[OpenAFS] Troubleshooting aklog/pioctl issue on Windows
Jeffrey Altman
jaltman@secure-endpoints.com
Tue, 05 Dec 2006 12:38:56 -0500
Doug:
Paul didn't say and since the "tokens" command is failing with the
same error it is unlikely that the problem is related to the size
of the tokens.
However, I agree that setting the NO_AUTH_DATA_REQUIRED flag on
non-Windows service accounts is a good idea in general. That
recommendation is listed in the OpenAFS for Windows release notes.
Jeffrey Altman
Douglas E. Engert wrote:
> You said the KDCs where Microsoft ADs. Is this a PAC size problem?
> Did the users get added to extra groups when this started?
>
> Did one of the fixes for copying a large ticket over the pioctl
> interface creep back in?
>
> One test/fix would be to change the afs principal to not use a PAC.
> i.e. set NO_AUTH_DATA_REQUIRED in the afs principal in AD. Its would be
> easy to test/install:
>
> http://support.microsoft.com/kb/832572
> http://support.microsoft.com/kb/305144
> http://support.microsoft.com/kb/327825
>
>
> Jeffrey Altman wrote:
>
>> Then try to answer the other question. What changed in your environment
>> that just before all your Windows systems broke.
>>
>> Jeffrey Altman
>>
>>
>> Gjefle, Paul D wrote:
>>
>>> Yes we are experiencing this problem across the board with all windows
>>> systems.
>>>
>>> --Paul
>>
>>
>> _______________________________________________
>> OpenAFS-info mailing list
>> OpenAFS-info@openafs.org
>> https://lists.openafs.org/mailman/listinfo/openafs-info
>>
>>
>