site. Set AFS cell name to
> > "sph.umich.edu <http://sph.umich.edu>". Everything else is set per
> > installation
> > defaults (AFS crypt security =3D on, AFS freelance client =3D on, DNS
> > cellserver search =3D on, start afscreds on login =3D on, auto
> > initialize afscreds =3D on, renew drivemaps =3D on, ip change detection=
=3D
> > on, quiet =3D on). Installer completes successfully.
> >
> > (reboot)
> >
> > (4) Now my test workstation is back online, sitting at the login prompt=
.
> > I try to login to the Novell network (client version 4.91, by
> > the way). Now it doesn't work! "The tree or server cannot be found.
> > Choose a different tree or server....". OK. Let's log in as
> > "Workstation only". Did the Novell client get bound up in the loopback
> > adapter or something? Can this be dealt with? I know very
> > little about Novell (I am a new hire at SPH, and mostly a UNIX guy).
> >
> > (5) So I log in to the local machine only and get the AFS Client "Obtai=
n
> > New AFS tokens" dialog box. Enter username and password
> > and authenticate to cell "sph.umich.edu <http://sph.umich.edu>". Wait a
> > minute or two, and the tickets show up in the MIT Kerberos Network
> Identity
> > Manager. So at least authentication and ticketing is all good.
> >
> > (6) Testing: Start->Run. "\\afs\all". I get the message: "This file doe=
s
> > not have a program associated with it for performing this action.
> > Create an association in the Folder Options control panel".
> >
> > OK.
> >
> > Testing: Start->Run. "\\afs\sph.umich.edu". Same message.
> >
> > Testing: Start->Run. "\\afs\sph.umich.edu\user\s\scaron". Wait a second
> > or two... same message.
> >
> > Testing: Start->Run. "cmd". From command prompt: "net use
> > \\afs\sph.umich.edu\user\s\scaron h:". We get the message: "The
> > network name cannot be found (system error 67)".
> >
> > Testing: Click "Drive Letters" tab in AFS client. It sits for a while
> > (30 secs - 1 minute). Click "Add". Select "Drive F", AFS path
> > "\afs\sph.umich.edu\user\s\scaron", submount "homes". I get the error:
> >
> > "AFS was unable to map the network drive to the specified path in AFS.
> > Check to make sure the drive letter is not currently in use"
> > "Error 0x00000043"
> >
> > (i was thinking about it and it hit me that 43 hex =3D 67 decimal so i
> > guess NETWORK NAME CANNOT BE FOUND is the issue here)
> >
> > (7) Check network properties. We have two connections installed.
> >
> > One is called AFS and is bound to the loopback adaptor. Uses items:
> > Novell client for Windows, Client for Microsoft networks, Remote
> > management, Novell workstation manager, Novell distributed print
> > services, TCP/IP
> >
> > The other is the default Local Area Network connection. Uses items:
> > Novell client for Windows, Client for Microsoft networks, QoS
> > packet scheduler, Remote management, Novell workstation manager, Novell
> > distributed print services, TCP/IP. Windows firewall is
> > on. We use DHCP to get all network card parameters & DNS server
> > information. TCP/IP filtering is off. NetBIOS is set to "Use NetBIOS
> > setting from DHCP server. If static IP address is used or DHCP server
> > does not provide NetBIOS setting, enable NetBIOS over TCP/IP"
> >
> > I see that we don't actually have a NetBIOS protocol installed by
> > default on our load. Let's do it manually for now.
> >
> > (8) Add protocol: NWLink IPX/SPX/NetBIOS Compatible Transport Protocol
> > (this is the only NetBIOS protocol available in the list).
> > Install it.
> >
> > (reboot)
> >
> > (9) So we're back at the login prompt and you still can't log in to
> > Novell. We get the same "The tree or server cannot be found..." message=
.
