Hi !
We got a problem running the OpenAFS client on a Windows 2003 Terminal
Server. We use the integrated logon feature to obtain a AFS token at logon,
because the users home directorys are stored in afs. Additionally, we use
Kerberos for Windows 2.6.5.
The problem is, that with OpenAFS client version 1.5.x, we are getting an
error during logon. The message is
Integrated login failed: Credentials cache I/O operation failed XXX
The result is, that the user does not get his home directory, but a
temporary local profile. When he has logged in, the OpenAFS client works, so
the user can access afs. (This is probably because the leash gets the AFS
token) Just the OpenAFS integrated logon fails. (We tested both KfW 2.6.5
and 3.1, no difference)
If you disable the OpenAFS integrated logon feature, the error does not
occur, but the user does not get his home directory (that's clear, because,
the OpenAFS client does not have a token at this time, so he cannot access
the user directory in afs).
BUT if the user logs out and then logs in again, everything works fine, no
error but the users home directory, That's because the user gets a token
once he has logged in and this token has a specific lifetime. If the same
user logs in a second time, while the afs token is still valid, the OpenAFS
client can now access the users afs directory during login and load the
profile.
We got this error with OpenAFS 1.5.x and with OpenAFS 1.4.3. Prior versions
work, but only a specific time, lets say, a day, or a half and than, the
same problem occurs. But if you reboot the server, with version < 1.4.3
installed, it works again for a while. Very strange ...
Another phenomenon is, that this error only occurs, if a user trys to login
remotly. On the console of the terminal server (if the user is sitting in
front of the server), everything works fine. No error at all. But if the
same user wants to login via terminal service, he gets the error.
As I mentioned before, we evaluated KfW 2.6.5 till 3.1, no difference. To
eliminate the influence of Microsoft patches, we tested the configuration on
an unpattched vanilla Windows 2003 Server installation, but still the error
occurs.
If you need more informations, feel free to ask.
Michael Sievers
--
Universität Paderborn
Zentrum für Informations- und Medientechnologien
Warburgerstr. 100
33098 Paderborn (Germany)
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
