[OpenAFS] Frozen mount points and challenge / response loop [solved]

Assarsson, Emil Emil.Assarsson@sonyericsson.com
Thu, 25 Nov 2010 14:01:27 +0100

Hi all,

I runned into a problem where I got  frozen mount points where a user had t=
o authenticate.
After a few tcpdumps I found out that it looped the challenge / response me=
ssages every 2 sec.

I found out that the user was a member in about 400 groups.
We use AD so the KDC gave me a PAC in the ticket so the ticket became large=
r than 8k.
It seemed like the ticket was ignored by the fileserver and it asked for a =

I resolved this issue by setting the NO_AUTH_REQUIRED flag on the AD object=
 holding the servicePrincipalName according to this page

In hope that it will help someone else :-)
Best regards

Emil Assarsson
Sony Ericsson Mobile Communications AB

"The information in this email, and attachment(s) thereto, is strictly conf=
idential and may be legally privileged. It is intended solely for the named=
 recipient(s), and access to this e-mail, or any attachment(s) thereto, by =
anyone else is unauthorized. Violations hereof may result in legal actions.=
 Any attachment(s) to this e-mail has been checked for viruses, but please =
rely on your own virus-checker and procedures. If you contact us by e-mail,=
 we will store your name and address to facilitate communications in the ma=
tter concerned. If you do not consent to us storing your name and address f=
or above stated purpose, please notify the sender promptly. Also, if you ar=
e not the intended recipient please inform the sender by replying to this t=
ransmission, and delete the e-mail, its attachment(s), and any copies of it=
 without, disclosing it."