>
> > Let's login to local workstation only again and proceed. Once again I a=
m
> > able to successfully log in, authenticate to sph.umich.edu
> > < http://sph.umich.edu>, and
> > obtain tokens.
> >
> > (10) Try the same testing suite again:
> >
> > Testing: Start->Run. "\\afs\all". I get the message: "This file does no=
t
> > have a program associated with it for performing this action.
> > Create an association in the Folder Options control panel".
> >
> > Testing: Start->Run. "\\afs\sph.umich.edu". Same message.
> >
> > Testing: Start->Run. "\\afs\sph.umich.edu\user\s\scaron". Same message.
> >
> > Testing: Start->Run. "cmd". From command prompt: "net use
> > \\afs\sph.umich.edu\user\s\scaron h:". We get the message: "The
> > network name cannot be found (system error 67)".
> >
> > Testing: Click "Drive Letters" tab in AFS client. It comes up instantly
> > this time around. Click "Add". Select "Drive F", AFS path
> > "\afs\sph.umich.edu\user\s\scarno", submount "homes". I again get the
> error:
> >
> > "AFS was unable to map the network drive to the specified path in AFS.
> > Check to make sure the drive letter is not currently in use"
> > "Error 0x00000043"
> >
> > That didn't seem to help anything.
> >
> > (11) Go to Network Connections->Advanced Settings. In "adapters and
> > bindings" I move the AFS (loopback) connection to the top of
> > the pile. Go to Provider Order tab and move OpenAFSDaemon to the very
> > top of the heap (it was at the very bottom).
> >
> > (reboot)
> >
> > (12) I'm not even going to try and log into the Novell network this tim=
e
>
> > around. Log in to local machine only and run my series of test
> > commands again. Same results as above.
> >
> > (13) It was suggested that I perhaps unbind NWLink IPX/SPX/NetBIOS
> > Compatible Transport Protocol from the Client for Microsoft
> > Networks. Go back into Network->Advanced Settings and do that. While I'=
m
> > at it, I see that TCP/IP has become unbound from the
> > Novell client. So I bind that back up while I'm there.
> >
> > (reboot)
> >
> > (14) Why not try and log into Novell this boot around? I still get the
> > "Tree or server cannot be found" error. Let's login to the workstation
> > only and proceed again.
> >
> > (15) Run my little suite of test commands again. Same results as above
> > (no change).
> >
> > This is about where I stand now. I've tried some various other things:
> > Hard setting "NetBIOS over TCP/IP" to ON instead of taking settings
> > based on DHCP values, manually entering DNS servers, turning off Window=
s
>
> > firewall, etc. All seem to have no effect. I've repeated all this
> > for both the cases of loopback adaptor installed, and loopback adaptor
> > not installed, basically, with (roughly) the same effects. Some of
> > the errors I got without the loopback adaptor were a little different (=
I
> > remember getting a system error 53 a couple of times, among other
> > things).
> >
> > I tried to be as exhaustive as possible in compiling my little report
> > here; I hope it isn't entirely too much wasted reading and writing for
> > myself and all of you out there on the list. I'm really hoping to be
> > able to get this to work, or, failing that, at least be able to go to m=
y
>
> > supervisor and say without a doubt that "the AFS client for Windows wil=
l
> > not work with [our] Novell installation [because]...", so I want
> > to be sure that I pretty much left no stone unturned.
> >
> > Thanks, everyone, for all the help thus far. Please don't hesitate to
> > ask me about anything if you feel that you might need more knowledge
> > about my system environment to be able to offer any useful suggestions.
> >
> > Regards,
> >
> >
> > Sean Caron
> >
> > Associate Systems Administrator
> > University of Michigan School of Public Health
> > 1-734-763-4206
> > scaron@umich.edu <mailto:scaron@umich.edu>
> >
> >
> > On 3/3/06, *Rodney M Dyer* <rmdyer@uncc.edu <mailto: rmdyer@uncc.edu>>
> wrote:
> >
> > At 12:12 PM 3/3/2006, Jeffrey Altman wrote:
> > >I have heard of other organizations having problems with both
> > Novell and
> > >OpenAFS clients on the same machines. I have not had access to
> such a
> > >configuration to be able to debug it.
