[OpenAFS] OpenAFS 1.2.11 on Gentoo 1.4

Stephen Bosch posting@vodacomm.ca
Tue, 20 Jan 2004 00:46:48 -0700 

Sven Oehme wrote:
> hy Stephen ,
> 
> post your CellServDB and ThisCell  and your afs config file (should be
> under /etc/sysconfig/ or /etc/openafs/ )
> 
> to what cell you like to connect ?

Hi, Sven:

Thanks for the reply - your message caused me to look at the 
/etc/sysconfig/afs again, where I noticed the following lines:

# AFS_CLIENT and AFS_SERVER determine if we should start the client and or
# the bosserver. Possible values are on and off.
AFS_CLIENT=on
AFS_SERVER=off

Obviously if the server is off the client won't run, now will it? I've 
changed that to

AFS_CLIENT=on
AFS_SERVER=on

and now, it starts normally. However -- I am now having permissions 
problems.

Honestly, the whole access control business confuses me quite a bit. I 
am using pam authentication, but I don't know -- do I have to have 
identical users in AFS and in /etc/passwd for this to work? I'll show 
you what I am getting and I'll include my pam.d/login:

wopr root # /etc/init.d/afs start
Starting AFS services.....
afsd: All AFS daemons started.
wopr root # cd /afs
-bash: cd: /afs: Permission denied
wopr root # mount
/dev/hda2 on / type ext3 (rw)
none on /dev type devfs (rw)
none on /proc type proc (rw)
/dev/hda6 on /usr type ext3 (rw)
/dev/hda7 on /usr/vice/cache type ext3 (rw)
/dev/hda8 on /mnt/storage type ext3 (rw)
/dev/sda1 on /vicepa type ext3 (rw)
/dev/sda6 on /vicepb type ext3 (rw)
none on /dev/shm type tmpfs (rw)
AFS on /afs type afs (rw)
wopr root # /usr/afs/bin/fs setacl /afs system:anyuser rl
fs: You don't have the required access rights on '/afs'
wopr root #

Here's my pam.d/login:

#%PAM-1.0

auth       required     /lib/security/pam_securetty.so
auth       required     /lib/security/pam_stack.so service=system-auth
auth       required     /lib/security/pam_nologin.so
auth       sufficient   /lib/security/pam_afs.so try_first_pass ignore_root
account    required     /lib/security/pam_stack.so service=system-auth

password   required     /lib/security/pam_stack.so service=system-auth

session    required     /lib/security/pam_stack.so service=system-auth
session    optional     /lib/security/pam_console.so

pam_afs.so is definitely present:
wopr root # cd /lib/security/
wopr security # ls
pam_access.so                pam_limits.so       pam_stress.so
pam_afs.so                   pam_listfile.so     pam_tally.so
pam_afs.so.1                 pam_localuser.so    pam_time.so
pam_chroot.so                pam_mail.so         pam_timestamp.so
pam_console.so               pam_mkhomedir.so    pam_unix.so
pam_console_apply_devfsd.so  pam_motd.so         pam_unix_acct.so
pam_cracklib.so              pam_nologin.so      pam_unix_auth.so
pam_deny.so                  pam_permit.so       pam_unix_passwd.so
pam_env.so                   pam_pwdb.so         pam_unix_session.so
pam_filter                   pam_radius.so       pam_userdb.so
pam_filter.so                pam_rhosts_auth.so  pam_warn.so
pam_ftp.so                   pam_rootok.so       pam_wheel.so
pam_group.so                 pam_securetty.so    pam_xauth.so
pam_issue.so                 pam_shells.so
pam_lastlog.so               pam_stack.so
wopr security #

(pam_afs.so is a symlink to pam_afs.so.1)


Here are my various CellServDB and ThisCell files:

/usr/vice/etc/CellServDB:
 >vodacomm.ca    #Cell name
192.168.1.50    #wopr

/usr/vice/etc/ThisCell:
vodacomm.ca

/usr/afs/etc/CellServDB:
 >vodacomm.ca    #Cell name
192.168.1.50    #wopr

/usr/afs/etc/ThisCell:
vodacomm.ca

Contents of (now revised) /etc/sysconfig/afs
#! /bin/sh
# Copyright 2000, International Business Machines Corporation and others.
# All Rights Reserved.
#
# This software has been released under the terms of the IBM Public
# License.  For details, see the LICENSE file in the top-level source
# directory or online at http://www.openafs.org/dl/license10.html

# Configuration information for AFS client

# AFS_CLIENT and AFS_SERVER determine if we should start the client and or
# the bosserver. Possible values are on and off.
AFS_CLIENT=on
AFS_SERVER=on

# AFS client configuration options:
XXLARGE="-stat 4000 -dcache 4000 -daemons 6 -volumes 256 -files 50000"
XLARGE="-stat 3600 -dcache 3600 -daemons 5 -volumes 196 -files 50000"
LARGE="-stat 2800 -dcache 2400 -daemons 5 -volumes 128"
MEDIUM="-stat 2000 -dcache 800 -daemons 3 -volumes 70"
SMALL="-stat 300 -dcache 100 -daemons 2 -volumes 50"

# cachesize and according options are set by /afs/rc.d/init.d/afs
#   * if you set CACHESIZE to "AUTOMATIC", it will automatically be chosen
#     deduced by parition sizes (does not work if your cache is on / or 
/usr)
#   * if you set OPTIONS to "AUTOMATIC", the init script will choose a set
#     of options based on the cache size
# otherwise the values specified here will be used. So be careful!
# Note: if you leave these as-is, no changes are made.
CACHESIZE=AUTOMATIC
OPTIONS=$XLARGE

# you should never need to change these settings
AFSDIR=/afs
CACHEDIR=/usr/vice/cache
CACHEINFO=/usr/vice/etc/cacheinfo

# Set to "-verbose" for a lot of debugging information from afsd. Only
# useful for debugging as it prints _a lot_ of information.
VERBOSE=

# Sample server preferences function. Set server preferences using this.
# afs_serverprefs() {
#    /usr/afsws/etc/fs setserverprefs <host> <rank>
#}

# Either the name of an executable script or a set of commands go here.
# AFS_POST_INIT=afs_serverprefs
AFS_POST_INIT=

---

I feel so close...

Thanks for the help!

-Stephen-