Hi all, we are using openafs now for 1 year at uni-klu.ac.at with debian sarge servers and clients (version 1.2.13) and linux kernel 2.4.30. We have our homedirectories as well as a netbootable AFSroot (similar to nfsroot) installation on AFS now.
last week we had a bad power outage, our large sized UPS failed, all servers and routers crashed. We could revive our AFS cell, salvaging went well, our kerberos KDC (heimdal-kdc, with its database stored in LDAP (openldap)) works again. But now we get frequently the error: fs: Tokens for user of AFS id XYZ for cell uni-klu.ac.at are discarded (rxkad error=19270405) when logging in with pam_krb5 + pam_openafs_session or simply after issuing a kinit / aklog command. It shows a complete random behaviour, no matter what type of hardware, which subnet ... sometimes you can login (ssh, kdm) several times successfully - then it starts again. I grepped a little bit through the openafs kernel sources, and found only one place which spits out the above error message: ./afs/afs_analyze.c:515 Now I'm searching for places where the RXKADNOAUTH=19260405 error code gets set. one place ist rxkad/ticket5.c where an "invalid" flag in the afs/[EMAIL PROTECTED] causes this code to be set. Before I go further, I want to ask if there is any general advice how to solve this "caller not authorized" issue? Does it mean that our KDC does not work reliably? Or can it be that some router hardware (possibly broken after power outage) causes RPC errors or damages packets? I captured a login trial with rxkad error and I can see the TGT ticket, the AFS ticket and the RX AFS PROT name-to-id call pass over the wire without any sign of trouble. Can it be that our AFSDB servers have been hit? (we compared their db files with md5sum and they are identically, pts listentries ..., vos listvldb etc. works, ...) any advice? Thanks in advance Albrecht Gebhardt -- // Albrecht Gebhardt Tel.: (++43 463) 2700/3118 // Institut fuer Mathematik Fax : (++43 463) 2700/3198 // Universitaet Klagenfurt mailto:[EMAIL PROTECTED] // Universitaetsstr. 65 http://www.math.uni-klu.ac.at/~agebhard // A-9020 Klagenfurt, Austria // GPG PK: http://www.math.uni-klu.ac.at/~agebhard/agebhard.asc // GPG FP: F46F 656E E83C 9323 CE30 FF8F 9DBA D1A3 B55A 78A6 _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