> >
> > Just a note. We run the Novell client without issues with OpenAFS
> > and the
> > loopback adapter. We DO NOT however use the Novell GINA
> > module. After we
> > install the Novell client, we replace the nwgina.dll back to
> > msgina.dll. We also place the afslogon.dll authenticator first in
> the
> > providers list.
> >
> > Rodney
> >
> > Rodney M. Dyer
> > Windows Systems Programmer
> > Mosaic Computing Group
> > William States Lee College of Engineering
> > University of North Carolina at Charlotte
> > Email: rmdyer@uncc.edu <mailto:rmdyer@uncc.edu>
> > Web: http://www.coe.uncc.edu/~rmdyer
> <http://www.coe.uncc.edu/%7Ermdyer>
> > Phone: (704)687-3518
> > Help Desk Line: (704)687-3150
> > FAX: (704)687-2352
> > Office: Cameron Applied Research Center, Room 232
> >
> >
>
>
>
------=_Part_7079_10873838.1141657228928
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
<span class=3D"gmail_quote"></span>OK<br>
<div style=3D"direction: ltr;">
<br>
i look: only things checked on loopback adaptor AFS are Client for Microsof=
t Networks,<br>
TCP/IP. Novell client is not bound to loopback adaptor in any way.<br>
<br>
(at this point i have to say, it was my error earlier in stating that the A=
FS client broke the<br>
Novell client. it just gives this impression because for some reason, it se=
ems as if it is<br>
necessary to wait around 2-3 minutes at the login prompt before trying to l=
og in or else<br>
you will get the "Tree or server cannot be found" error. if you w=
ait, it will eventually work.<br>
but why? i could see this being something that would really confuse and irr=
itate a user)<br>
<br>
so ok, let's proceed.<br>
<br>
i have the open afs client set up for monitoring with debugview and filemon=
. i follow the manual token-getting procedure:<br>
<br>
C:\> kinit -5 -V -d scaron<br>
Kerberos 5 is ready<br>
Password for <a href=3D"mailto:scaron@SPH.UMICH.EDU" target=3D"_blank" oncl=
ick=3D"return top.js.OpenExtLink(window,event,this)">scaron@SPH.UMICH.EDU</=
a>:<br>
Authenticated to Kerberos v5<br>
<br>
C:\> aklog -d<br>
Authenticating to cell <a href=3D"http://sph.umich.edu" target=3D"_blank" o=
nclick=3D"return top.js.OpenExtLink(window,event,this)">sph.umich.edu</a>.<=
br>
Getting v5 tickets: <a href=3D"mailto:afs/sph.umich.edu@SPH.UMICH.EDU" targ=
et=3D"_blank" onclick=3D"return top.js.OpenExtLink(window,event,this)">afs/=
sph.umich.edu@SPH.UMICH.EDU</a><br>
Getting v5 tickets: <a href=3D"mailto:afs@SPH.UMICH.EDU" target=3D"_blank" =
onclick=3D"return top.js.OpenExtLink(window,event,this)">afs@SPH.UMICH.EDU<=
/a><br>
pioctl temp !=3D 0: 0x66543200<br>
About to resolve name <a href=3D"mailto:scaron@SPH.UMICH.EDU" target=3D"_bl=
ank" onclick=3D"return top.js.OpenExtLink(window,event,this)">scaron@SPH.UM=
ICH.EDU</a> to id<br>
Id 32766<br>
Set username to <a href=3D"mailto:scaron@SPH.UMICH.EDU" target=3D"_blank" o=
nclick=3D"return top.js.OpenExtLink(window,event,this)">scaron@SPH.UMICH.ED=
U</a><br>
Getting tokens.<br>
<br>
C:\> tokens<br>
<br>
Tokens held by the Cache Manager:<br>
<br>
User <a href=3D"mailto:scaron@SPH.UMICH.EDU" target=3D"_blank" onclick=3D"r=
eturn top.js.OpenExtLink(window,event,this)">scaron@SPH.UMICH.EDU</a>'s tok=
