[OpenAFS] ADS communications issue?
Douglas E. Engert
deengert@anl.gov
Tue, 08 Sep 2009 16:56:48 -0500
Eric Chris Garrison wrote:
> Jeffrey Altman wrote:
>> I suspect you are being bitten by a problem with the multi-realm
>> support in 1.4.11. The src/util directory is not being compiled
>> with the correct environment variable set so the cross-realm support
>> is failing. The quick fix is to remove the
>>
>> #if defined(AFS_ATHENA_STDENV) || defined(AFS_KERBREALM_ENV)
>> #endif
>>
>> pair in src/util/get_krbrlm.c fs_is_foreign_ticket_name()
>>
>> Jeffrey Altman
>
> If that's the case, why does the ADS realm work on other machines?
>
> One more interesting fact, we suspected a MTU mismatch... our AFS servers
> are 1500 MTU (running servers with -nojumbo arguments), and the
> supercomputer in question are set to 9000 MTU.
>
> When we had the admins set a node to 1500 MTU, the problem went away.
> Since this isn't practical for the whole cluster, we had them change it
> back to 9000 and ran the client with the following set:
>
> AFSD_ARGS="-rxmaxmtu 1500"
Try -rxmaxmtu 1444, as this needs to be 56 bytes less then the real MTU.
>
> However, this (9000 MTU + rxmaxmtu 1500) hangs just as before.
>
> Any more ideas, with this new information?
If its the large ticket problem, there is a way to tell AD that the service
ticket for AFS does not need a PAC, thus reducing the size from maybe 12k to
less then 500 bytes.
See: http://support.microsoft.com/kb/305144
And this which adds the NO_AUTH_DATA_REQUIRED
http://support.microsoft.com/kb/832572
Your admin can set NO_AUTH_DATA_REQUIRED on the afs service account in AD.
>
> Chris
--
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444