[OpenAFS] Need help: Tokens stop working
Douglas E. Engert
Thu, 08 Oct 2009 16:57:12 -0500
Daniel Richard G. wrote:
> Hello list,
> I'm trying to diagnose a problem that's been plaguing some of our users here.
> The behavior: AFS access stops working, well in advance of the Kerberos
> authentication expiring. Sometimes, only certain files become inaccessible;
> other times, it's as though "unlog" had been run. However, tokens(1)
> consistently shows that the user still has a token, valid or otherwise.
> Often, running "unlog; aklog" corrects the hiccup. Sometimes, this has to be
> run two or three times in a row to have the desired effect.
> I'd like to ask if anyone has an idea what might be causing this, and
> otherwise, what tools/commands I could use to see what's going on with the
> token. (Obviously, "aklog -d" isn't of much help here.)
> The server is 1.4.7 on Debian Lenny; clients are 1.4.9 on Ubuntu Jaunty.
Are clocks in sync? (5 minutes of the AFS servers)
Are you using PAGs?
(id -a should have the PAG number as a large group number
between 1090519040 and 1107296255)
Does same use login more then once a the same time?
Do you use pam_afs_session?
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439