[OpenAFS] Re: Weird LAN/WAN login problem

jukka.tuominen@finndesign.fi jukka.tuominen@finndesign.fi
Mon, 25 Feb 2013 22:35:09 +0200 (EET) 

> On Sun, 24 Feb 2013 20:50:02 +0200
> Jukka Tuominen <jukka.tuominen@finndesign.fi> wrote:
>
>> > What happens from WAN? What failure or error message do you see?
>>
>> It cannot find .ICEauthority file, so I guess it means afs isn't
>> available?
>
> I don't know; as far as I know that's what it says for any error when
> trying to access your homedir. Without knowing the specific error that
> is occurring, I can't say what is failing.

Any particular log you have in mind?

/var/log/auth.log  :(userA let in, UserB fails)
Feb 25 20:41:24 host-name gdm-session-worker[2100]:
pam_succeed_if(gdm:auth): requirement "user ingroup nopasswdlogin" not met
by user "userA"
Feb 25 20:42:39 host-name gdm-session-worker[2100]: pam_krb5(gdm:auth):
user userA authenticated as userA@COMPANY.COM
Feb 25 20:42:40 host-name gdm-session-worker[2100]: pam_unix(gdm:session):
session opened for user userA by (uid=0)

Feb 25 20:43:14 host-name polkitd(authority=local): Registered
Authentication Agent for session /org/freedesktop/ConsoleKit/Session2
(system bus name :1.32
[/usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1], object
path /org/gnome/PolicyKit1/AuthenticationAgent, locale en_US.utf8)
Feb 25 20:44:46 host-name gdm-session-worker[2100]: pam_unix(gdm:session):
session closed for user userA


Feb 25 20:44:58 host-name gdm-session-worker[9973]:
pam_succeed_if(gdm:auth): requirement "user ingroup nopasswdlogin" not met
by user "userB"
Feb 25 20:45:07 host-name gdm-session-worker[9973]: pam_krb5(gdm:auth):
user userB authenticated as userB@COMPANY.COM
Feb 25 20:45:08 host-name gdm-session-worker[9973]: pam_unix(gdm:session):
session opened for user userB by (uid=0)
Feb 25 20:45:16 host-name gnome-keyring-daemon[10642]: unable to create
keyring dir: /afs/COMPANY.COM/user/u/us/userB/.gnome2/keyrings

xxxxxxxxxxxxxxxxxxxxxxxx

/var/log/daemon.log, /var/log/syslog: (unrelated daemons saying unable to
access homedir)


> One of the situations you
> mentioned was this:
>
>>>> - Once A logged in from WAN, you cannot see the full path to the B
>>>> homedir. In LAN you do.
>
> So, you log in as user A on the WAN, and you try to access the homedir
> for user B. What is the error message you get from, say, 'ls'? The exact
> error message.

In Nautilus (file manager), it doesn't give any error message. It behaves
as if the parent directory is empty. On command line,

$ls >> cannot access [directory name]. Connection timed out
$cd [directory name] >> Connection timed out

The time out happends immediately, BTW.

>
> --
> Andrew Deason
> adeason@sinenomine.net
>
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
>