[OpenAFS] Problems with access to /afs
Martin Schulz
schulz@iwrmm.math.uni-karlsruhe.de
01 Jun 2001 10:19:16 +0200
Jacob Gorm Hansen <jg@ioi.dk> writes:
> Hi,
>
> We're trying to run OpenAFS client & server on a debian unstable machine.
>
> We have setup krb5, created principals
> paleface
> paleface/root
> paleface/admin
So you're using the migration kit?
> Set up an AFS cell with afs-newcell, told it to use paleface as the admin user.
>
> bos listusers -localauth HOSTNAME says:
> SUsers are: paleface.root paleface
>
> Client and servers are running.
>
> kinit paleface works fine, so does aklog.
> tokens says:
>
> Tokens held by the Cache Manager:
>
> Tokens for afs@ioi.dk [Expires Jun 1 10:14]
> --End of list--
That looks suspect to me. When using aklog, "tokens" should print the
afs id. I once had a similar problem. Please look up the posts of
Forrest Whitcher and me some weeks ago.
> - Or, if we try
> aklog ioi.dk -k IOI.DK
>
> tokens says:
> Tokens held by the Cache Manager:
>
> User's (AFS ID 1) tokens for afs@ioi.dk [Expires Jun 1 10:45]
> --End of list--
That looks better. What does "pts examine 1" says?
> But, in any case, when trying to run afs-rootvol we get:
What is that afs-rootvol program?
> (...questions asked...)
> fs sa /afs system:anyuser rl
> fs: You don't have the required access rights on '/afs'
> Failed: 256
>
> I read about trying to rename the admin user with pts, but everything
> I try gives me errors like below:
>
> pts adduser paleface.admin -group system:administratorspts: security object was passed a bad ticket ; unable to add user paleface.admin to group system:administrators
What does "bos listusers yourserverhere" says?
Other things to check:
pts examine system:administrators
pts membership system:administrators
Yours,
--
Martin Schulz schulz@iwrmm.math.uni-karlsruhe.de
Uni Karlsruhe, Institut f. wissenschaftliches Rechnen u. math. Modellbildung
Engesser Str. 6, 76128 Karlsruhe