Lars Schimmer wrote: > Hi! > > I just want to write some experiences I got last weeks. > First: The PC last mentioned was totaly upset, not AFS fault. Set it up > completly new. > Now OpenAFS and MIT krb5 3.1 for windows seems to work. > For bad sake, users don´t obtain tokens automaticly. I setup krb.ini as > on other PCs, I setup our cgv.tugraz.at cell as default, all I get is a > "access error XXX" while trying to logging in (local users).
I assume you mean "krb5.ini" instead of "krb.ini". In order for a local user account to be used to obtain AFS tokens using Kerberos v5 during OpenAFS integrated logon: * krb5.ini default realm must be the realm the user's principal is located within * the case of the user's name as entered must match the case of the name in the user's principal within the Kerberos database * the password used to login locally to the machine must be the same as the password used to login to the Kerberos realm for that principal * there must be a Kerberos service ticket of the form [EMAIL PROTECTED] or afs/[EMAIL PROTECTED] If any of these requirements are not true you will get an error. If you get an error, turn on integrated logon debugging and examine the errors that are logged to the Windows Application Event Log. Sending a request for help here without any details as to why things are failing makes it impossible for anyone to help you. > After I logged in, sometimes the "get AFS tokens" screen appears, > sometimes not. If not, I need to start Authentication from start menu to > grab a token. I don´t know where to step in for better experience on > that PC. You have KFW 3.1 installed. Please configure the Network Identity Manager for use in obtaining Kerberos v5 credentials and AFS tokens. It provides a much better experience to end users and better debugging tools for Help Desks. NIM is installed with KFW 3.1 and the AFS support for NIM is installed with OpenAFS 1.5. > After I/the users got the token, everything works fine so far, even > Office 2007, no problem. > Once I had the problem with OpenAFS authentication screen didn´t > appeared, but I installed some software before and didn´t restarted windows. > > On my vista laptop I´m nearly depressed. Not that I believe it is related but be aware that KFW is not supported on Vista yet. There are a variety of problems that will be addressed in the next release. > I don´t activated "get token at login" and the authentication screen > appears every time I login and I´m able to grab a token. > But after the sleep mode sometimes OpenAFS break down and won´t come > back. Even stopping and starting the openafs service doesn´t do > anything. Only reboot resolves that problem. File a bug report at [EMAIL PROTECTED] Again, you will need to include useful data in your report as described in the OpenAFS release notes. For starters, you need to include the afsd_init.log file and if you are able to replicate the problem on a regular basis, you should turn on trace logging "fs trace -on", suspend the laptop, resume the laptop, and if you experienced the problem, "fs trace -dump" and send the afsd.log file as well. > Maybe the wlan drivers are not well enough (sometimes vista doesn´t find > the net although just 1m away from router), maybe switching wlans in > sleep mode isn´t best for OpenAFS. OpenAFS should not care about your wlans. OpenAFS installs the loopback adapter and binds to the loopback adapter. Only if the loopback adapter does not exist or does not restart after sleep would I expect there to be a problem. Jeffrey Altman
smime.p7s
Description: S/MIME Cryptographic Signature