[OpenAFS] Problems with access to /afs

Martin Schulz schulz@iwrmm.math.uni-karlsruhe.de
01 Jun 2001 10:19:16 +0200

Jacob Gorm Hansen <jg@ioi.dk> writes:

> Hi,
> We're trying to run OpenAFS client & server on a debian unstable machine.
> We have setup krb5, created principals
> paleface
> paleface/root
> paleface/admin

So you're using the migration kit? 
> Set up an AFS cell with afs-newcell, told it to use paleface as the admin user.
> bos listusers -localauth HOSTNAME says:
> SUsers are: paleface.root paleface 
> Client and servers are running.
> kinit paleface works fine, so does aklog.
> tokens says:
> Tokens held by the Cache Manager:
> Tokens for afs@ioi.dk [Expires Jun  1 10:14]
>    --End of list--

That looks suspect to me. When using aklog, "tokens" should print the
afs id. I once had a similar problem. Please look up the posts of
Forrest Whitcher and me some weeks ago. 

> - Or, if we try
> aklog ioi.dk -k IOI.DK
> tokens says:
> Tokens held by the Cache Manager:
> User's (AFS ID 1) tokens for afs@ioi.dk [Expires Jun  1 10:45]
>    --End of list--

That looks better. What does "pts examine 1" says?
> But, in any case, when trying to run afs-rootvol we get:

What is that afs-rootvol program? 

> (...questions asked...)
> fs sa /afs system:anyuser rl
> fs: You don't have the required access rights on '/afs'
> Failed: 256
> I read about trying to rename the admin user with pts, but everything
> I try gives me errors like below:
> pts adduser paleface.admin -group system:administratorspts: security object was passed a bad ticket ; unable to add user paleface.admin to group system:administrators 

What does "bos listusers yourserverhere" says?

Other things to check:

        pts examine system:administrators

        pts membership system:administrators

Martin Schulz                             schulz@iwrmm.math.uni-karlsruhe.de
Uni Karlsruhe, Institut f. wissenschaftliches Rechnen u. math. Modellbildung
Engesser Str. 6, 76128 Karlsruhe