KfW killing Cisco VPN under Windows 7
Cisco VPN is working great. As soon as KfW 3.2.2 (with stock NIDmgr and also 2.0 NIDmgr from Secure Endpoints) tries to get creds, the VPN connection drops. I can repeat this at will. OpenAFS 1.5.72 for Windows Kerberos for Windows 3.2.2 Windows 7 32-bit Has anyone else run into this? Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
Re: KfW killing Cisco VPN under Windows 7
On 3/12/2010 10:42 PM, Jeff Blaine wrote: > This appears to be an OpenAFS problem (?), as I can replicate > it without Network ID Manager running. Sure but what does NetIdMgr have to do with it? NetIdMgr is an application that loads the KFW libraries. > > Start -> All Programs -> OpenAFS -> Client -> Authentication This is afscreds.exe. Another application that loads the KFW libraries. In fact, it performs the same operations with the KFW libraries as NetIdMgr because both NetIdMgr and afscreds are Kerberos v5 credential management tools that obtain a TGT, import credentials from the MSLSA cache, and attempt to obtain AFS tokens. > > Before I can even type my username and password, the VPN > session is killed. Sure. The NetIdMgr log (at the time you say the failure occurs) was attempting to import credentials from the MSLSA: credential cache. afscreds.exe prior to displaying a user/cell/password dialog attempts to import credentials from the MSLSA credential cache. > > I'll take it to openafs-info There isn't enough evidence from what you have gathered to make any statement about what the problem is or who is to blame.To be completely honest, you are having a problem with a Cisco product. I suggest that you start your investigation by getting help from Cisco to determine why their VPN is losing the connection. Only then will you be able to begin to identify what is causing that condition. Jeffrey Altman Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
Re: KfW killing Cisco VPN under Windows 7
This appears to be an OpenAFS problem (?), as I can replicate it without Network ID Manager running. Start -> All Programs -> OpenAFS -> Client -> Authentication Before I can even type my username and password, the VPN session is killed. I'll take it to openafs-info On 3/12/2010 10:19 PM, Jeff Blaine wrote: > Here's the nidmdbg.log FWIW > > 22:10 is a clean instance of VPN running, "Obtain new credentials", > and VPN being killed. Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
Re: KfW killing Cisco VPN under Windows 7
Here's the nidmdbg.log FWIW 22:10 is a clean instance of VPN running, "Obtain new credentials", and VPN being killed. Logging started for Network Identity Manager at 2010-3-12 22:08:24.221 Product: NetIDMgr 2.0.0.304 Copyright © 2006-2010 Secure Endpoints Inc. Official build. Please send bug reports to netid...@secure-endpoints.com Logon session: [jblai...@[mm160939-pc] UPN: [] Logon server: [MM160939-PC] @[] Authentication package: [NTLM] Authentication package: [NTLM], Logon Type: Interactive Token privileges: : SeShutdownPrivilege (Disabled) : SeChangeNotifyPrivilege (Enabled) : SeUndockPrivilege (Disabled) : SeIncreaseWorkingSetPrivilege (Disabled) : SeTimeZonePrivilege (Disabled) Process tokens have no admin privileges. 