On Thu, 8 Oct 2009 17:30:36 -0400 "Daniel Richard G." <[email protected]> wrote:
> I see a lot of "byte-range lock/unlock ignored; make sure no one else > is running this program" messages, which I presume are harmless. Harmless unless you need byte-range locks to work right. > I also see in one place "Tokens for user of AFS id NNNNN for cell > teragram.com have expired", shortly before a support incident where > this user lost access in the manner already described. However, this > occurred at 2:30pm, for a user who arrived and authenticated at ~9am > (and our ticket lifetimes are at the default of 10h). You may want to describe how credentials are acquired, then. Is this logging in via ssh, or is this an X session, or something else? Are you using PAM, and what PAM modules are you using? If the user somehow already had tokens, then e.g. 'aklog' may not do anything. You may want to verify that a user is in a PAG when they login. In my opinion, the easiest-explained way to verify that is just to have someone log in twice, 'unlog' in one session, and verify you have tokens in one session and not the other. Also, check the clocks on all related systems. I would think you'd get a different error if clock synch was your problem, but clocks being wrong makes things go all kinds of screwy in my experience. -- Andrew Deason [email protected] _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
