Hi all, I runned into a problem where I got frozen mount points where a user had to authenticate. After a few tcpdumps I found out that it looped the challenge / response messages every 2 sec.
I found out that the user was a member in about 400 groups. We use AD so the KDC gave me a PAC in the ticket so the ticket became larger than 8k. It seemed like the ticket was ignored by the fileserver and it asked for a new. I resolved this issue by setting the NO_AUTH_REQUIRED flag on the AD object holding the servicePrincipalName according to this page http://support.microsoft.com/kb/832572/? In hope that it will help someone else :-) Best regards Emil Assarsson Sony Ericsson Mobile Communications AB "The information in this email, and attachment(s) thereto, is strictly confidential and may be legally privileged. It is intended solely for the named recipient(s), and access to this e-mail, or any attachment(s) thereto, by anyone else is unauthorized. Violations hereof may result in legal actions. Any attachment(s) to this e-mail has been checked for viruses, but please rely on your own virus-checker and procedures. If you contact us by e-mail, we will store your name and address to facilitate communications in the matter concerned. If you do not consent to us storing your name and address for above stated purpose, please notify the sender promptly. Also, if you are not the intended recipient please inform the sender by replying to this transmission, and delete the e-mail, its attachment(s), and any copies of it without, disclosing it." _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
