Subject: netatalk 1.4b2+asun2.1.4 authentication problem
From: JollyRoger (jollyroger@pobox.com)
Date: Sun Apr 15 2001 - 10:31:38 EDT
I just installed netatalk. I got no errors during compile. But I am getting
the following error from Mac clients when trying to login:
"The User Authentication Method required by this server can't be found.
Please check the AppleShare folder in the Extensions folder and try again"
Here is my startup log:
Apr 15 22:17:20 obscurity atalkd[11629]: restart (1.4b2+asun2.1.4)
Apr 15 22:17:21 obscurity atalkd[11629]: zip_getnetinfo for eth0
Apr 15 22:17:40 obscurity last message repeated 2 times
Apr 15 22:17:50 obscurity atalkd[11629]: config for no router
Apr 15 22:17:51 obscurity atalkd[11629]: ready 0/0/0
Apr 15 22:17:51 obscurity atalk: atalkd startup succeeded
Apr 15 22:18:03 obscurity papd[11640]: restart (1.4b2+asun2.1.4)
Apr 15 22:18:03 obscurity papd[11640]: No such printer: lp
Apr 15 22:18:03 obscurity papd[11640]: printcap problem: lp
Apr 15 22:18:03 obscurity atalk: papd startup succeeded
Apr 15 22:18:03 obscurity atalk: afpd startup succeeded
Apr 15 22:18:09 obscurity papd[11640]: register obscurity:LaserWriter@*
Apr 15 22:18:09 obscurity afpd[11649]: obscurity:AFPServer@* started on
65280.142:130 (1.4b2+asun2.1.4)
Apr 15 22:18:09 obscurity afpd[11649]: ASIP started on 10.1.0.3:548(1)
(1.4b2+asun2.1.4)
When clients try to connect and receive the error message, this is what gets
logged:
Apr 15 22:20:54 obscurity afpd[11654]: ASIP session:548(1) from
10.1.0.4:49418(2)
Apr 15 22:20:54 obscurity afpd[11649]: server_child[1] 11654 done
My top-level netatalk Makefile starts out like this:
# cat Makefile
# Root of installation. Subdirectories will be ${DESTDIR}/etc,
# ${DESTDIR}/bin, and ${DESTDIR}/lib.
DESTDIR=/usr/local/atalk
# for system-level binaries
SBINDIR=$(DESTDIR)/sbin
# for user-level binaries
BINDIR=$(DESTDIR)/bin
# for program libraries (*.a)
LIBDIR=$(DESTDIR)/lib
# for machine-independent resources (pagecount.ps, etc.)
RESDIR=$(DESTDIR)/etc
# for configuration files (AppleVolumes.system, etc.)
ETCDIR=$(DESTDIR)/etc
# for include files
INCDIR=$(DESTDIR)/include
# Root of man pages. Subdirectories will be
# ${MANDIR}/man1, ${MANDIR}/man4, and ${MANDIR}/man8.
MANDIR=$(DESTDIR)/man
#INSTALL_PREFIX=
#SBINDIR=${INSTALL_PREFIX}/usr/sbin
#BINDIR=${INSTALL_PREFIX}/usr/bin
#LIBDIR=${INSTALL_PREFIX}/usr/lib
#RESDIR=${INSTALL_PREFIX}/usr/lib/atalk
#ETCDIR=${INSTALL_PREFIX}/etc/atalk
#INCDIR=${INSTALL_PREFIX}/usr/include
#MANDIR=${INSTALL_PREFIX}/usr/man
# Location of the Berkeley v2 db library and include files.
# NOTE: leave this commented out for now. it's a placeholder for a future
# feature.
#DB2DIR=/usr/local/BerkeleyDB
# Location of the Diffie-Hellman library and include files. Uncomment
# this out if you want DHX as an allowable UAM for afpd. Currently,
# this is set up expecting libcrypto from the openssl project. As a
# result, this option will enable all of the encrypted authentication
# methods (including the Randnum Exchange ones). DHX expects cast.h,
# dh.h, and bn.h in $CRYPTODIR/include with -lcrypto in
# $CRYPTODIR/lib. NOTE: os x server will complain if you use both
# randnum exchange and DHX.
CRYPTODIR=/usr/local/ssl
# Location of the DES library and include files. Uncomment this out if
# you want Randnum Exchange and 2-Way Randnum Exchange as allowable
# UAMs for afpd. We expect libdes.a in $DESDIR/lib and des.h in
# $DESDIR/include. This option will get overridden by CRYPTODIR.
#DESDIR=/usr/local
# Location of the tcp wrapper library and include files. Comment this out
# if you don't want tcp wrapper support. having tcp wrapper support is
# highly recommended.
TCPWRAPDIR=/usr
# Location of PAM support library and include files. Uncomment this if
# you want to enable PAM support.
PAMDIR=/usr
# Location of cracklib support library and include files. This is used
# in the password changing routines. Uncomment this out if you want to
# enable support.
CRACKDIR=/usr
# Location of the AFS and Kerberos libraries and include files. Uncomment
# and edit these if you want to include AFS or Kerberos support in afpd
# or Kerberos support in papd.
AFSDIR=/usr/local/afs
KRBDIR=/usr/local/kerberos
(snip)
The authentication modules do indeed exist in #RESDIR/uams/:
# ls -al /usr/local/atalk/etc/uams/
total 60
drwxr-xr-x 2 root root 4096 Apr 15 22:14 .
drwxr-xr-x 5 root root 4096 Apr 15 22:17 ..
lrwxrwxrwx 1 root root 11 Apr 15 22:14 uams_clrtxt.so ->
uams_pam.so
lrwxrwxrwx 1 root root 15 Apr 15 22:14 uams_dhx.so ->
uams_dhx_pam.so
-rwxr-xr-x 1 root root 1869 Apr 15 22:14 uams_dhx_pam.so
-rwxr-xr-x 1 root root 1872 Apr 15 22:14 uams_dhx_passwd.so
-rwxr-xr-x 1 root root 3361 Apr 15 22:14 uams_guest.so
-rwxr-xr-x 1 root root 1865 Apr 15 22:14 uams_pam.so
-rwxr-xr-x 1 root root 3952 Apr 15 22:14 uams_passwd.so
-rwxr-xr-x 1 root root 32319 Apr 15 22:14 uams_randnum.so
And I believe my /usr/local/atalk/etc/afpd.conf file is correct:
- -transall -savepassword -setpassword -uampath /usr/local/atalk/etc/uams
-uamlist uams_dhx_pam.so,uams_dhx_passwd.so,ua
ms_guest.so,uams_pam.so,uams_passwd.so,uams_randnum.so
(I tried NOT specifying the -uampath as well - which resulted in no
difference in behavior):
- -transall -savepassword -setpassword -uamlist
uams_dhx_pam.so,uams_dhx_passwd.so,ua
ms_guest.so,uams_pam.so,uams_passwd.so,uams_randnum.so
For some reason, either (a) the server is unable to find authentication
modules requested -or- (b) the Mac client is unable to find an
authentication module to match what the server requires (it's hard to tell
from the error message!).
I'm about out of tricks here. Can someone help me out?
JR
This archive was generated by hypermail 2b28 : Sun Oct 14 2001 - 03:04:36 EDT