Comments inline below.. On Wed, Oct 22, 2008 at 2:28 PM, Jeffrey Altman < [EMAIL PROTECTED]> wrote:
> If NIM is getting and listing tokens, then KFW is working just fine. > > pioctl error 0x66543218 means "End of List" > Okay, I generated garbage for you. Sorry. I thought I could produce this remotely, so I did a psexec shell and captured this info. Clearly, I would be been using a different smb session than the primary user. > The tokens command does not use KFW. It speaks to the AFS cache manager > via the pioctl interface which is implemented as a file > open/write/read/close sequence on a file called _._AFS_IOCTL_._ in the > AFS name space. The file open is performed in the context of a > particular SMB session. Each session has an authenticated identity. > The tokens are stored in the AFS cache manager bound to the SMB > authentication identity. > > I have been back to the system, logged in with the users credentials instead of my own and generated the afsd_alloc.log. It is on /afs/ asu.edu/pp/oss/afsDumps along with the output of klist, a screen shot of NIM and the configuration files I use with I install KfW. > > With oafw 1.5.54 if you use "fs memdump" it will output the list of > tokens that are known as part of the output to > %windir%\temp\afsd_alloc.log. However, it won't tell you what smb > authentication session a command is executed under. > KFW is version 3.2.2 -- resintalled today. Windows is XP Pro with SP2 credential cache is API: -- we do make use of windows logon credentials. I've stopped using kinit and only use NIM to get and destroy tickets. I do succesfully get tickets in asu.edu, as the output of klist shows: Ticket cache: API:[EMAIL PROTECTED] <[EMAIL PROTECTED]> Default principal: [EMAIL PROTECTED] Valid starting Expires Service principal 10/23/08 15:34:38 10/24/08 01:34:39 krbtgt/[EMAIL PROTECTED] renew until 10/30/08 15:30:56 but I'm not getting the [EMAIL PROTECTED] credential.. ?? why? So, does this indicate the problem is with KfW instead of openafs? > > > > On Wed, Oct 22, 2008 at 12:18 PM, Jeffrey Altman > > <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> > wrote: > > > > NIM uses the same pioctl call as tokens.exe to obtain the tokens > list. > > > > As long as they are being executed from within the same logon session > > they will display the same results. > > > > Hint: "Run as ..." or "Run as administrator" produces a new logon > > session. > > > > Okay -- I tried this from cmd, in a new session. > > This failes. > > C:\WINDOWS\system32>tokens > > > > Tokens held by the Cache Manager: > > > > --End of list -- > > pioctl temp != 0: 0x66543218 > > Then > > C:\WINDOWS\system32>kinit iddwb > > kinit(v5): Inappropriate I/O control operation while getting initial > > credentials > > > > So, I guess kfw is not working properly here. Any pointers on what could > > be wrong with KFW? > > > > > > Jeffrey Altman > > > > David Bear wrote: > > > I am using > > > > > > /usr/sbin/rxdebug -server pp-bvossoughi.dhcp.asu.edu > > <http://pp-bvossoughi.dhcp.asu.edu> > > > <http://pp-bvossoughi.dhcp.asu.edu> -port 7001 -vers > > > > > > Trying 10.218.16.141 (port 7001): > > > AFS version: OpenAFS_1.5.5400 > > > > > > This system has had intermittent erros with accessing openafs. The > > issue > > > seems to be always an access/token issue. > > > > > > KFW 3.2.2 is install and the user is able to get tokens in the > > asu.edu <http://asu.edu> > > > <http://asu.edu> realm. NIM show the TGT's. > > > > > > However, any attempt to use 'tokens' to display the afs tokens > > causes this: > > > > > > C:\Documents and Settings\bvossoug>tokens > > > Tokens held by the Cache Manager: > > > > > > pioctl temp != 0: 0x66543218 > > > --End of list -- > > > > > > I googled and found someone with a similar error here: > > > > > > http://www.openafs.org/pipermail/openafs-info/2006-December/024568.html > > > > > > But I don't know if it could be related since there was no > > resolution on > > > the thread and it is so old. > > > > > > I created an fs minidump and copied that ad the afsd_init.log to > > an afs > > > location that should be world readable at > > > > > > /afs/asu.edu/pp/oss/afsDumps <http://asu.edu/pp/oss/afsDumps> > > <http://asu.edu/pp/oss/afsDumps> > > > > > > ( the acl is set as system:anyuser so I hope the world can read > this > > > location ) > > > > > > Any pointers on where to go next? (BTW, the issue seems to be tied > > to a > > > specific user logon. I was able to log on to windows as myself, get > > > tokens, and use afs) > > > > > > -- > > > > > > David Bear > > > College of Public Programs at ASU > > > 602-464-0424 > > > > > > > > > > -- > > David Bear > > College of Public Programs at ASU > > 602-464-0424 > > > -- David Bear College of Public Programs at ASU 602-464-0424
