Troubleshooting
AFS is a complex thing, so when you’re experiencing problems with it, this site might help you and us tracking down the problem.
FAQ
How can I get tokens from another cell when logged in a UNIX-machine at MPCDF ?
There are two things to consider here.
The Kerberos REALM and the AFS-Cell.
If the Kerberos REALM is version 5 only (like e.g. MPA), then you first need to get a
Kerberos ticket and then use it to create an AFS-token.
So, in order to get a token from another Cell, you can do the following :kinit USERNAME@KRB-REALM aklog -c AFSCell
NOTE: this will overwrite your present KRB5-ticket, unless you specify another ticket cache (env KRB5CCNAME) for this shell
As an example use following for the MPA :
kinit USERNAME@MPA-GARCHING.MPG.DE aklog -c mpa-garching.mpg.de
**What are these .__afsNNN files ?
**Sometimes you happen to see files starting with .__afsNNN and wonder where they come from.
Those files are created by the client when one application has a opened a file, but on the same client
this very file was deleted. On closing the (original) file, this .__afsNNN file will be deleted. It may happen due to
some kind of error condition that the client does not remove this. Then, it will be removed by the next file-system
check (“salvage”) or you just do it your self.What means “Connection timed out” ?
When a client cannot reach a server for a certain period of time, it does not try to talk to it anymore, but simply returns “Connection timed out”. You can make the client re-establish the server connection by issueing “fs checkservers &” on the
command line. It will give you a list of servers, this client cannot reach. If your server is reachable again, the access should be
working normally again.**What means “Unable to authenticate to AFS because Authentication Server was unavailable.” ?
**Very likely you are issuing the command “klog” on a UNIX-based machine, which uses Kerberos4.
Kerberos4 is deprecated and will be shutdown soon completely. For some parts of the institutes it is already disabled.
Thus, use the following commands :kinit # to get a Kerberos5 Ticket aklog -noprdb # to turn this ticket into a AFS-Token
General problems known to cause errors
Are you coming from outside the campus network ?
Then, a simple “aklog” will take a long time to login. You should usekinit # get a Kerberos ticket aklog -noprdb # turn it into an AFS-token, do not query the PT-Server
to avoid this timeout.
Do you use Kerberos 5 ?
Make sure not to use “klog” anymore on UNIX-Systems. See FAQ above.Computer time correct ?
Please check that the time on your client is correct.Do I have a token ?
Check that you have a valid token. Tokens expire after some amount of time, thus a sudden loss of access rights can occur.Which version do I have ?
Please use the the recommended version 1.6 for unix and 1.7 for windows (or any later version) when accessing AFS.
Windows
Even a reboot does not help: remove the cache-file
When using an Client prior to version 1.7, make sure you are using the AFS-Loopback-Adapter.
or even better: upgrade to 1.7.x
Unix
X-connection does not work:
When logging into a remote machine via ssh, something like :xauth: timeout in locking authority file
appears and then no X-application can be started.
The problem here is, that when logging in, you do not get an AFS-token when logging in remotely. The solution is to either use an authority file which is local on the remote machine or to make sure that you get a token when logging in.