[OpenAFS] [Q] Problem running afs-newvol - "fs: You don't have the required
access rights on '/afs'"
Economou, Matthew [EESUS]
MEconom@EESUS.JNJ.com
Tue, 17 Apr 2001 17:02:19 -0400
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
------_=_NextPart_001_01C0C781.B089E6B0
Content-Type: text/plain;
charset="iso-8859-1"
While I'm getting the proper Kerberos and AFS tickets (output of
"klist" and "tokens" attached below), I don't have the proper rights
to my newly-created cell.
The file server is running Debian GNU/Linux 2.2r2, with OpenAFS 1.0.3
as found on http://www.openafs.org/, the debianized MIT Kerberos V
1.2.2 distribution as found on http://web.mit.edu/afs/sipb.mit.edu/,
and the openafs-krb5 package, also found on sibp. The only package I
have not been able to install is the openafs-ptutil package, which
claims to conflict with the openafs-dbserver package. Since this
seems to be a protections issue, I suspect that the version of pts and
pt_util are wrong and openafs-ptutil must be installs over
openafs-dbserver.
I am following the instructions in
http://web.mit.edu/afs/sipb.mit.edu/project/openafs/debian/building-a-cell.
The error occurs when I try to run the "afs-newvol" script, after
successfully creating the AFS key, the administrative user, and the
new cell (via "afs-newcell"). The specific error is:
> fs: You don't have the required access rights on '/afs'
at the "fs sa /afs system:anyuser rl" step in the beginning of
"afs-newvol".
The output of "klist" is:
> Ticket cache: FILE:/tmp/krb5cc_0
> Default principal: admin@AFS.IRTNOG.ORG
>
> Valid starting Expires Service principal
> 04/17/01 08:43:08 04/17/01 18:42:50
krbtgt/AFS.IRTNOG.ORG@AFS.IRTNOG.ORG
> 04/17/01 08:43:08 04/17/01 18:42:50
krbtgt/AFS.IRTNOG.ORG@AFS.IRTNOG.ORG
> 04/17/01 08:43:23 04/17/01 18:42:50 afs/irtnog.org@AFS.IRTNOG.ORG
>
> Kerberos 4 ticket cache: /tmp/tkt0
> Principal: admin@AFS.IRTNOG.ORG
>
> Issued Expires Principal
> 04/17/01 08:43:08 04/17/01 18:38:08
krbtgt.AFS.IRTNOG.ORG@AFS.IRTNOG.ORG
The output of "tokens" is:
> Tokens held by the Cache Manager:
>
> User's (AFS ID 1) tokens for afs@irtnog.org [Expires Apr 17 18:42]
> --End of list--
The error occurs both with and without V4 tokens.
"bos listusers" shows "admin" in the list of SUsers, although I can't
find the "susers" file anywhere on the server.
None of the subcommands to "pts" work, giving me an "insufficient
rights" message similar to that of "fs" above (unfortunately, I
neglected to log the exact error and will correct this with a
follow-up). Perhaps "admin" is not a member of
"system:administrators"?
Any suggestions would be greatly appreciated!
--
Matthew X. Economou - EESUS Webmaster - 513-337-8486
"Life's not fair, but the root password helps."
------_=_NextPart_001_01C0C781.B089E6B0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Diso-8859-1">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
5.5.2654.19">
<TITLE>[Q] Problem running afs-newvol - "fs: You don't have the =
required access rights on '/afs'"</TITLE>
</HEAD>
<BODY>
<P><FONT SIZE=3D2>While I'm getting the proper Kerberos and AFS tickets =
(output of</FONT>
<BR><FONT SIZE=3D2>"klist" and "tokens" attached =
below), I don't have the proper rights</FONT>
<BR><FONT SIZE=3D2>to my newly-created cell.</FONT>
</P>
<P><FONT SIZE=3D2>The file server is running Debian GNU/Linux 2.2r2, =
with OpenAFS 1.0.3</FONT>
<BR><FONT SIZE=3D2>as found on <A HREF=3D"http://www.openafs.org/" =
TARGET=3D"_blank">http://www.openafs.org/</A>, the debianized MIT =
Kerberos V</FONT>
<BR><FONT SIZE=3D2>1.2.2 distribution as found on <A =
HREF=3D"http://web.mit.edu/afs/sipb.mit.edu/" =
