Fwd: Re: [OpenAFS] Re: IPA + OpenAFS

Qing Chang qchang@sri.utoronto.ca
Thu, 12 Jul 2012 17:27:37 -0400 

On 12/07/2012 5:18 PM, Qing Chang wrote:
>
> On 12/07/2012 4:47 PM, Andrew Deason wrote:
>>  On Thu, 12 Jul 2012 15:10:36 -0500
>>  Qing Chang<qchang@sri.utoronto.ca>   wrote:
>>
>>>  [root@smb1 ~]# asetkey list
>>>  kvno   20:
>>  I assume you removed the actual key from this output? That is, 'asetkey'
>>  did show a key there. What about 'bos listkeys'? Can you run 'kvno
>>  afs/openafs.sri.utoronto.ca' after authenticating? Are there any
>>  afs-related messages in /var/log/messages? (or /var/log/syslog, or
>>  whatever; 'dmesg' should also show them)
> yes, I removed the key displayed.
>
> [root@smb1 log]# bos listkeys -server smb1
> bos: you are not authorized for this operation error encountered while listing keys
>
[root@smb1 sysadmin]# bos listkeys -server smb1 -localauth
key 20 has cksum 1880145215
Keys last changed on Thu Jul 12 15:59:59 2012.
All done.

> [root@smb1 log]# kvno afs/openafs.sri.utoronto.ca
> afs/openafs.sri.utoronto.ca@SRI.UTORONTO.CA: kvno = 20
>
> [root@smb1 log]# dmesg |grep -i afs
> openafs: module license 'http://www.openafs.org/dl/license10.html' taints kernel.
> Starting AFS cache scan...found 1 non-empty cache files (0%).
> SELinux: initialized (dev afs, type afs), uses genfs_contexts
>
>>>  [root@smb1 ~]# fs setacl /afs system:anyuser rl
>>>  fs: You don't have the required access rights on '/afs'
>>  Also, you don't need to do this if you are running with 'dynroot' (an
>>  option that can be turned off or on in the init script configuration). I
>>  thought we gave a different error in that case, but perhaps that is it.
>>  Is there anything in /afs ? Does 'fs listacl /afs' show anything?
> I actually removed dynroot because of the timeout error message. Now I put dynroot
> back and get this as expected:
> [root@smb1 ~]# fs setacl /afs system:anyuser rl
> fs:'/afs': Connection timed out
>
> [root@smb1 ~]# fs listacl /afs
> fs:'/afs': Connection timed out
>
> /afs has the global afs structure plus my cell:
> [root@smb1 ~]# ls -l /afs
> total 802
> .....
> drwxr-xr-x. 100 root root 4096 Dec 31  1969 numenor.mit.edu
> drwxr-xr-x. 100 root root 4096 Dec 31  1969 oc7.org
> drwxr-xr-x. 100 root root 4096 Dec 31  1969 openafs.sri.utoronto.ca
> drwxr-xr-x. 100 root root 4096 Dec 31  1969 pdc.kth.se
> .....
>
> Qing
>
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info