[OpenAFS] Troubleshooting aklog/pioctl issue on Windows
Tue, 05 Dec 2006 12:38:56 -0500
Paul didn't say and since the "tokens" command is failing with the
same error it is unlikely that the problem is related to the size
of the tokens.
However, I agree that setting the NO_AUTH_DATA_REQUIRED flag on
non-Windows service accounts is a good idea in general. That
recommendation is listed in the OpenAFS for Windows release notes.
Douglas E. Engert wrote:
> You said the KDCs where Microsoft ADs. Is this a PAC size problem?
> Did the users get added to extra groups when this started?
> Did one of the fixes for copying a large ticket over the pioctl
> interface creep back in?
> One test/fix would be to change the afs principal to not use a PAC.
> i.e. set NO_AUTH_DATA_REQUIRED in the afs principal in AD. Its would be
> easy to test/install:
> Jeffrey Altman wrote:
>> Then try to answer the other question. What changed in your environment
>> that just before all your Windows systems broke.
>> Jeffrey Altman
>> Gjefle, Paul D wrote:
>>> Yes we are experiencing this problem across the board with all windows
>> OpenAFS-info mailing list