TARGET=3D"_blank">http://web.mit.edu/afs/sipb.mit.edu/</A>,</FONT>
<BR><FONT SIZE=3D2>and the openafs-krb5 package, also found on =
sibp. The only package I</FONT>
<BR><FONT SIZE=3D2>have not been able to install is the openafs-ptutil =
package, which</FONT>
<BR><FONT SIZE=3D2>claims to conflict with the openafs-dbserver =
package. Since this</FONT>
<BR><FONT SIZE=3D2>seems to be a protections issue, I suspect that the =
version of pts and</FONT>
<BR><FONT SIZE=3D2>pt_util are wrong and openafs-ptutil must be =
installs over</FONT>
<BR><FONT SIZE=3D2>openafs-dbserver.</FONT>
</P>
<P><FONT SIZE=3D2>I am following the instructions in</FONT>
<BR><FONT SIZE=3D2><A =
HREF=3D"http://web.mit.edu/afs/sipb.mit.edu/project/openafs/debian/build=
ing-a-cell" =
TARGET=3D"_blank">http://web.mit.edu/afs/sipb.mit.edu/project/openafs/de=
bian/building-a-cell</A>.</FONT>
<BR><FONT SIZE=3D2>The error occurs when I try to run the =
"afs-newvol" script, after</FONT>
<BR><FONT SIZE=3D2>successfully creating the AFS key, the =
administrative user, and the</FONT>
<BR><FONT SIZE=3D2>new cell (via "afs-newcell"). The =
specific error is:</FONT>
</P>
<P><FONT SIZE=3D2> > fs: You don't =
have the required access rights on '/afs'</FONT>
</P>
<P><FONT SIZE=3D2>at the "fs sa /afs system:anyuser rl" step =
in the beginning of</FONT>
<BR><FONT SIZE=3D2>"afs-newvol".</FONT>
</P>
<P><FONT SIZE=3D2>The output of "klist" is:</FONT>
</P>
<P><FONT SIZE=3D2> > Ticket cache: <A =
HREF=3D"FILE:/tmp/krb5cc_0" =
TARGET=3D"_blank">FILE:/tmp/krb5cc_0</A></FONT>
<BR><FONT SIZE=3D2> > Default =
principal: admin@AFS.IRTNOG.ORG</FONT>
<BR><FONT SIZE=3D2> ></FONT>
<BR><FONT SIZE=3D2> > Valid =
starting =
Expires  =
; Service principal</FONT>
<BR><FONT SIZE=3D2> > 04/17/01 =
08:43:08 04/17/01 18:42:50 =
krbtgt/AFS.IRTNOG.ORG@AFS.IRTNOG.ORG</FONT>
<BR><FONT SIZE=3D2> > 04/17/01 =
08:43:08 04/17/01 18:42:50 =
krbtgt/AFS.IRTNOG.ORG@AFS.IRTNOG.ORG</FONT>
<BR><FONT SIZE=3D2> > 04/17/01 =
08:43:23 04/17/01 18:42:50 =
afs/irtnog.org@AFS.IRTNOG.ORG</FONT>
<BR><FONT SIZE=3D2> ></FONT>
<BR><FONT SIZE=3D2> > Kerberos 4 =
ticket cache: /tmp/tkt0</FONT>
<BR><FONT SIZE=3D2> > Principal: =
admin@AFS.IRTNOG.ORG</FONT>
<BR><FONT SIZE=3D2> ></FONT>
<BR><FONT SIZE=3D2> > =
Issued =
=
Expires  =
; Principal</FONT>
<BR><FONT SIZE=3D2> > 04/17/01 =
08:43:08 04/17/01 18:38:08 =
krbtgt.AFS.IRTNOG.ORG@AFS.IRTNOG.ORG</FONT>
</P>
<P><FONT SIZE=3D2>The output of "tokens" is:</FONT>
</P>
<P><FONT SIZE=3D2> > Tokens held by =
the Cache Manager:</FONT>
<BR><FONT SIZE=3D2> ></FONT>
<BR><FONT SIZE=3D2> > User's (AFS ID =
1) tokens for afs@irtnog.org [Expires Apr 17 18:42]</FONT>
<BR><FONT SIZE=3D2> > =
--End of list--</FONT>
</P>
<P><FONT SIZE=3D2>The error occurs both with and without V4 =
tokens.</FONT>
</P>
<P><FONT SIZE=3D2>"bos listusers" shows "admin" in =
the list of SUsers, although I can't</FONT>
<BR><FONT SIZE=3D2>find the "susers" file anywhere on the =
server.</FONT>
</P>
<P><FONT SIZE=3D2>None of the subcommands to "pts" work, =
giving me an "insufficient</FONT>
<BR><FONT SIZE=3D2>rights" message similar to that of =
"fs" above (unfortunately, I</FONT>
<BR><FONT SIZE=3D2>neglected to log the exact error and will correct =
this with a</FONT>
<BR><FONT SIZE=3D2>follow-up). Perhaps "admin" is not a =
member of</FONT>
<BR><FONT SIZE=3D2>"system:administrators"?</FONT>
</P>
<P><FONT SIZE=3D2>Any suggestions would be greatly appreciated!</FONT>
</P>
<P><FONT SIZE=3D2>-- </FONT>
<BR><FONT SIZE=3D2>Matthew X. Economou - EESUS Webmaster - =
513-337-8486</FONT>
<BR><FONT SIZE=3D2>"Life's not fair, but the root password =
helps."</FONT>
</P>
</BODY>
</HTML>
------_=_NextPart_001_01C0C781.B089E6B0--