Troubleshooting

For troubleshooting help with installation issues, see the ReadMe file and the section Installing MacLeland. For troubleshooting help with the email proxy, see the section MacLeland & Email Programs.

• I'm trying to login to MacLeland but can't.
• Why is my default realm "athena.mit.edu" and not "stanford.edu"?
• How can I login to a host machine using a different userid?
• How do I login to a "non-Leland" kerberized host?
• What if my userid for a kerberized host doesn't match my SUNet ID?
• Why don't I see the MacLeland menu in the menu bar?
• Where do I find the MacLeland settings?
• Why can't I change the MacLeland settings?
• Why are the Mount Home Folder and Mount Other... commands grayed out?
• Why can't I mount my home folder (or other AFS folders)?
• I can't see the dotfiles in my AFS home folder.
• Why don't I have enough privileges to add/replace/remove my own AFS files?
• Why can't I delete these AFS files I have permission to delete?
• Can MacLeland convert text between AFS and the Mac?
• Can I make an alias of my AFS file to put on my Mac?

• I'm trying to login to MacLeland but can't.

Try re-entering your SUNet ID and password: You need to enter a valid SUNet ID and password. Remember that both are case sensitive. For help with ID and password issues, go to the Sweet Hall consulting desk or phone HelpSU for assistance, (650) 725-HELP (-4357). You can reset your SUNet password yourself if you have forgotten it - go to the SUNet ID webpage. (You can also find it on the HelpSU home page: http://helpsu.stanford.edu.)

Try changing your password: You may have a problem if you haven't changed your password in a long while. MacLeland 2.3 supports two different versions of Kerberos, versions 4 and 5. With previous versions, only version 4 was supported. In the past several years, whenever you changed your SUNet password, the password information was put into both a Kerberos 4 and a Kerberos 5 database. If you haven't changed your password in several years, the password information may only be in the Kerberos 4 database, and that may prevent you from being able to login to SUNet with MacLeland 2.3. Use MacLeland's Change Password command to change it.

Check your network connection: One possibility is that some part of the network connection between your Macintosh and the Kerberos authentication servers has failed. Perhaps with the help of your local network administrator or cluster consultant, check that the network cables are properly connected, and that other users in your area are not being affected as well.

Be sure you are logging into the correct realm: For Stanford users, in the MacLeland login dialog box, make certain that the selected realm is Stanford. If you see MIT (specifically, athena.mit.edu) as the default choice, choose the Stanford realm instead. (To make Stanford the default choice, select the Settings command from the MacLeland menu, choose the Kerberos panel, and then uncheck and recheck the option "Obtain Kerberos v5 tickets".)

Server problem?: It is also possible that the servers that handle MacLeland validation are unavailable. If you are pretty certain that this is the problem (for example, if others around you experience the same problem and no error messages help you make a better diagnosis), please phone (650) 725-7274 (on campus, K-RASH) and report a problem with the Kerberos authentication servers.

• Why is my default realm "athena.mit.edu" and not "stanford.edu"?

See the subsection "Be sure you are logging into the correct realm" of the previous question.

• How can I login to a host machine using a different userid?

One way this problem arises is when you have logged into MacLeland and then try to login to a host machine that is kerberized, such as elaine-best. Since it will use MacLeland's Kerberos tickets to log you in automatically, it won't give you a chance to enter a userid yourself.

But what do you do if you need to login to a different userid, for example, because a friend needs to login for a minute? Assuming your friend has his or her own SUNet userid, the best answer is to use MacLeland's Secondary Login command to login to MacLeland with the second userid, and then, with that userid selected (the MacLeland menu shows which is selected), try logging in to the host machine.

If you yourself need to login to the same host with a different userid, then you will need to logout from MacLeland. Restart your MacSamson session to the host. When MacLeland prompts you for your SUNet ID, press the Cancel button. The host computer will then continue with a normal session, prompting you for the userid and password you want to use on that host. The terminal session will not be kerberized, however.

Another way this situation comes up is when you want to use a kerberized host, but your userid on that host is different from your SUNet ID. In that case, the userid on that host must have a .klogin file that contains your SUNet ID (also see the next question). This allows Kerberos to log you in via your SUNet ID, even though your true userid on that host is different. Contact the system administrator of the host you want to use to see whether a .klogin file is required.

If you have two different accounts on a kerberized host, each with a .klogin file that contains your SUNet ID, then you can point a login to either one of them by entering a value in the "username" field in Samson's Connect window (in the Edit dialog box) when you start the session. See more below...

• How do I login to a "non-Leland" kerberized host?

Problem: I can successfully login to the Elaine hosts through MacLeland, but I haven't been successful with a different kerberized host, Pandora, where I have a userid. I see an odd message, "Host refuses login" for my userid, and then it gives me the normal UNIX login. I can then login, but I get another odd message, "aklog: Couldn't get ir.stanford.edu AFS tickets: No ticket file (tf_util)".