ens for <a href=3D"mailto:afs@sph.umich.edu" target=3D"_blank" onclick=3D"r=
eturn top.js.OpenExtLink(window,event,this)">
afs@sph.umich.edu</a> [Expires Mar 06 19:15]<br>
pioctl temp !=3D 0: 0x66543218<br>
<br>
<br>
so it looks like, as i stated earlier, there is no problem in actually obta=
ining the tokens from<br>
the server. running nbtstat -n, we obtain, on the loopback adaptor, the res=
ults:<br>
<br>
SPH-2002-0892 <00> UN=
IQUE Registered<br>
SPH =
<00> UNIQUE
Registered<br>
AFS =
<20> UNIQUE
Registered<br>
<br>
on the real LAN connection, we have the results:<br>
<br>
SPH-2002-0892 <00> UN=
IQUE Registered<br>
SPH =
<00> UNIQUE
Registered<br>
<br>
so the AFS service is uniquely registered on the loopback adaptor, as it sh=
ould be.<br>
<br>
so now i try and hit up an AFS share using the command: Start->Run \\afs=
\sph.umich.edu<br>
<br>
i wait maybe, 15-20 seconds and get the message:</div><div style=3D"directi=
on: ltr;"><span class=3D"q"><br>
<br>
"This file does not have a program associated with it for performing
this action. Create an association in the Folder Options control panel"=
;<br>
<br></span></div><div style=3D"direction: ltr;">
if i try to set up an actual drive mapping with NET USE, e.g.<br>
<br>
NET USE \\afs.sph.umich.edu\user\s\scaron h:<br>
<br>
i get the same "System error 67: Network name cannot be found" er=
ror.<br>
<br>
SO:<br>
<br>
i don't see anything that looks glaringly erroneous popping up in debugview=
.<br>
<br>
looking in filemonon, i see that explorer.exe is pulling off READ/QUERY
INFORMATION/CLOSE calls to the paths that i want to access correctly.
that is, the result code is SUCCESS. this is the case for
\\afs\sph.umich.edu, \\afs\sph.umich.edu\user\s\scaron, etc. so i would
guess that is a good sign.<br>
<br>
i also am seeing that afsd_service.exe keeps trying to find a file,
AFSDHOOK.DLL, that it is not finding. this is unsurprising, since the
file does not exist on the filesystem, nor does it seem to be included
in the installer (i searched through the MSI file looking for it).
could the lack of this file be the cause of the "no program associated
with..." errors?<br>
<br>
this is feeling more like a problem with how openafs and windows
interact together, rather than a problem with just openafs itself. i
think openafs is mostly acting correctly. it just seems like windows
doesnt know how to deal with it properly.<br>
<br>
any suggestions on how to further proceed?<br>
<br>
thanks,<br></div><div style=3D"direction: ltr;"><span class=3D"sg">
<br>
sean caron</span></div><div style=3D"direction: ltr;"><span class=3D"e" id=
=3D"q_109d011705951fde_4"><br>
<br>
<br><br><div><span class=3D"gmail_quote">On 3/3/06, <b class=3D"gmail_sende=
rname">Jeffrey Altman</b> <<a href=3D"mailto:jaltman@columbia.edu" targe=
t=3D"_blank" onclick=3D"return top.js.OpenExtLink(window,event,this)">jaltm=
an@columbia.edu
</a>> wrote:</span><blockquote class=3D"gmail_quote" style=3D"border-lef=
t: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1=
ex;">
Sean:<br><br>On the Loopback adapter, unbind everything but:<br><br> * Clie=
nt for Microsoft Networks<br> * Internet Protocol<br><br>Using the GUIs is =
not going to help you here so I advise that you stop<br>trying to use them.
