We are having some strange issues with tokens on our openafs 1.6.2 environment.
There are 3 scenarios that randomly appear on our clients running apache with mod_waklog: 1) Tokens become invalid and an rxkad error=19270408 appears in dmesg. This is the least prevalent issue, and has only happened a couple of times. 2) Permission denied errors are seen intermittently while accessing files. Some file accesses are successful, some fail. No errors in logs on this one. 3) There is no intermittent behavior, just a solid permission denied even though it would appear that a token has been obtained. Restarting the openafs-client/httpd resolves it for about a minute before the permission denied brick wall comes back. No errors in logs on this one. Only rebooting the entire system resolves the issues for all of the above situations. Situations 2 and 3 are by far the most common and occur every 3-7 days on clients. Things we have tried and verified: 1) UserKey is the same across all servers in the cell. Same checksum, same kvno. Only one kvno is installed in UserCell on all servers. 2) All KDC's (master and slave) have the same kvno that is installed on the afs servers in UserKey. 3) There are no more than 1 cell configured for the clients. 4) We only have 1 afs principal "afs/[email protected]". There is no " [email protected]" principal. 5) Key is the correct encryption type - des-cbc-crc. 6) Downgraded from a build we made from the stable git branch, to an official release from the website hoping it might be a bug. 7) Cell and realm are the same value. 8) We're using AFSDB records for the clients, verified multiple times that these are correct. 9) All servers and clients are running the same version of openafs: 1.6.2 Is there anything we might be missing that could be causing these strange issues? Thanks, Shane