Answer: As you are aware, you were indeed able to login to Pandora. However, your session wasn't kerberized, meaning, for one thing, that you had to enter your Pandora password, which was transmitted over the network unencrypted. (Aside from those messages, you can tell whether your session is kerberized by the appearance or non-appearance of the double-headed arrow on the right side of the host session's window bar in Samson.)

For a kerberized session, on many kerberized hosts you need a file named ".klogin" whose sole content is a line that looks like this:

userid@IR.STANFORD.EDU

where you replace userid with your own login SUNet ID. The .klogin file is used in a case-sensitive mode, so be sure the case of your SUNet ID is correct (probably lowercase) and that the remainder of the text is in uppercase, as shown. (Note: Some Stanford users may be in a different "realm" than IR. In that situation you would replace IR with the proper realm. Your system administrator can tell you if that is the case.) Save this file as .klogin at the directory level.

In essence, the .klogin file identifies all the SUNet IDs that are allowed to login to this userid via Kerberos, providing an alternate way to login than the standard UNIX userid/password sequence. Anyone whose SUNet ID you put in the .klogin file could thus login to your userid on that host via Samson/MacLeland/Kerberos. Hence, in situations where a userid for a host computer is shared among multiple people, each person's SUNet ID should be included in the .klogin file for that userid. Related to that, see below...

• What if my userid for a kerberized host doesn't match my SUNet ID?

Problem: I need to login to the Pandora computer, which is kerberized. When I use Samson to start a session on Pandora, MacLeland asks me for my SUNet ID and password, which I enter. When the Pandora session starts, Samson apparently tries to use my SUNet ID as my Pandora userid, and I don't get logged in.

Answer: This is a problem for users of any host computer where your userid on that host does not match your SUNet ID.

Besides setting up a .klogin file as described above on the host, you need to tell Samson what Pandora userid you want to use. This is done before the session begins, in Samson's Connect dialog box (in the Edit dialog box). There, you enter the host userid in the User Name entry field. When MacSamson opens the session, it passes the userid to the host (Pandora, in this example), and the host establishes the login with that userid, not the SUNet ID.

Though this is not as convenient as logging in to a host where your SUNet ID does match the userid for that host, it does still save you the step of entering your password for the host and also, of course, prevents your password from being sent unencrypted across the network. By the way, Samson saves the last settings you used for a session and establishes them again as the default the next time you select the session, so once you have done this, you don't have to re-enter the userid again the next time.

• Why don't I see the MacLeland menu in the menu bar?

First, make sure you have MacLeland installed on the Macintosh. Look for it inside the System Preferences application, in the "Other" section. Click on the MacLeland icon to open its settings, and then select the Menu panel. Be sure the check box for showing the MacLeland icon in the menu bar is checked.

• Where do I find the MacLeland settings?

In the MacLeland menu, or in the System Preferences application.

• Why can't I change the MacLeland settings?

Some MacLeland settings require you to provide the user name and password of an administrator of the Macintosh. If you don't have administrator access to the Mac, contact the Mac's owner or administrator to discuss the settings.

• Why are the Mount Home Folder & Mount Other... commands grayed out?

There are a couple possibilities:

• You may not have installed or enabled the AFS features of MacLeland (see the next question).
• You may not have been connected to the Internet at the time you last restarted your Macintosh. If there is no network connection, some of MacLeland's menu items may be grayed out. Even reconnecting, which may allow a MacLeland login to succeed, will not re-enable the Mount commands. If you have administrator privileges on the Mac, try the Start AFS Service command, underneath the Mount commands in the MacLeland menu. If you don't, try restarting - but be sure you have an established network connection right away during the reboot - often, a wireless connection on campus will not work because the connection gets established after MacLeland has already started.

• Why can't I mount my home folder (or other AFS folders)?

Only full-service SUNet accounts can have AFS space assigned to them in the Stanford realm.. If you have a basic-service sponsored SUNet ID, then the Mount Home Folder command will fail.

If you can normally mount your home folder from the Mac you are using, then this problem probably indicates a server or networking failure. See the suggestions under "I'm trying to login to MacLeland but can't" above.

Another possibility is that AFS is not installed or is not enabled in MacLeland. Open the Settings (MacLeland menu), select the AFS panel, and see if it is enabled. If it's not, or if you don't even see an AFS panel, you may need to install MacLeland AFS (see Installing MacLeland) and/or enable it in the AFS panel if you can.

• I can't see the dotfiles in my AFS home folder.

Files in AFS space that begin with a period (e.g., .login) are not shown within the folder, so they are not accessible from your Mac desktop.

• Why don't I have enough privileges to add/replace/remove my own AFS files?