<br><br>Please read the Debugging OpenAFS section of the release notes that=
<br>I pointed you at earlier. Turn on PIOCTL debugging, Trace Lo=
gging,<br>and obtain a copy of the SysInternals DbgView and FileMon tools.<=
br>After setting everything up as described in the Release Notes execute
<br>the following commands from the command line:<br><br> * kinit <user@=
REALM><br> * aklog -d<br> * tokens<br><br>Now if you have any form of co=
nnectivity with the AFS SMB Server you<br>will have obtained tokens and bee=
n able to list them. Otherwise, you
<br>will have received another copy of the Network Name Not Found error.<br=
><br>At that point, you need to use "nbtstat -n" to list all of t=
he<br>registered network names. The following line should appea=
r once
<br>and only once on the Loopback Adapter:<br><br> A=
FS &=
lt;20> UNIQUE Registered<b=
r><br>There should be no other names on that adapter with type <20>.&=
nbsp; If<br>there are, you will lose. If AFS <20> app=
ears on any other adapter,
<br>you will lose.<br><br>If you have any machine on your network that is a=
dverting the name<br>AFS <20>, you will lose.<br><br>Jeffrey Altman<b=
r><br><br><br>Sean Caron wrote:<br>> Thanks for the suggestions so far. =
What I am doing is: I have a couple
<br>> of spare machines in my office that I am<br>> testing various c=
onfigurations of the OpenAFS client on, so I can try<br>> all sorts of f=
unky things and not have to<br>> worry about messing up a machine that s=
omeone is actually using. I set
<br>> one up to test the behaviour of the<br>> client with the loopba=
ck adapter on, as so:<br>><br>> (1) Wiped a machine a did a fresh loa=
d of our disk image (XP, Novell<br>> client, etc). Computer name is SPH-=
2002-0196.
<br>> I saw some old post on the Internet implying that dashes in the ho=
stname<br>> might cause problems with the AFS<br>> client, but they d=
ated from 2002 or 2003, so I'm assuming it doesn't<br>> matter these day=
s. I think I mentioned earlier
<br>> that I tried a system with a boring alphanumeric only name (SPHAFS=
TEST)<br>> and it didn't help anything.<br>><br>> (reboot)<br>>=
<br>> (2) Installed MIT Kerberos v3.0.0 with all default settings on;=20
krb5.ini<br>> has been properly customized for our site.<br>> Kerbero=
s is set to start automatically when Windows starts (as would<br>> make =
sense). (side note: MIT Kerberos seems to<br>> work fine in and of itsel=
f. It gladly will go authenticate and get
<br>> tokens). I did this as an administrator; normal users wouldn't<br>=
> normally be allowed to install software given the way we have security=
<br>> set up on our workstation disk image.<br>><br>> (reboot)
<br>><br>> (3) Installed OpenAFS Windows Client v1.4.0 (as an adminis=
trator) WITH<br>> the loopback adaptor installed this time. Use our<br>&=
gt; CellServDB file that actually includes our site. Set AFS cell name to
<br>> "<a href=3D"http://sph.umich.edu" target=3D"_blank" onclick=
=3D"return top.js.OpenExtLink(window,event,this)">sph.umich.edu</a> <<a =
href=3D"http://sph.umich.edu" target=3D"_blank" onclick=3D"return top.js.Op=
enExtLink(window,event,this)">
http://sph.umich.edu</a>>". Everything else is set per<br>> inst=
allation<br>> defaults (AFS crypt security =3D on, AFS freelance client =
=3D on, DNS
<br>> cellserver search =3D on, start afscreds on login =3D on, auto<br>=
> initialize afscreds =3D on, renew drivemaps =3D on, ip change detectio=
n =3D<br>> on, quiet =3D on). Installer completes successfully.<br>><=
br>> (reboot)
<br>><br>> (4) Now my test workstation is back online, sitting at the=
login prompt.<br>> I try to login to the Novell network (client version=
4.91, by<br>> the way). Now it doesn't work! "The tree or server c=
annot be found.
