Thanks! Changing "kerberos-iv" from 750/udp to 88/udp as it is for the "kerberos" service fixed the problem in OpenAFS 1.7.8 (I edited C:\Windows\System32\drivers\etc\services.)
Our firewall must be set up to allow port 88, but not 750. Now that it's tracked down, I remember that I had a similar problem many years ago. Oh look, it's there in the archives: https://lists.openafs.org/pipermail/openafs-info/2001-August/001791.html I had the opposite problem then, with some sites accepting port 750 but not 88. Those have all been upgraded to K5, while only the port 88 site remains with K4. It looks like you've now implemented Jeffrey Hutzelman's proposal from that 2001 thread, but my memory didn't last that long! Thanks, Tim. > -----Original Message----- > From: Jeffrey Altman [mailto:[email protected]] > Sent: 18 March 2012 17:15 > To: Adye, Tim (STFC,RAL,PPD); OpenAFS > Subject: Re: [OpenAFS] Could not obtain token after upgrade to 1.7.8 > > It used "kerberos" > > On 3/18/2012 1:08 PM, Tim Adye wrote: > > Hi Jeffrey, > > > > Thanks, that sounds like a likely explanation. Which port was it > using before? It seems odd that it wasn't blocked previously. > > > > It sounds like it would be easier to change /etc/services to use the > old port number than to get the firewall and NAT updated. > > > > Tim. > > > >> -----Original Message----- > >> From: [email protected] [mailto:openafs-info- > >> [email protected]] On Behalf Of Jeffrey Altman > >> Sent: 18 March 2012 16:07 > >> To: [email protected] > >> Subject: Re: [OpenAFS] Could not obtain token after upgrade to 1.7.8 > >> > >> The kauth package was fixed to read the "kerberos-iv" service port > >> number from /etc/services on Windows. If your firewall is blocking > >> port 750/udp, that would be the problem. > >> > >> > >> > >> On 3/18/2012 11:32 AM, Tim Adye wrote: > >>> Hi, > >>> > >>> After I upgraded from OpenAFS 1.7.4 to 1.7.8, I can no longer > obtain > >> a > >>> token with the AFS Authentication client or klog.exe. It complains > >>> that the "authentication server is unavailable" (after a long > delay). > >>> It works with 1.7.4. I went back and forth between the releases to > >>> check this wasn't a one-off installation problem: klog always works > >>> fine with 1.7.4 and always fails with 1.7.8. > >>> > >>> I am using Windows 7, 64-bit. The AFS server is still using the old > >> K4 > >>> authentication. I'm accessing it from home behind NAT and through a > >>> firewall, but that wasn't a problem with OpenAFS 1.7.4. > >>> > >>> What could have changed? > >>> > >>> Thanks, > >>> Tim. > >>> > >>> =========================== cut here ============================ > >>> Tim Adye [email protected] http://hepunx.rl.ac.uk/~adye > >>> Atlas/BaBar Groups, Particle Physics Dept, Rutherford Appleton Lab > >>> > >>> _______________________________________________ > >>> OpenAFS-info mailing list > >>> [email protected] > >>> https://lists.openafs.org/mailman/listinfo/openafs-info > > > > _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
