testing various configurations of the OpenAFS client on, so I can try all sorts of funky things and not have to
worry about messing up a machine that someone is actually using. I set one up to test the behaviour of the
client with the loopback adapter on, as so:
(1) Wiped a machine a did a fresh load of our disk image (XP, Novell client, etc). Computer name is SPH-2002-0196.
I saw some old post on the Internet implying that dashes in the hostname might cause problems with the AFS
client, but they dated from 2002 or 2003, so I'm assuming it doesn't matter these days. I think I mentioned earlier
that I tried a system with a boring alphanumeric only name (SPHAFSTEST) and it didn't help anything.
(reboot)
(2) Installed MIT Kerberos v3.0.0 with all default settings on; krb5.ini has been properly customized for our site.
Kerberos is set to start automatically when Windows starts (as would make sense). (side note: MIT Kerberos seems to
work fine in and of itself. It gladly will go authenticate and get tokens). I did this as an administrator; normal users wouldn't
normally be allowed to install software given the way we have security set up on our workstation disk image.
(reboot)
(3) Installed OpenAFS Windows Client v1.4.0 (as an administrator) WITH the loopback adaptor installed this time. Use our
CellServDB file that actually includes our site. Set AFS cell name to "sph.umich.edu". Everything else is set per installation
defaults (AFS crypt security = on, AFS freelance client = on, DNS cellserver search = on, start afscreds on login = on, auto
initialize afscreds = on, renew drivemaps = on, ip change detection = on, quiet = on). Installer completes successfully.
(reboot)
(4) Now my test workstation is back online, sitting at the login prompt. I try to login to the Novell network (client version 4.91, by
the way). Now it doesn't work! "The tree or server cannot be found. Choose a different tree or server....". OK. Let's log in as
"Workstation only". Did the Novell client get bound up in the loopback adapter or something? Can this be dealt with? I know very
little about Novell (I am a new hire at SPH, and mostly a UNIX guy).
(5) So I log in to the local machine only and get the AFS Client "Obtain New AFS tokens" dialog box. Enter username and password
and authenticate to cell "sph.umich.edu". Wait a minute or two, and the tickets show up in the MIT Kerberos Network Identity
Manager. So at least authentication and ticketing is all good.
(6) Testing: Start->Run. "\\afs\all". I get the message: "This file does not have a program associated with it for performing this action.
Create an association in the Folder Options control panel".
OK.
Testing: Start->Run. "\\afs\sph.umich.edu". Same message.
Testing: Start->Run. "\\afs\sph.umich.edu\user\s\scaron". Wait a second or two... same message.
Testing: Start->Run. "cmd". From command prompt: "net use \\afs\sph.umich.edu\user\s\scaron h:". We get the message: "The
network name cannot be found (system error 67)".
Testing: Click "Drive Letters" tab in AFS client. It sits for a while (30 secs - 1 minute). Click "Add". Select "Drive F", AFS path
"\afs\sph.umich.edu\user\s\scaron", submount "homes". I get the error:
"AFS was unable to map the network drive to the specified path in AFS. Check to make sure the drive letter is not currently in use"
"Error 0x00000043"
(i was thinking about it and it hit me that 43 hex = 67 decimal so i guess NETWORK NAME CANNOT BE FOUND is the issue here)
(7) Check network properties. We have two connections installed.
One is called AFS and is bound to the loopback adaptor. Uses items: Novell client for Windows, Client for Microsoft networks, Remote
management, Novell workstation manager, Novell distributed print services, TCP/IP
The other is the default Local Area Network connection. Uses items: Novell client for Windows, Client for Microsoft networks, QoS
packet scheduler, Remote management, Novell workstation manager, Novell distributed print services, TCP/IP. Windows firewall is
on. We use DHCP to get all network card parameters & DNS server information. TCP/IP filtering is off. NetBIOS is set to "Use NetBIOS
setting from DHCP server. If static IP address is used or DHCP server does not provide NetBIOS setting, enable NetBIOS over TCP/IP"
I see that we don't actually have a NetBIOS protocol installed by default on our load. Let's do it manually for now.
(8) Add protocol: NWLink IPX/SPX/NetBIOS Compatible Transport Protocol (this is the only NetBIOS protocol available in the list).
