[OpenAFS] Troubleshooting aklog/pioctl issue on Windows

Jeffrey Altman jaltman@secure-endpoints.com
Tue, 05 Dec 2006 12:38:56 -0500


Paul didn't say and since the "tokens" command is failing with the
same error it is unlikely that the problem is related to the size
of the tokens.

However, I agree that setting the NO_AUTH_DATA_REQUIRED flag on
non-Windows service accounts is a good idea in general.  That
recommendation is listed in the OpenAFS for Windows release notes.

Jeffrey Altman

Douglas E. Engert wrote:
> You said the KDCs where Microsoft ADs. Is this a PAC size problem?
> Did the users get added to extra groups when this started?
> Did one of the fixes for copying a large ticket over the pioctl
> interface creep back in?
> One test/fix would be to change the afs principal to not use a PAC.
> i.e. set NO_AUTH_DATA_REQUIRED in the afs principal in AD. Its would be
> easy to test/install:
> http://support.microsoft.com/kb/832572
> http://support.microsoft.com/kb/305144
> http://support.microsoft.com/kb/327825
> Jeffrey Altman wrote:
>> Then try to answer the other question.  What changed in your environment
>> that just before all your Windows systems broke.
>> Jeffrey Altman
>> Gjefle, Paul D wrote:
>>> Yes we are experiencing this problem across the board with all windows
>>> systems.
>>> --Paul 
>> _______________________________________________
>> OpenAFS-info mailing list
>> OpenAFS-info@openafs.org
>> https://lists.openafs.org/mailman/listinfo/openafs-info