[OpenAFS] openafs pioctl issue on windows

David Bear David.Bear@asu.edu
Wed, 22 Oct 2008 12:56:44 -0700 

------=_Part_33691_32877454.1224705404574
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

On Wed, Oct 22, 2008 at 12:18 PM, Jeffrey Altman <
jaltman@secure-endpoints.com> wrote:

> NIM uses the same pioctl call as tokens.exe to obtain the tokens list.
>
> As long as they are being executed from within the same logon session
> they will display the same results.
>
> Hint: "Run as ..." or "Run as administrator" produces a new logon session.
>
Okay -- I tried this from cmd, in a new session.
This failes.
C:\WINDOWS\system32>tokens

Tokens held by the Cache Manager:

  --End of list --
pioctl temp != 0: 0x66543218
Then
C:\WINDOWS\system32>kinit iddwb
kinit(v5): Inappropriate I/O control operation while getting initial
credentials

So, I guess kfw is not working properly here. Any pointers on what could be
wrong with KFW?


> Jeffrey Altman
>
> David Bear wrote:
> > I am using
> >
> > /usr/sbin/rxdebug -server pp-bvossoughi.dhcp.asu.edu
> > <http://pp-bvossoughi.dhcp.asu.edu> -port 7001 -vers
> >
> > Trying 10.218.16.141 (port 7001):
> > AFS version: OpenAFS_1.5.5400
> >
> > This system has had intermittent erros with accessing openafs. The issue
> > seems to be always an access/token issue.
> >
> > KFW 3.2.2 is install and the user is able to get tokens in the asu.edu
> > <http://asu.edu> realm. NIM show the TGT's.
> >
> > However, any attempt to use 'tokens' to display the afs tokens causes
> this:
> >
> > C:\Documents and Settings\bvossoug>tokens
> > Tokens held by the Cache Manager:
> >
> > pioctl temp != 0: 0x66543218
> >   --End of list --
> >
> > I googled and found someone with a similar error here:
> > http://www.openafs.org/pipermail/openafs-info/2006-December/024568.html
> >
> > But I don't know if it could be related since there was no resolution on
> > the thread and it is so old.
> >
> > I created an fs minidump and copied that ad the afsd_init.log to an afs
> > location that should be world readable at
> >
> > /afs/asu.edu/pp/oss/afsDumps <http://asu.edu/pp/oss/afsDumps>
> >
> > ( the acl is set as system:anyuser so I hope the world can read this
> > location )
> >
> > Any pointers on where to go next? (BTW, the issue seems to be tied to a
> > specific user logon. I was able to log on to windows as myself, get
> > tokens, and use afs)
> >
> > --
> >
> > David Bear
> > College of Public Programs at ASU
> > 602-464-0424
>



-- 
David Bear
College of Public Programs at ASU
602-464-0424

------=_Part_33691_32877454.1224705404574
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

<br><br><div class="gmail_quote">On Wed, Oct 22, 2008 at 12:18 PM, Jeffrey Altman <span dir="ltr">&lt;<a href="mailto:jaltman@secure-endpoints.com">jaltman@secure-endpoints.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
NIM uses the same pioctl call as tokens.exe to obtain the tokens list.<br>
<br>
As long as they are being executed from within the same logon session<br>
they will display the same results.<br>
<br>
Hint: &quot;Run as ...&quot; or &quot;Run as administrator&quot; produces a new logon session.<br>
</blockquote><div></div><div>Okay -- I tried this from cmd, in a new session.</div><div>This failes.</div><div>C:\WINDOWS\system32&gt;tokens<br><br>Tokens held by the Cache Manager:<br><br>&nbsp;  --End of list --<br>pioctl temp != 0: 0x66543218<br>
</div><div></div><div>Then<br>C:\WINDOWS\system32&gt;kinit iddwb<br>kinit(v5): Inappropriate I/O control operation while getting initial credentials<br><br>So, I guess kfw is not working properly here. Any pointers on what could be wrong with KFW?<br>
</div><div>&nbsp;</div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">Jeffrey Altman<br>
<div class="Ih2E3d"><br>
David Bear wrote:<br>
&gt; I am using<br>
&gt;<br>
&gt; /usr/sbin/rxdebug -server <a href="http://pp-bvossoughi.dhcp.asu.edu" target="_blank">pp-bvossoughi.dhcp.asu.edu</a><br>
</div>&gt; &lt;<a href="http://pp-bvossoughi.dhcp.asu.edu" target="_blank">http://pp-bvossoughi.dhcp.asu.edu</a>&gt; -port 7001 -vers<br>
<div class="Ih2E3d">&gt;<br>
&gt; Trying <a href="http://10.218.16.141" target="_blank">10.218.16.141</a> (port 7001):<br>
&gt; AFS version: OpenAFS_1.5.5400<br>
&gt;<br>
&gt; This system has had intermittent erros with accessing openafs. The issue<br>
&gt; seems to be always an access/token issue.<br>
&gt;<br>
&gt; KFW 3.2.2 is install and the user is able to get tokens in the <a href="http://asu.edu" target="_blank">asu.edu</a><br>
</div>&gt; &lt;<a href="http://asu.edu" target="_blank">http://asu.edu</a>&gt; realm. NIM show the TGT&#39;s.<br>
<div class="Ih2E3d">&gt;<br>
&gt; However, any attempt to use &#39;tokens&#39; to display the afs tokens causes this:<br>
&gt;<br>
&gt; C:\Documents and Settings\bvossoug&gt;tokens<br>
&gt; Tokens held by the Cache Manager:<br>
&gt;<br>
&gt; pioctl temp != 0: 0x66543218<br>
&gt; &nbsp; --End of list --<br>
&gt;<br>
&gt; I googled and found someone with a similar error here:<br>
&gt; <a href="http://www.openafs.org/pipermail/openafs-info/2006-December/024568.html" target="_blank">http://www.openafs.org/pipermail/openafs-info/2006-December/024568.html</a><br>
&gt;<br>
&gt; But I don&#39;t know if it could be related since there was no resolution on<br>
&gt; the thread and it is so old.<br>
&gt;<br>
&gt; I created an fs minidump and copied that ad the afsd_init.log to an afs<br>
&gt; location that should be world readable at<br>
&gt;<br>
</div>&gt; /afs/<a href="http://asu.edu/pp/oss/afsDumps" target="_blank">asu.edu/pp/oss/afsDumps</a> &lt;<a href="http://asu.edu/pp/oss/afsDumps" target="_blank">http://asu.edu/pp/oss/afsDumps</a>&gt;<br>
<div><div class="Wj3C7c">&gt;<br>
&gt; ( the acl is set as system:anyuser so I hope the world can read this<br>
&gt; location )<br>
&gt;<br>
&gt; Any pointers on where to go next? (BTW, the issue seems to be tied to a<br>
&gt; specific user logon. I was able to log on to windows as myself, get<br>
&gt; tokens, and use afs)<br>
&gt;<br>
&gt; --<br>
&gt;<br>
&gt; David Bear<br>
&gt; College of Public Programs at ASU<br>
&gt; 602-464-0424<br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br>David Bear<br>College of Public Programs at ASU<br>602-464-0424<br>

------=_Part_33691_32877454.1224705404574--