[OpenAFS] Need help: Tokens stop working

Douglas E. Engert deengert@anl.gov
Thu, 08 Oct 2009 16:57:12 -0500


Daniel Richard G. wrote:
> Hello list,
> 
> I'm trying to diagnose a problem that's been plaguing some of our users here.
> 
> The behavior: AFS access stops working, well in advance of the Kerberos 
> authentication expiring. Sometimes, only certain files become inaccessible; 
> other times, it's as though "unlog" had been run. However, tokens(1) 
> consistently shows that the user still has a token, valid or otherwise.
> 
> Often, running "unlog; aklog" corrects the hiccup. Sometimes, this has to be 
> run two or three times in a row to have the desired effect.
> 
> I'd like to ask if anyone has an idea what might be causing this, and 
> otherwise, what tools/commands I could use to see what's going on with the 
> token. (Obviously, "aklog -d" isn't of much help here.)
> 
> The server is 1.4.7 on Debian Lenny; clients are 1.4.9 on Ubuntu Jaunty.

Are clocks in sync? (5 minutes of the AFS servers)

Are you using PAGs?

(id -a should have the PAG number as a large group number
between 1090519040 and 1107296255)

Does same use login more then once a the same  time?

Do you use pam_afs_session?

> 
> 
> --Daniel
> 
> 

-- 

  Douglas E. Engert  <DEEngert@anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444