On 6/10/2010 5:26 AM, Michael Richter wrote:
1. yes
2. yes
3. I'm not sure what cross-realm is. We have the "real" windows domain
and a kerberos domain which is the same in background.
Can you explain what you mean by "kerberos domain which is the same in
background." If both AD and the the "Kerberos domain" have the same name
and the Kerberos "domain" Kerberos V5, then you will have lots of issues.
It is very hard to tell a library which one to use if they have the same
name and use the same K5 protocol. Both can use the same DNS SRV records,
and different libraries can share the same ticket cache.
If you login with
the "real" domain you get 2 tokens, one for the real domain and one for
the kerberos domain. And you need the kerberos domain ticket to access
the AFS share.
schrieb Dave B:
We skipped over vista...
A few questions...
1. are you doing integrated login?
2. are the computers in a domain?
3. are you doing cross-realm mit kerberos logins?
On Wed, 2010-06-09 at 16:39 +0200, Michael Richter wrote:
We have 32 Vista notebooks (same software and configuration) and on 3 of
them we have exact the same problem. I couldn't find a difference
between these machines so it's a strange problem.
Dave B<[email protected]> schrieb am Wed, 09.06.2010 um 15:50:
Anyone else seen this have any thoughts?
This is one of those annoying can't reproduce on command might happen
many times in a day then not for a couple of weeks type of bugs.
I don't know that this issue is afs related but am being asked to
investigate that possibility. We have had both oafs 1.5.65 and oafs
1.5.74 on Windows 7, both 32 and 64-bit. Win7 machines in a domain,
cross realm MIT Kerberos login (except for the Administrative user).
Integrated login attempted.
After putting in the username and password, sometimes the machine will
"hang" at the "Welcome" message (the little blue wheel keeps spinning).
If the hang involves a cross realm Kerberos user, pslist -t \\machine
does not show a mpnotify or krbcc32s running as subprocesses of the
logonui process. Process auditing would appear to show that mpnotify
never fired off. I can pskill logonui and get back to the ctrl-alt-del
login screen but the computer will just hang, again (a reboot by
pressing the reset button seems to fix it for a while).
If the hang has involved Administrator (not in MIT Kerberos) in the
domain, pslist -t \\machine *does* show mpnotify and krbcc32s both
running.
I've turned on both the afsd_service TraceOption and the Microsoft user
profile logging... nothing was ever logged in the log files, at least
when a MIT cross realm Kerberos user was involved. I have not
specifically managed to have both logging and an Administrator hang
happen yet, as I can't reproduce this on command.
Thoughts on where the issue might be and things to check out?
thanks!
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
--
Douglas E. Engert <[email protected]>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