Install it.
(reboot)
(9) So we're back at the login prompt and you still can't log in to Novell. We get the same "The tree or server cannot be found..." message.
Let's login to local workstation only again and proceed. Once again I am able to successfully log in, authenticate to sph.umich.edu, and
obtain tokens.
(10) Try the same testing suite again:
Testing: Start->Run. "\\afs\all". I get the message: "This file does not have a program associated with it for performing this action.
Create an association in the Folder Options control panel".
Testing: Start->Run. "\\afs\sph.umich.edu". Same message.
Testing: Start->Run. "\\afs\sph.umich.edu\user\s\scaron". Same message.
Testing: Start->Run. "cmd". From command prompt: "net use \\afs\sph.umich.edu\user\s\scaron h:". We get the message: "The
network name cannot be found (system error 67)".
Testing: Click "Drive Letters" tab in AFS client. It comes up instantly this time around. Click "Add". Select "Drive F", AFS path
"\afs\sph.umich.edu\user\s\scarno", submount "homes". I again get the error:
"AFS was unable to map the network drive to the specified path in AFS. Check to make sure the drive letter is not currently in use"
"Error 0x00000043"
That didn't seem to help anything.
(11) Go to Network Connections->Advanced Settings. In "adapters and bindings" I move the AFS (loopback) connection to the top of
the pile. Go to Provider Order tab and move OpenAFSDaemon to the very top of the heap (it was at the very bottom).
(reboot)
(12) I'm not even going to try and log into the Novell network this time around. Log in to local machine only and run my series of test
commands again. Same results as above.
(13) It was suggested that I perhaps unbind NWLink IPX/SPX/NetBIOS Compatible Transport Protocol from the Client for Microsoft
Networks. Go back into Network->Advanced Settings and do that. While I'm at it, I see that TCP/IP has become unbound from the
Novell client. So I bind that back up while I'm there.
(reboot)
(14) Why not try and log into Novell this boot around? I still get the "Tree or server cannot be found" error. Let's login to the workstation
only and proceed again.
(15) Run my little suite of test commands again. Same results as above (no change).
This is about where I stand now. I've tried some various other things: Hard setting "NetBIOS over TCP/IP" to ON instead of taking settings
based on DHCP values, manually entering DNS servers, turning off Windows firewall, etc. All seem to have no effect. I've repeated all this
for both the cases of loopback adaptor installed, and loopback adaptor not installed, basically, with (roughly) the same effects. Some of
the errors I got without the loopback adaptor were a little different (I remember getting a system error 53 a couple of times, among other
things).
I tried to be as exhaustive as possible in compiling my little report here; I hope it isn't entirely too much wasted reading and writing for
myself and all of you out there on the list. I'm really hoping to be able to get this to work, or, failing that, at least be able to go to my
supervisor and say without a doubt that "the AFS client for Windows will not work with [our] Novell installation [because]...", so I want
to be sure that I pretty much left no stone unturned.
Thanks, everyone, for all the help thus far. Please don't hesitate to ask me about anything if you feel that you might need more knowledge
about my system environment to be able to offer any useful suggestions.
Regards,
Sean Caron
Associate Systems Administrator
University of Michigan School of Public Health
1-734-763-4206
[EMAIL PROTECTED]
On 3/3/06, Rodney M Dyer <[EMAIL PROTECTED]> wrote:
At 12:12 PM 3/3/2006, Jeffrey Altman wrote:
>I have heard of other organizations having problems with both Novell and
>OpenAFS clients on the same machines. I have not had access to such a
>configuration to be able to debug it.
Just a note. We run the Novell client without issues with OpenAFS and the
loopback adapter. We DO NOT however use the Novell GINA module. After we
install the Novell client, we replace the nwgina.dll back to
msgina.dll. We also place the afslogon.dll authenticator first in the
providers list.
Rodney
Rodney M. Dyer
Windows Systems Programmer
Mosaic Computing Group
William States Lee College of Engineering
University of North Carolina at Charlotte
Email: [EMAIL PROTECTED]
Web: http://www.coe.uncc.edu/~rmdyer
Phone: (704)687-3518
Help Desk Line: (704)687-3150
FAX: (704)687-2352
Office: Cameron Applied Research Center, Room 232
