[OpenAFS] AFS service may not have started

Jeffrey Altman jaltman@secure-endpoints.com
Tue, 08 Jul 2008 07:05:59 -0400

ENEM | Hans Melgers wrote:
> See hereunder
> Hans Melgers wrote:
>>> Is "AFS" registered as a service name according to "nbtstat -n"?
>> yes
> what is the output of NET VIEW \\AFS ?
> Sharenaam   Type    Gebruikt als  Opmerking
> -------------------------------------------------------------------------------
> .simpc.com  Schijf
> all         Schijf
> auto1       Schijf  (UNC)
> auto2       Schijf  S:
> enem.nl     Schijf
> simpc.com   Schijf
> De opdracht is voltooid.
> (i'm logged in to the enem.nl cell)

The presence or absence of tokens has no impact on
communication with the AFS Client Service which is
an SMB Server.  The authentication which is failing
is the SMB authentication which takes place local
to the workstation.  The Microsoft SMB Redirector
client constructs GSS SPNEGO NTLM authentication
requests and the AFS Client Service SMB Server hands
them off to the workstation to authenticate.

SMB Browsing (NET VIEW) does not require authentication
which is why this works when "DIR \\AFS\ALL" does not.

The next step is to use the SysInternals DbgView tool
to capture the authentication process during an attempt
to execute "dir \\afs\all" or "tokens".

Report any errors.

>>> Note that 0x52E is Logon Failure.  unknown user name or bad password.
>>> How are you logging on to the workstation?  Are you using a method 
>>> that does not make use of a password?
>> No, just plain password with kfw
> You do not use KFW to logon to the workstation.  What method are you using to logon to the workstation?
> Local password
>> Is NTLM disabled on the machine?
>> Yes, it is. However, i didnt disable it and never saw this problem 
>> before. Should it be on ?
> Not necessarily.

> What are the values of
>    HKLM\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0
>       BackConnectionHostNames

This registry value is a REG_MULTI_SZ.  The value should be


is it?

>    HKLM\SYSTEM\CurrentControlSet\Control\Lsa
>       DisableLoopbackCheck
> 1