22:08:24.221 Begin logging 22:08:24.237 [1] Begin: Load default modules 22:08:24.237 [2] Begin: Initializing module [OpenAFS] (child of [1]) 22:08:24.253 [3] Begin: Initializing plug-in [AfsCred] (child of [2]) 22:08:24.253 2600[3] Info:(KMM) Placing plug-in [AfsCred] on hold 22:08:24.253 2600[3] Info:(KMM) Leaving plug-in [AfsCred] in state [4] 22:08:24.253 [3] End 22:08:24.253 2600[2] Info:(KMM) Module [OpenAFS] is in state [4] 22:08:24.253 [2] End 22:08:24.253 [4] Begin: Initializing module [MITKrb5] (child of [1]) 22:08:24.253 [5] Begin: Initializing plug-in [Krb5Ident] (child of [4]) 22:08:24.253 2600[5] Info:(KMM) Placing plug-in [Krb5Ident] on hold 22:08:24.253 2600[5] Info:(KMM) Leaving plug-in [Krb5Ident] in state [4] 22:08:24.253 [5] End 22:08:24.253 [6] Begin: Initializing plug-in [Krb5Cred] (child of [4]) 22:08:24.253 2600[6] Info:(KMM) Leaving plug-in [Krb5Cred] in state [5] 22:08:24.253 [6] End 22:08:24.253 2600[4] Info:(KMM) Module [MITKrb5] is in state [4] 22:08:24.253 [4] End 22:08:24.253 [7] Begin: Initializing module [MITKrb4] (child of [1]) 22:08:24.253 [8] Begin: Starting plug-in [Krb5Cred] 22:08:24.253 972[8] Info:(KMM) Initialization of the plug-in returned code 0. 22:08:24.253 972[8] Info:(KMM) Plug-in running 22:08:24.253 [8] End 22:08:24.253 [9] Begin: Initializing plug-in [Krb4Cred] (child of [7]) 22:08:24.253 2600[9] Info:(KMM) Leaving plug-in [Krb4Cred] in state [5] 22:08:24.253 [9] End 22:08:24.253 2600[7] Info:(KMM) Module [MITKrb4] is in state [4] 22:08:24.253 [7] End 22:08:24.253 [10] Begin: Initializing module [KeyStore] (child of [1]) 22:08:24.253 [11] Begin: Starting plug-in [Krb4Cred] 22:08:24.253 [12] Begin: Initializing plug-in [KeyStoreCred] (child of [10]) 22:08:24.253 2600[12] Info:(KMM) Leaving plug-in [KeyStoreCred] in state [5] 22:08:24.253 [12] End 22:08:24.253 [13] Begin: Initializing plug-in [KeyStoreIdentity] (child of [10]) 22:08:24.253 2600[13] Info:(KMM) Placing plug-in [KeyStoreIdentity] on hold 22:08:24.253 2600[13] Info:(KMM) Leaving plug-in [KeyStoreIdentity] in state [4] 22:08:24.253 [13] End 22:08:24.253 2600[10] Info:(KMM) Module [KeyStore] is in state [4] 22:08:24.253 [10] End 22:08:24.253 [1] End 22:08:24.253 [14] Begin: Initializing plug-in [AfsCred] 22:08:24.253 2600[14] Info:(KMM) Leaving plug-in [AfsCred] in state [5] 22:08:24.253 [14] End 22:08:24.253 [15] Begin: Initializing plug-in [Krb5Ident] 22:08:24.253 2600[15] Info:(KMM) Leaving plug-in [Krb5Ident] in state [5] 22:08:24.253 [15] End 22:08:24.253 [16] Begin: Starting plug-in [AfsCred] 22:08:24.253 [17] Begin: Starting plug-in [KeyStoreCred] 22:08:24.253 1244[17] Info:(KMM) Initialization of the plug-in returned code 0. 22:08:24.253 1244[17] Info:(KMM) Plug-in running 22:08:24.253 [17] End 22:08:24.253 [18] Begin: Initializing plug-in [KeyStoreIdentity] 22:08:24.253 [19] Begin: Starting plug-in [Krb5Ident] 22:08:24.253 2920[19] Info:(KMM) Initialization of the plug-in returned code 0. 22:08:24.253 [20] Begin: Refreshing default identity (child of [19]) 22:08:24.253 3304[11] Info:(KMM) Initialization of the plug-in returned code 0. 22:08:24.253 3304[11] Info:(KMM) Plug-in running 22:08:24.253 [11] End 22:08:24.253 2600[18] Info:(KMM) Leaving plug-in [KeyStoreIdentity] in state [5] 22:08:24.253 [18] End 22:08:24.253 [21] Begin: Starting plug-in [KeyStoreIdentity] 22:08:24.253 2336[21] Info:(KMM) Initialization of the plug-in returned code 0. 22:08:24.253 2336[21] Info:(KMM) Plug-in running 22:08:24.253 [21] End 22:08:24.253 2920[20] Debug(1): CC name is [jbla...@rcf.our.org] 22:08:24.253 2920[20] Debug(1): Found principal [jbla...@rcf.our.org] 22:08:24.253 2920[20] Debug(1): Setting default identity to [jbla...@rcf.our.org] 22:08:24.253 [20] End 22:08:24.253 2920[19] Info:(KMM) Plug-in running 22:08:24.253 [19] End 22:08:27.543 [DBG] SNACNP Attached! 22:08:27.543 [DBG] "C:\Program Files\MIT\Kerberos\bin\netidmgr.exe" 22:08:27.543 [DBG] SNACNP::NPGetCaps::WNNC_NET_TYPE 22:08:27.543 [DBG] SNACNP::NPGetCaps::WNNC_USER 22:08:27.543 [DBG] SNACNP::NPGetCaps::WNNC_CONNECTION 22:08:27.543 [DBG] SNACNP::NPGetCaps::WNNC_ENUMERATION 22:08:27.543 [DBG] S