[OpenAFS] AFS service may not have started
Jeffrey Altman
jaltman@secure-endpoints.com
Tue, 08 Jul 2008 07:05:59 -0400
ENEM | Hans Melgers wrote:
>
> See hereunder
>
>
> Hans Melgers wrote:
>>
>>> Is "AFS" registered as a service name according to "nbtstat -n"?
>> yes
>
> what is the output of NET VIEW \\AFS ?
>
> Sharenaam Type Gebruikt als Opmerking
>
> -------------------------------------------------------------------------------
> .simpc.com Schijf
> all Schijf
> auto1 Schijf (UNC)
> auto2 Schijf S:
> enem.nl Schijf
> simpc.com Schijf
> De opdracht is voltooid.
>
> (i'm logged in to the enem.nl cell)
The presence or absence of tokens has no impact on
communication with the AFS Client Service which is
an SMB Server. The authentication which is failing
is the SMB authentication which takes place local
to the workstation. The Microsoft SMB Redirector
client constructs GSS SPNEGO NTLM authentication
requests and the AFS Client Service SMB Server hands
them off to the workstation to authenticate.
SMB Browsing (NET VIEW) does not require authentication
which is why this works when "DIR \\AFS\ALL" does not.
The next step is to use the SysInternals DbgView tool
to capture the authentication process during an attempt
to execute "dir \\afs\all" or "tokens".
Report any errors.
>>> Note that 0x52E is Logon Failure. unknown user name or bad password.
>>> How are you logging on to the workstation? Are you using a method
>>> that does not make use of a password?
>> No, just plain password with kfw
>
> You do not use KFW to logon to the workstation. What method are you using to logon to the workstation?
>
> Local password
>
>> Is NTLM disabled on the machine?
>> Yes, it is. However, i didnt disable it and never saw this problem
>> before. Should it be on ?
>
> Not necessarily.
> What are the values of
>
> HKLM\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0
> BackConnectionHostNames
>
> AFS
This registry value is a REG_MULTI_SZ. The value should be
AFS\0
\0
is it?
> HKLM\SYSTEM\CurrentControlSet\Control\Lsa
> DisableLoopbackCheck
>
> 1