Doug: Paul didn't say and since the "tokens" command is failing with the same error it is unlikely that the problem is related to the size of the tokens.
However, I agree that setting the NO_AUTH_DATA_REQUIRED flag on non-Windows service accounts is a good idea in general. That recommendation is listed in the OpenAFS for Windows release notes. Jeffrey Altman Douglas E. Engert wrote: > You said the KDCs where Microsoft ADs. Is this a PAC size problem? > Did the users get added to extra groups when this started? > > Did one of the fixes for copying a large ticket over the pioctl > interface creep back in? > > One test/fix would be to change the afs principal to not use a PAC. > i.e. set NO_AUTH_DATA_REQUIRED in the afs principal in AD. Its would be > easy to test/install: > > http://support.microsoft.com/kb/832572 > http://support.microsoft.com/kb/305144 > http://support.microsoft.com/kb/327825 > > > Jeffrey Altman wrote: > >> Then try to answer the other question. What changed in your environment >> that just before all your Windows systems broke. >> >> Jeffrey Altman >> >> >> Gjefle, Paul D wrote: >> >>> Yes we are experiencing this problem across the board with all windows >>> systems. >>> >>> --Paul >> >> >> _______________________________________________ >> OpenAFS-info mailing list >> [email protected] >> https://lists.openafs.org/mailman/listinfo/openafs-info >> >> > _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
