I lied, again! It's BACK.
All file + DB servers report the exact same data for
'bos listkeys'
All DB servers have been 'bos restart <server> -all'
Various clients upon login throw the
afs: Tokens for user of AFS id 26560 for cell rcf.our.org
are discarded (rxkad error=19270408)
error for various users. Some hosts work, some don't.
Some that don't are 1.4.11 just like the servers. This
is the communication after entering a password via
SSH + pam_krb5 + pam_afs_session on a Solaris 10 SPARC
box running 1.4.11:
client1.our.org -> afsdb2.our.org UDP D=7004 S=32965 LEN=84
afsdb2.our.org -> client1.our.org UDP D=32965 S=7004 LEN=180
client1.our.org -> afsdb2.our.org UDP D=7004 S=32965 LEN=73
client1.our.org -> afsdb1.our.org UDP D=7004 S=32966 LEN=84
afsdb1.our.org -> client1.our.org UDP D=32966 S=7004 LEN=180
client1.our.org -> afsdb1.our.org UDP D=7004 S=32966 LEN=73
client1.our.org -> afsdb2.our.org UDP D=7004 S=32966 LEN=156
afsdb2.our.org -> client1.our.org UDP D=32966 S=7004 LEN=140
client1.our.org -> afsdb2.our.org UDP D=7004 S=32966 LEN=73
client1.our.org -> afsdb2.our.org UDP D=7002 S=32966 LEN=300
afsdb2.our.org -> client1.our.org UDP D=32966 S=7002 LEN=44
client1.our.org -> afsdb2.our.org UDP D=7002 S=32966 LEN=73
client1.our.org -> afsfs1.our.org UDP D=7000 S=7001 LEN=52
afsfs1.our.org -> client1.our.org UDP D=7001 S=7000 LEN=52
client1.our.org -> afsfs1.our.org UDP D=7000 S=7001 LEN=132
afsfs1.our.org -> client1.our.org UDP D=7001 S=7000 LEN=74
afsfs1.our.org -> client1.our.org UDP D=7001 S=7000 LEN=40
client1.our.org -> afsfs1.our.org UDP D=7000 S=7001 LEN=52
afsfs1.our.org -> client1.our.org UDP D=7001 S=7000 LEN=40
client1.our.org -> afsfs1.our.org UDP D=7000 S=7001 LEN=476
afsfs1.our.org -> client1.our.org UDP D=7001 S=7000 LEN=73
afsfs1.our.org -> client1.our.org UDP D=7001 S=7000 LEN=156
client1.our.org -> afsfs1.our.org UDP D=7000 S=7001 LEN=73
FWIW, none of thosts above are the so-called previously
problematic box, which we have actually halted for now
to see if it affects anything.
Can't make any sense of this.
On 1/7/2011 12:15 PM, Jeff Blaine wrote:
This was solved by getting the responsible person to
finally upgrade this box to Solaris 10 and OpenAFS
1.4.11 via upclientbin.
On 1/6/2011 10:30 AM, Jeff Blaine wrote:
It's talking to a Solaris 9 OpenAFS 1.4.6 server (the only
one like that in our cell). Solaris 10 and OpenAFS 1.4.11
on all other servers.
I rebooted it though after the KeyFile update due to it
seeming a little out of whack (AFS DB server only).
On 1/6/2011 9:46 AM, Derrick Brashear wrote:
Same AFS version everywhere? Some older version had a bug and would
hang when rereading KeyFile, but it shouldn't cause this.
Use tcpdump and figure out which server is returning that error, or,
install a 1.5.78 client and see which server it logs the error about?
On Thu, Jan 6, 2011 at 8:50 AM, Jeff Blaine<jbla...@kickflop.net> wrote:
Hmm, not so fast I guess. *Some* hosts are still doing
this, others are fine (???).
All /usr/afs/etc/KeyFile files checksum the same on our
servers.
rcf-smtp% ssh vegas
Password:
Last login: Thu Jan 6 08:04:52 2011 from rcf-smtp.our.
afs: Tokens for user of AFS id 26560 for cell rcf.our.org are discarded
(rxkad error=19270408)
%
% translate_et 19270408
19270408 (rxk).8 = ticket contained unknown key version number
% kinit
Password for jbla...@rcf.our.org:
% aklog
% logout
rcf-smtp% ssh vegas
Password:
Last login: Thu Jan 6 08:28:51 2011 from rcf-smtp.our.
afs: Tokens for user of AFS id 26560 for cell rcf.our.org are discarded
(rxkad error=19270408)
%
On 1/5/2011 8:37 PM, Jeff Blaine wrote:
Thanks all -- that did it.
On 1/5/2011 5:47 PM, Andrew Deason wrote:
On Wed, 05 Jan 2011 17:36:57 -0500
Jeff Blaine<jbla...@kickflop.net> wrote:
etc-upserver-host# asetkey add 17 /etc/krb5.keytab afs
asetkey: failed to set key, code 70354694.
etc-upserver-host#
$ translate_et 70354694
70354694 (acfg).6 = no more entries
aka AFSCONF_FULL. You can only have 8 keys at once iirc; how many
do you
have in there?
_______________________________________________
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
_______________________________________________
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
_______________________________________________
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
_______________________________________________
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
_______________________________________________
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info