<br>> Choose a different tree or server....". OK. Let's log in as<b=
r>> "Workstation only". Did the Novell client get bound up in =
the loopback<br>> adapter or something? Can this be dealt with? I know v=
ery
<br>> little about Novell (I am a new hire at SPH, and mostly a UNIX guy=
).<br>><br>> (5) So I log in to the local machine only and get the AF=
S Client "Obtain<br>> New AFS tokens" dialog box. Enter userna=
me and password
<br>> and authenticate to cell "<a href=3D"http://sph.umich.edu" ta=
rget=3D"_blank" onclick=3D"return top.js.OpenExtLink(window,event,this)">sp=
h.umich.edu</a> <<a href=3D"http://sph.umich.edu" target=3D"_blank" oncl=
ick=3D"return top.js.OpenExtLink(window,event,this)">
http://sph.umich.edu</a>>". Wait a<br>> minute or two, and the t=
ickets show up in the MIT Kerberos Network Identity
<br>> Manager. So at least authentication and ticketing is all good.<br>=
><br>> (6) Testing: Start->Run. "\\afs\all". I get the m=
essage: "This file does<br>> not have a program associated with it =
for performing this action.
<br>> Create an association in the Folder Options control panel".<b=
r>><br>> OK.<br>><br>> Testing: Start->Run. "\\afs\sph.=
umich.edu". Same message.<br>><br>> Testing: Start->Run. &quo=
t;\\afs\sph.umich.edu\user\s\scaron". Wait a second
<br>> or two... same message.<br>><br>> Testing: Start->Run. &q=
uot;cmd". From command prompt: "net use<br>> \\afs\sph.umich.e=
du\user\s\scaron h:". We get the message: "The<br>> network na=
me cannot be found (system error 67)".
<br>><br>> Testing: Click "Drive Letters" tab in AFS client=
. It sits for a while<br>> (30 secs - 1 minute). Click "Add". =
Select "Drive F", AFS path<br>> "\afs\sph.umich.edu\user\=
s\scaron", submount "homes". I get the error:
<br>><br>> "AFS was unable to map the network drive to the speci=
fied path in AFS.<br>> Check to make sure the drive letter is not curren=
tly in use"<br>> "Error 0x00000043"<br>><br>> (i wa=
s thinking about it and it hit me that 43 hex =3D 67 decimal so i
<br>> guess NETWORK NAME CANNOT BE FOUND is the issue here)<br>><br>&=
gt; (7) Check network properties. We have two connections installed.<br>>=
;<br>> One is called AFS and is bound to the loopback adaptor. Uses item=
s:
<br>> Novell client for Windows, Client for Microsoft networks, Remote<b=
r>> management, Novell workstation manager, Novell distributed print<br>=
> services, TCP/IP<br>><br>> The other is the default Local Area N=
etwork connection. Uses items:
<br>> Novell client for Windows, Client for Microsoft networks, QoS<br>&=
gt; packet scheduler, Remote management, Novell workstation manager, Novell=
<br>> distributed print services, TCP/IP. Windows firewall is<br>> on=
. We use DHCP to get all network card parameters & DNS server
<br>> information. TCP/IP filtering is off. NetBIOS is set to "Use =
NetBIOS<br>> setting from DHCP server. If static IP address is used or D=
HCP server<br>> does not provide NetBIOS setting, enable NetBIOS over TC=
P/IP"
<br>><br>> I see that we don't actually have a NetBIOS protocol insta=
lled by<br>> default on our load. Let's do it manually for now.<br>><=
br>> (8) Add protocol: NWLink IPX/SPX/NetBIOS Compatible Transport Proto=
col
<br>> (this is the only NetBIOS protocol available in the list).<br>>=
Install it.<br>><br>> (reboot)<br>><br>> (9) So we're back at =
the login prompt and you still can't log in to<br>> Novell. We get the s=
ame "The tree or server cannot be found..." message.