Quick Fix that Often Solves the Problem: Make sure you're logged into MacLeland; if not, login again.

Sometimes when you are working with AFS directories on your desktop through MacLeland, you may get a message saying you don't have enough privileges to make the change you are trying to make, whether it is adding a new file to a directory, removing an old one, or saving a replacement copy of an existing one. Sometimes, of course, this may be true - you may not have access to someone else's home directory to remove files, for example. You can check your access to a particular directory or volume on your desktop with the Access Control List command in the AFS submenu of the contextual menu for the directory (see the section on MacLeland & the AFS File System for more details).

But if it's your own home directory, or if you know you have access to make the changes but you still get the error message, check that the kerberos AFS ticket for the volume hasn't expired; if it has, your privileges revert to "public" privileges for the mounted volume. The best way to check is to use the Show Status command in the MacLeland menu: when the Kerberos Status window opens, look for the ticket summary line (in the Ticket panel) with your SUNet ID in it (if you don't see one, you aren't logged into MacLeland at all); twirl the triangle on the left end of the line to show the ticket details. Look for a ticket for afs@IR.STANFORD.EDU. If you don't see one (or, again, if you weren't logged into MacLeland at all), then you are getting public privileges to the mounted volume. Relogging into MacLeland should re-establish your own AFS privileges for whatever volumes you have mounted.

• Why can't I delete these AFS files I have permission to delete?

Q: If I mount the AFS volume for a group I maintain, I cannot delete any file in any subdirectory. I can delete them by using the Terminal program. I can create files and re-name them, but I just can't delete them, I get this message: "The operation cannot be completed because some data cannot be read or written. (Error code -36)."

A: Actually, this is a problem with the Mac OS X Finder. Fortunately, the situation is fairly uncommon. Here are the details:

The Finder doesn't actually delete files, it moves them to the Trash. The Trash is stored in a directory (.Trashes) at the root level of each volume on the desktop. There are two circumstances under which the Finder would not be able to move a file from AFS into its appropriate Trash:

• If it couldn't write to the .Trashes directory, but it exists (if it does not exist, and it cannot create it, the Finder will simply offer to delete the file outright). This could happen if you do not have write permissions in AFS to the root level of the volume or to the .Trashes directory. OR
• If there is a .Trashes directory, but the the file resides on a different AFS volume from the volume mounted on the desktop. For example, mounting the group/networking directory mounts an AFS volume named "group.networking". But if you're deleting a file from the "WWW" subdirectory, those files actually reside in another AFS volume named "group.net.web" (you can control-click on a folder and choose AFS->Volume Information to get this name). It turns out that AFS doesn't allow you to move files across AFS volumes, and so the Finder cannot move your file to the Trash. Unfortunately, the Finder is not smart enough to do what the "mv" command would do, which is to copy the file and then delete it.
  

We have reported the problems to Apple, and we hope that they will be fixed in a future release of Mac OS X. In the meantime, here are some workarounds. Any of these should allow you to remove the file:

• Open the Terminal, and use the "rm" command. Since this does not involve moving the file, if you have AFS permissions to delete, it should work correctly.
  
• You might try mounting the AFS volume your files are on directly. i.e., if you are looking at the WWW subdirectory of the networking group directory, choose "AFS Volume" from the popup in MacLeland's Mount Other window and type "group.net.web".
• If you mount the "AFS Root" (i.e., all of AFS) and navigate through the entire AFS tree to your file, you will always be able to delete it. This is because there is never a .Trashes directory in /afs, and so the Finder will not try to move the file, but will instead offer to delete it.
  
• If you have write permission to the root of your directory (i.e., group/networking), you can "turn off" the Trash by using the following commands in the Terminal:
  
  % cd /Volumes/networking (or /afs/ir/group/networking on non-Mac OS X)
  % rm -rf .Trashes (remove existing Trash directory)
  % touch .Trashes (create file named .Trashes)
  
  This will prevent the Finder from ever being able to move a file to the Trash, but in a way that it will notice early enough to instead offer to simply delete the file. This, of course, will prevent anyone mounting the networking directory from being able to use the trash can to store files, but it may prove useful if you run into this problem frequently.

• Can MacLeland convert text between AFS and the Mac?

When you move text files created in UNIX and stored in AFS to the Mac, or move text files created on the Mac to AFS to be used in UNIX, you may run into formatting problems caused, for example, by extra carriage returns, or by missing ones. MacLeland cannot currently make the appropriate conversions as it moves a file from one place to another.

Your best bet is to use a text editor on the receiving end that is smart enough to make the right conversions, such as Microsoft Word.

• Can I make an alias of my AFS file to put on my Mac?

A: You can, but it will work only when the volume is mounted - they cannot be used to cause the AFS volume to be mounted.