[OpenAFS] Ticket length error on Mac OSX 10.4.x
Douglas E. Engert
deengert@anl.gov
Tue, 30 May 2006 12:46:39 -0500
Larry Cashdollar wrote:
> 1.2.11, All my linux clients work fine, but they are using the 1.2.11
> clients as well. I see this is probably because my old server and
> clients work fine together, but the new mac version is trying to use
> the large ticket length? So I should upgrade to the latest.
>
You can set the NO_AUTH_REQUIRED bit in the afs acount in AD, so that
the ticket for this service will not have a PAC, and thus be much smaller.
AFS does not use the PAC. You need to add the bit to the userAccountControl.
Your AD admin can do this with mmc and ADSI edit or some other tools.
NO_AUTH_DATA_REQUIRED 0x2000000 33554432
See: http://support.microsoft.com/kb/832572
>
> On 5/28/06, Jeffrey Altman <jaltman@secure-endpoints.com> wrote:
>
>> What version are your servers? RXKADTICKETLEN means the length of
>> the token is either too large or too small. You probably have one
>> or more servers that do not support the large tickets issued by
>> Active Directory.
>>
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
>
>
--
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444