[OpenAFS] Odd token/fileserver permission denied problem

Gedaliah Wolosh gwolosh@njit.edu
Thu, 30 Jul 2009 13:21:56 -0400 (EDT)

Currently our cell is authenticating to both the KA server and Krb5. The
AFS Keyfile contains principals for both afs and afs/cellname.  The
KeyFile is distributed via upclient.  This has been working for several
months without issue.

A new file server was put in place. If aklog is used to get a token, the
token does not give the user permission in any volume served by this new
file server. A token obtained by klog is fine.

Creating a host principal and putting it in the file servers
/etc/krb5.keytab didn't help.

aklog -d does not offer any useful information, nor do the logs. I
compared the AFS Keyfile to the KeyFile on the other servers and they
are the same. The file server is running OpenAFS 1.4.11 on Solaris 10.

Any help is greatly appreciated.

Gedaliah Wolosh
University Computing Systems - IST
New Jersey Institute of Technology