On Thu, Oct 30, 2008 at 1:25 PM, Jeffrey Altman < [EMAIL PROTECTED]> wrote:
> The pioctl error is not strange. Previously in this thread I indicated > that it means 'end of list'. Aklog reads the list of existing tokens. > There were none. Tokens reads the list of tokens. There was one. > > What seems strange to me is that on 'normally functioning systems' (those with openafs and kfw that works as expected) I don't see the pioctl error. The other strange thing is why did I suddenly get a [EMAIL PROTECTED] service ticket after performing the kvno on the other host principal? > Jeffrey Altman > > -original message- > Subject: Re: [OpenAFS] openafs pioctl issue on windows > From: "David Bear" <[EMAIL PROTECTED]> > Date: 2008-10-30 11:43 > > This is getting stranger and stranger -- Jeff, I finally got the name of > another service to test.. below is a screen shot of what happened. > > On Thu, Oct 23, 2008 at 7:11 PM, Jeffrey Altman < > [EMAIL PROTECTED]> wrote: > > > David Bear wrote: > > > KFW is version 3.2.2 -- resintalled today. > > > Windows is XP Pro with SP2 > > > credential cache is API: -- we do make use of windows logon > credentials. > > > I've stopped using kinit and only use NIM to get and destroy tickets. I > > > do succesfully get tickets in asu.edu <http://asu.edu>, as the output > > > of klist shows: > > > Ticket cache: API:[EMAIL PROTECTED] <[EMAIL PROTECTED]> < > [EMAIL PROTECTED] <[EMAIL PROTECTED]>> <mailto: > > [EMAIL PROTECTED] <[EMAIL PROTECTED]> < > [EMAIL PROTECTED] <[EMAIL PROTECTED]>>> > > > Default principal: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > > > > > > Valid starting Expires Service principal > > > 10/23/08 15:34:38 10/24/08 01:34:39 krbtgt/ASU.EDU > > > <http://ASU.EDU>@ASU.EDU <http://ASU.EDU> > > > renew until 10/30/08 15:30:56 > > > > > > but I'm not getting the [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > > > credential.. > ?? > > > why? > > > So, does this indicate the problem is with KfW instead of openafs? > > > > You have not received any service tickets. All you have is a TGT. > > > > Can you obtain service tickets for any service? > > > > kvno.exe <service-ticket-name> > > > > You could also turn on logging in NIM and examine the log. > > > > My guess is that assuming you have the AFS credential acquisition > > properly configured for NIM that the clock on the machine is not > > set correctly. Wrong time or wrong time zone. > > > > I check the date/time.. It syncing with the domain controls which sync > the > the kerb servers. It all works. > > I did the following in a cmd shell: > > > C:\Documents and Settings\bvossoug>klist > > Ticket cache: API:[EMAIL PROTECTED] <[EMAIL PROTECTED]> < > [EMAIL PROTECTED] <[EMAIL PROTECTED]>> > Default principal: [EMAIL PROTECTED] > Valid starting Expires Service principal > > 10/30/08 08:45:08 10/30/08 18:45:10 krbtgt/[EMAIL PROTECTED] > > renew until 11/06/08 08:44:55 > > C:\Documents and Settings\bvossoug>aklog > pioctl temp != 0: 0x66543218 > > NOTE how AKLOG fails. > > Then, testing with kvno to get another service, works okay. > > C:\Documents and Settings\bvossoug>kvno host/[EMAIL PROTECTED] > host/[EMAIL PROTECTED]: kvno = 4 > > NOW the thing thats weird is that AFTER i did the kvno, NIM suddenly > updated > itself and suddenly I had [EMAIL PROTECTED] service tickets. So I check using > the > tokens command > > C:\Documents and Settings\bvossoug>tokens > Tokens held by the Cache Manager: > > User [EMAIL PROTECTED]'s tokens for [EMAIL PROTECTED] [Expires Oct 30 18:45] > > pioctl temp != 0: 0x66543218 > > --End of list ---- > > So, tokens finally says that the user as an AFS token, but still returns > the > pioctrol error. > > This is getting curiouser and curiouser... > > -- > David Bear > College of Public Programs at ASU > 602-464-0424 > > > -- David Bear College of Public Programs at ASU 602-464-0424
