[OpenAFS] fs: You don't have the required access rights on '/afs'

Douglas E. Engert deengert@anl.gov
Thu, 11 Dec 2008 13:19:21 -0600 

Did you add cell_admin to /usr/afs/etc/UserList
using the bos adduser?



Tony D'Amato wrote:
> Douglas E. Engert wrote:
>> Tony D'Amato wrote:
>>   
>>> Okay, I'm beating my head against the wall on this one... I've compiled, 
>>> installed, and attempting to set up OpenAFS 1.4.8 as a server on Solaris 
>>> 10 x86 (originally Update 5, with some U6 patches). I'm using Sun Studio 
>>> 12 to compile the software. After setting up the services with -noauth, 
>>> using asetkey to add the afs principal, created the admin principal 
>>> 'cell_admin' (we're a former DCE/DFS shop), but when I issue the setacl 
>>> on the /afs mount point, I get the infamous error message in the 
>>> subject. Please note that due to local requirements, the Kerberos domain 
>>> is not and cannot be the same as the AFS cell name... perhaps that's my 
>>> problem?
>>>






>>> Anywho, here's a log of what I've done...
>>>
>>>     
>>>> # kinit cell_admin
>>>> Password for cell_admin@AUTH.ODU.EDU:
>>>> # aklog -d
>>>> Authenticating to cell lionstest.odu.edu (server marcos.server1.odu.edu).
>>>> Trying to authenticate to user's realm AUTH.ODU.EDU.
>>>> Getting tickets: afs/lionstest.odu.edu@AUTH.ODU.EDU
>>>> Using Kerberos V5 ticket natively
>>>> About to resolve name cell_admin to id in cell lionstest.odu.edu.
>>>> Id 1
>>>> Set username to AFS ID 1
>>>> Setting tokens. AFS ID 1 /  @ AUTH.ODU.EDU
>>>> # fs setacl /afs system:anyuser rl
>>>>       
>>
>> What does "fs exam /afs"  and "fs whichcell" show?
>>   
> 
> # fs exam /afs
> fs: You don't have the required access rights on '/afs'
> # fs whichcell /afs
> File /afs lives in cell 'lionstest.odu.edu'
> #
> 
> 
>> If its readonly that could be the issue.
>> You can make a temp mount point for root.afs and set the acl,
>> then release the volume and unmount the temp mount point?
>>
>> cd /afs/.lionstest.odu.edu
>> fs mkm  -dir tmp.root  -vol root.afs
>> fs sa tmp.root -acl system:anyuser rl
>> vos release root.afs
>> fs rmm tmp.root
>>   
> 
> Unfortunately, this is a new cell, I just created root.afs w/ -noauth, 
> and I haven't been able to create /afs/lionstest.odu.edu because of the 
> permission issue on /afs. When I try my next step in creating root.cell, 
> I get this:
> 
> # /usr/sbin/vos create marcos.server1.odu.edu /vicepa root.cell
> 
> Could not get an Id for volume root.cell
>    VLDB: no permission access for call
> VLDB: no permission access for call
> Error in vos create command.
> VLDB: no permission access for call
> # tokens
> 
> Tokens held by the Cache Manager:
> 
> User's (AFS ID 1) tokens for afs@lionstest.odu.edu [Expires Dec 11 20:32]
>    --End of list--
> #
> 
> In a separate email, Derrick Brashear is thinking it might be a bad 
> token giving me issues. Thoughts all?
> 
>> [...snip...]
>>   
> 
> -- 
> Tony D'Amato, SCSA (it's Exchange that puts "Nicholas" there)
> Senior UNIX Systems Administrator
> Server Support Group, OCCS
> Old Dominion University
> 

-- 

  Douglas E. Engert  <DEEngert@anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444