[OpenAFS] ADS communications issue?

Douglas E. Engert deengert@anl.gov
Tue, 08 Sep 2009 16:56:48 -0500

Eric Chris Garrison wrote:
> Jeffrey Altman wrote:
>> I suspect you are being bitten by a problem with the multi-realm
>> support in 1.4.11.   The src/util directory is not being compiled
>> with the correct environment variable set so the cross-realm support
>> is failing.  The quick fix is to remove the
>>   #if     defined(AFS_ATHENA_STDENV) || defined(AFS_KERBREALM_ENV)
>>   #endif
>> pair in src/util/get_krbrlm.c fs_is_foreign_ticket_name()
>> Jeffrey Altman
> If that's the case, why does the ADS realm work on other machines?
> One more interesting fact, we suspected a MTU mismatch... our AFS servers
> are 1500 MTU (running servers with -nojumbo arguments), and the
> supercomputer in question are set to 9000 MTU.
> When we had the admins set a node to 1500 MTU, the problem went away.
> Since this isn't practical for the whole cluster, we had them change it
> back to 9000 and ran the client with the following set:
>    AFSD_ARGS="-rxmaxmtu 1500"

Try -rxmaxmtu 1444, as this needs to be 56 bytes less then the real MTU.

> However, this (9000 MTU + rxmaxmtu 1500) hangs just as before.
> Any more ideas, with this new information?

If its the large ticket problem, there is a way to tell AD that the service
ticket for AFS does not need a PAC, thus reducing the size from maybe 12k to
less then 500 bytes.

See: http://support.microsoft.com/kb/305144
And this which adds the NO_AUTH_DATA_REQUIRED

Your admin can set NO_AUTH_DATA_REQUIRED on the afs service account in AD.

> Chris


  Douglas E. Engert  <DEEngert@anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444