[OpenAFS] FTP on openAFS issue

Marcel Koopmans marcel.koopmans@dsv.com
Tue, 24 Jul 2007 12:47:20 +0200 

Hello Everybody,

I am upgrading me Debian 3.1 machines to Debian 4.0.
I run into a problem with Pure-ftpd, I can logon but the pure-ftpd tells me
that my home directory ( AFS volume ) does not exist.
I am using the the same configuration as on Debian 3.1 on which it works
like a charm.

Local login and openSSH work just fine.

What follows is the debug data and configuration files.
Does anybody maybe see something that I overlook?

With kind regards,
  Marcel


--[ debug logging ]--

Jul 24 11:37:56 eosdeb40 pure-ftpd: (?@192.168.209.1) [INFO] New connection
from 192.168.209.1
Jul 24 11:37:59 eosdeb40 pure-ftpd: (?@192.168.209.1) [DEBUG] Command [user]
[marcel]
Jul 24 11:38:01 eosdeb40 pure-ftpd: (?@192.168.209.1) [DEBUG] Command [pass]
[<*>]
Jul 24 11:38:01 eosdeb40 pure-ftpd: (?@192.168.209.1) [INFO] PAM_RHOST
enabled. Getting the peer address
Jul 24 11:38:01 eosdeb40 pure-ftpd: (pam_krb5): none: pam_sm_authenticate:
entry (0x0)
Jul 24 11:38:01 eosdeb40 krb5kdc[2079]: AS_REQ (7 etypes {18 17 16 23 1 3
2}) 192.168.209.2: NEEDED_PREAUTH: marcel@VA.ELYSIUM-OS.NL for
krbtgt/VA.ELYSIUM-OS.NL@VA.ELYSIUM-OS.NL, Additional pre-authentication
required
Jul 24 11:38:01 eosdeb40 krb5kdc[2079]: AS_REQ (7 etypes {18 17 16 23 1 3
2}) 192.168.209.2: ISSUE: authtime 1185269881, etypes {rep=16 tkt=16
ses=16}, marcel@VA.ELYSIUM-OS.NL for
krbtgt/VA.ELYSIUM-OS.NL@VA.ELYSIUM-OS.NL
Jul 24 11:38:01 eosdeb40 krb5kdc[2079]: TGS_REQ (7 etypes {18 17 16 23 1 3
2}) 192.168.209.2: ISSUE: authtime 1185269881, etypes {rep=16 tkt=16
ses=16}, marcel@VA.ELYSIUM-OS.NL for
host/eosdeb40.va.elysium-os.nl@VA.ELYSIUM-OS.NL
Jul 24 11:38:01 eosdeb40 pure-ftpd: (pam_krb5): marcel: pam_sm_authenticate:
exit (success)
Jul 24 11:38:01 eosdeb40 pure-ftpd: (pam_krb5): marcel: pam_sm_setcred:
entry (0x2)
Jul 24 11:38:01 eosdeb40 pure-ftpd: (pam_krb5): marcel: initializing ticket
cache /tmp/krb5cc_1000_dpXT8D
Jul 24 11:38:01 eosdeb40 pure-ftpd: (pam_krb5): marcel: pam_sm_setcred: exit
(success)
Jul 24 11:38:01 eosdeb40 pure-ftpd: (pam_krb5): marcel: pam_sm_setcred:
entry (0x2)
Jul 24 11:38:01 eosdeb40 pure-ftpd: (pam_krb5): marcel: pam_sm_setcred: exit
(success)
Jul 24 11:38:01 eosdeb40 pure-ftpd: pam_openafs-krb5: open_session: fork..
Jul 24 11:38:01 eosdeb40 pure-ftpd: pam_openafs-krb5: ENVIRONNEMENT:
KRB5CCNAME=/tmp/krb5cc_1000_dpXT8D
Jul 24 11:38:01 eosdeb40 krb5kdc[2079]: TGS_REQ (1 etypes {1})
192.168.209.2: ISSUE: authtime 1185269881, etypes {rep=16 tkt=1 ses=1},
marcel@VA.ELYSIUM-OS.NL for afs/va.elysium-os.nl@VA.ELYSIUM-OS.NL
Jul 24 11:38:01 eosdeb40 pure-ftpd: pam_openafs-krb5: KRB5 OPENSESSION: OK !
Jul 24 11:38:01 eosdeb40 pure-ftpd: (?@192.168.209.1) [ERROR] Home directory
not available - aborting

--[ PAM ]--

/etc/pam.d/pure-ftpd
  @include common-auth
  @include common-session
  @include common-account

/etc/pam.d/common-auth
  auth    sufficient      pam_krb5.so ignore_root debug
  auth    required        pam_unix.so nullok_secure try_first_pass

/etc/pam.d/common-session
  session optional        pam_krb5.so debug
  session optional        pam_openafs_session.so ignore_root debug
  session required        pam_unix.so

/etc/pam.d/common-account
  account sufficient      pam_ldap.so
  account required        pam_unix.so

--[ Pure ftpd ]--

/etc/default/pure-ftpd-common

  STANDALONE_OR_INETD=standalone
  VIRTUALCHROOT=false
  UPLOADSCRIPT=
  UPLOADUID=
  UPLOADGID=

/etc/pure-fptd/conf/AltLog

  clf:/var/log/pure-ftpd/transfer.log

/etc/pure-fptd/conf/MinUID

  1000

/etc/pure-fptd/conf/NoAnonymous

  yes

/etc/pure-fptd/conf/PAMAuthentication

  yes

/etc/pure-fptd/conf/PureDB

  /etc/pure-ftpd/pureftpd.pdb

/etc/pure-fptd/conf/SyslogFacility

  daemon

/etc/pure-fptd/conf/UnixAuthentication

  no

/etc/pure-fptd/conf/VerboseLog

  yes

--[ user marcel ]--

marcel@eosdeb40:~$ getent passwd marcel

  marcel:*:1000:1000:Marcel D.A.
Koopmans:/afs/va.elysium-os.nl/users/marcel:/bin/bash

marcel@eosdeb40:~$ klist -f
Ticket cache: FILE:/tmp/krb5cc_1000_HIS2Pb
Default principal: marcel@VA.ELYSIUM-OS.NL

Valid starting     Expires            Service principal
07/24/07 11:15:12  07/24/07 21:15:12
krbtgt/VA.ELYSIUM-OS.NL@VA.ELYSIUM-OS.NL
        renew until 07/25/07 11:15:12, Flags: FPRIA
07/24/07 11:15:13  07/24/07 21:15:12  afs/va.elysium-os.nl@VA.ELYSIUM-OS.NL
        renew until 07/25/07 11:15:12, Flags: FPRAT
07/24/07 12:02:33  07/24/07 21:15:12
ldap/eosdeb40.va.elysium-os.nl@VA.ELYSIUM-OS.NL
        renew until 07/25/07 11:15:12, Flags: FPRAT


Kerberos 4 ticket cache: /tmp/tkt1000
klist: You have no tickets cached

marcel@eosdeb40:~$ tokens

Tokens held by the Cache Manager:

User's (AFS ID 2) tokens for afs@va.elysium-os.nl [Expires Jul 24 21:15]
   --End of list--

marcel@eosdeb40:~$ fs listacl /afs/va.elysium-os.nl/users/marcel
Access list for /afs/va.elysium-os.nl/users/marcel is
Normal rights:
  system:administrators rlidwka
  marcel rlidwk
  marcel.cron rlidwk