<br>> Let's login to local workstation only again and proceed. Once agai=
n I am<br>> able to successfully log in, authenticate to <a href=3D"http=
://sph.umich.edu" target=3D"_blank" onclick=3D"return top.js.OpenExtLink(wi=
ndow,event,this)">
sph.umich.edu</a><br>> <<a href=3D"http://sph.umich.edu" target=3D"_b=
lank" onclick=3D"return top.js.OpenExtLink(window,event,this)">
http://sph.umich.edu</a>>, and<br>> obtain tokens.<br>><br>> (1=
0) Try the same testing suite again:<br>><br>> Testing: Start->Run=
. "\\afs\all". I get the message: "This file does not<br>
> have a program associated with it for performing this action.<br>> =
Create an association in the Folder Options control panel".<br>><br=
>> Testing: Start->Run. "\\afs\sph.umich.edu". Same message=
.
<br>><br>> Testing: Start->Run. "\\afs\sph.umich.edu\user\s\s=
caron". Same message.<br>><br>> Testing: Start->Run. "cm=
d". From command prompt: "net use<br>> \\afs\sph.umich.edu\use=
r\s\scaron h:". We get the message: "The
<br>> network name cannot be found (system error 67)".<br>><br>&=
gt; Testing: Click "Drive Letters" tab in AFS client. It comes up=
instantly<br>> this time around. Click "Add". Select "Dr=
ive F", AFS path
<br>> "\afs\sph.umich.edu\user\s\scarno", submount "homes=
". I again get the error:<br>><br>> "AFS was unable to map =
the network drive to the specified path in AFS.<br>> Check to make sure =
the drive letter is not currently in use"
<br>> "Error 0x00000043"<br>><br>> That didn't seem to h=
elp anything.<br>><br>> (11) Go to Network Connections->Advanced S=
ettings. In "adapters and<br>> bindings" I move the AFS (loopb=
ack) connection to the top of
<br>> the pile. Go to Provider Order tab and move OpenAFSDaemon to the v=
ery<br>> top of the heap (it was at the very bottom).<br>><br>> (r=
eboot)<br>><br>> (12) I'm not even going to try and log into the Nove=
ll network this time
<br>> around. Log in to local machine only and run my series of test<br>=
> commands again. Same results as above.<br>><br>> (13) It was sug=
gested that I perhaps unbind NWLink IPX/SPX/NetBIOS<br>> Compatible Tran=
sport Protocol from the Client for Microsoft
<br>> Networks. Go back into Network->Advanced Settings and do that. =
While I'm<br>> at it, I see that TCP/IP has become unbound from the<br>&=
gt; Novell client. So I bind that back up while I'm there.<br>><br>
> (reboot)
<br>><br>> (14) Why not try and log into Novell this boot around? I s=
till get the<br>> "Tree or server cannot be found" error. Let'=
s login to the workstation<br>> only and proceed again.<br>><br>
> (15) Run my little suite of test commands again. Same results as above
<br>> (no change).<br>><br>> This is about where I stand now. I've=
tried some various other things:<br>> Hard setting "NetBIOS over T=
CP/IP" to ON instead of taking settings<br>> based on DHCP values, =
manually entering DNS servers, turning off Windows
<br>> firewall, etc. All seem to have no effect. I've repeated all this<=
br>> for both the cases of loopback adaptor installed, and loopback adap=
tor<br>> not installed, basically, with (roughly) the same effects. Some=
of
<br>> the errors I got without the loopback adaptor were a little differ=
ent (I<br>> remember getting a system error 53 a couple of times, among =
other<br>> things).<br>><br>> I tried to be as exhaustive as possi=
ble in compiling my little report
<br>> here; I hope it isn't entirely too much wasted reading and writing=
for<br>> myself and all of you out there on the list. I'm really hoping=
to be<br>> able to get this to work, or, failing that, at least be able=
to go to my
<br>> supervisor and say without a doubt that "the AFS client for W=
indows will<br>> not work with [our] Novell installation [because]...&qu=
ot;, so I want<br>> to be sure that I pretty much left no stone unturned=
.
