[OpenAFS] afsd dead / weird config

Christian evilninja@gmx.net
Mon, 17 Feb 2003 02:02:19 +0100 

Peter Schüller schrieb:
> Have a look at /etc/openafs/afs.conf and /etc/openafs/afs.conf.client. They 
> are sourced into the scripts.

yes, i looked into it and was a bit confused seeing "AFS_AFSDB" in
afs.conf.client and "AFS client configuration options" in afs.conf.
nevermind, i will go without afsd for these first steps.

> afsd seems to have this behavior whenever the home cell/server is 
> inaccessible. I had the same exact problem for quite a while.
> 
> Firstly, I don't know if afsd is supposted to work when the server is running 
> in non-authenticated mode. Perhaps it is, perhaps not. But if not, that might 
> account for it not being able to connect to the server. Or more likely, that 
> the servers arent running properly (see below).

hm, if i disable afsd, i don't need the openafs.o module, right?

> Make sure /etc/openafs/CellServDB and /etc/openafs/server/CellServDB match. 
> Ditto for ThisCell.

yes, they match. i wanted to symlink them first, but now i only copied
them, for the sake of sanity :-)

> 
> 
>>root@sheep:/etc/openafs# bos status -server sheep.housecafe.de
>>bos: no such entry (getting tickets)
>>bos: running unauthenticated
>>root@sheep:/etc/openafs#
> 
> The error message above is because it doesn't  know you are running 
> unauthenticated. Try adding the "-noauth" switch.

umm, yes. this will solve the latter message. ok.

> http://www.scode.org/afs/openafs-install.txt

this reading was really great, with great comments the article on
debianplanet did not have. i have to say that i'm using
heimdal-kerberos, so krb5_newrealm is not available; i think this only
gereates a krb5.conf, right? may i post my krb5.conf, just for re-checking:

------/etc/krb5.conf----
[libdefaults]
         default_realm = HOUSECAFE.DE

[realms]
HOUSECAFE.DE = {
         kdc = kdc.housecafe.de
         admin_server = kdc.housecafe.de  }

[domain_realm]
         .housecafe.de = HOUSECAFE.DE
         housecafe.de = HOUSECAFE.DE
------

there is a /var/lib/heimdal-kdc/kdc.conf also, containg some kdc
parameters, i think this file is set up right.

also "kadmin.local" is "kadmin -l" here (with heimdal-krb5), and i added
principals within the kadmin shell, i hope i did everything well.

ok, now things got interesting. bosserver is running with -noauth,
behaving as mentioned in your howto:
--------
root@sheep:~# bos listhosts kdc -noauth
Cell name is housecafe.de
--------

yes, "kdc" or "kdc.housecafe.de" is a CNAME to sheep.housecafe.de. it
resolves in /etc/hosts as well as via DNS.
i created the ptserver instance and added a principal "root" via kadmin
and a user named "root" via bos.

root@sheep:~# bos listkeys kdc -noauth
key 1 has cksum 2690393935
Keys last changed on Sun Feb 16 23:47:26 2003.
All done.
-------

cool, but "pts createuser" fails, saying

root@sheep:~# pts createuser -name root -cell housecafe.de -noauth
pts: no servers appear to be up ; unable to create user root
------

you mentioned this too in your howto. but Ptlog is empty, i have only
this message on my console. the error would be DNS related, but it is
not, i guess. as i said, "kdc" resolves perfectly to an ip-number.
"hostname" gives "sheep" as output, but i also used this name and even
as FQDN in every step. the ptserver instance is definitively running:

root@sheep:~# bos status kdc -long -noauth
Instance ptserver, (type is simple) currently running normally.
     Process last started at Mon Feb 17 00:38:47 2003 (1 proc starts)
     Command 1 is '/usr/lib/openafs/ptserver'
----

ptserver shows up in "ps aux" too.

now i'm stuck again.
i tried to use the -force option, but this only went well for the
"createuser" process (ignored errors), "adduser" was not working.

the debianplanet article did not mention this at all, other manuals are
only adding principals, setting keytab.files, and going on to mounting
afs volumes. i'm still a bit confused about these different approaches,
but the more i do, the more i seem to understand :-)

you gave me great help with your debian related howto. sure, a
generalized manual should also do. nevertheless i think i will alter
your howto (i you don't mind) for heimdal-krb5 users, once i got this
done here.

thanks again, but still needing some help...

regards,
Christian.

-- 
############ Christian ##############
######## evilninja@gmx.net ##########
#####################################