<br>><br>> Thanks, everyone, for all the help thus far. Please don't =
hesitate to<br>> ask me about anything if you feel that you might need m=
ore knowledge<br>> about my system environment to be able to offer any u=
seful suggestions.
<br>><br>> Regards,<br>><br>><br>> Sean Caron<br>><br>>=
; Associate Systems Administrator<br>> University of Michigan School of =
Public Health<br>> 1-734-763-4206<br>> <a href=3D"mailto:scaron@umich=
.edu" target=3D"_blank" onclick=3D"return top.js.OpenExtLink(window,event,t=
his)">
scaron@umich.edu</a> <mailto:<a href=3D"mailto:scaron@umich.edu" target=
=3D"_blank" onclick=3D"return top.js.OpenExtLink(window,event,this)">scaron=
@umich.edu</a>><br>><br>><br>> On 3/3/06, *Rodney M Dyer* <<=
a href=3D"mailto:rmdyer@uncc.edu" target=3D"_blank" onclick=3D"return top.j=
s.OpenExtLink(window,event,this)">
rmdyer@uncc.edu</a> <mailto:<a href=3D"mailto:rmdyer@uncc.edu" target=3D=
"_blank" onclick=3D"return top.js.OpenExtLink(window,event,this)">
rmdyer@uncc.edu</a>>> wrote:<br>><br>> =
At 12:12 PM 3/3/2006, Jeffrey Altman wrote:<br>> =
>I have heard of other organizations having problems with both<br>>&=
nbsp; Novell and<br>> >Open=
AFS clients on the same machines. I have not had access to such =
a
<br>> >configuration to be able to debug it.<=
br>><br>> Just a note. We run the =
Novell client without issues with OpenAFS<br>> a=
nd the<br>> loopback adapter. We DO N=
OT however use the Novell GINA
<br>> module. After we<br>> &=
nbsp; install the Novell client, we replace the nwgina.dll back=
to<br>> msgina.dll. We also place th=
e afslogon.dll authenticator first in the<br>> p=
roviders list.<br>>
<br>> Rodney<br>><br>> &n=
bsp; Rodney M. Dyer<br>> Windows Systems Program=
mer<br>> Mosaic Computing Group<br>> &nb=
sp; William States Lee College of Engineering<br>> &nbs=
p; University of North Carolina at Charlotte
<br>> Email: <a href=3D"mailto:rmdyer@uncc.edu" =
target=3D"_blank" onclick=3D"return top.js.OpenExtLink(window,event,this)">=
rmdyer@uncc.edu</a> <mailto:<a href=3D"mailto:rmdyer@uncc.edu" target=3D=
"_blank" onclick=3D"return top.js.OpenExtLink(window,event,this)">
rmdyer@uncc.edu</a>><br>> Web: <a href=3D"htt=
p://www.coe.uncc.edu/%7Ermdyer" target=3D"_blank" onclick=3D"return top.js.=
OpenExtLink(window,event,this)">http://www.coe.uncc.edu/~rmdyer
</a><br>> Phone: (704)687-3518<br>> &nbs=
p; Help Desk Line: (704)687-3150<br>>  =
; FAX: (704)687-2352<br>> Office: Cam=
eron Applied Research Center, Room 232<br>><br>><br><br><br></blockqu=
ote></div>
<br>
</span></div>
------=_Part_7079_10873838.1141657228928--