[OpenAFS] "afs" and "admin" entries disappear from kaserver

Hartmut Reuter reuter@rzg.mpg.de
Thu, 09 Jan 2003 10:24:47 +0100


What say the AuthLog files on your database servers and what says

udebug <server> 7004

for each one of them?

Did you restart the kaserver on all machines when you added a new 
database server?

Get you the same result from all servers (you may add the -server option 
to the kas command)?

What says bos listhost on all databse servers?

May suspicion is you could have kaservers running independently one from 
another without having synced.

Normally ubik checks very carefully which server has the "best" database 
therefore I don't believe your database has been overwritten.

Hartmut


Brian Sebby wrote:
> I'm setting up a small AFS cell to teach some people about how AFS works,
> and today we ran into a fairly bizarre problem.
> 
> The systems involved are Linux servers, and we're using the stock kaserver,
> etc.  I haven't done anything with v5 to keep things simple since this cell
> isn't going into production.
> 
> After setting up the first machine as a database and file server, everything
> seemed to be working ok.  We added a second db/file server, and again, it
> mounted AFS and everything looked like it was going smoothly.  We did the
> same steps on the third server (copying over the contents of /usr/afs/etc,
> etc.) and again could mount AFS.
> 
> Then we noticed something bizarre.  When we tried to authenticate as admin,
> we got an error message that the "user does not exist".  I looked in kas,
> but couldn't get a listing of the users because I didn't have authorization.
> Looking in the protection database indicated that admin still existed there,
> with an AFS ID of 1.  I finally shut down the servers and started bosserver
> in -noauth mode and did a kas list, and the only things that came back were:
> 
> AuthServer.Admin
> krbtgt.IMSA.EDU
> 
> Any ideas what might have happened?  Could one of the other servers have
> overwritten the database when syncing with it?  What can I do to recover
> from this?  Any help would be appreciated.
> 
> 
> Thanks,
> 
> Brian Sebby
> 


-- 
-----------------------------------------------------------------
Hartmut Reuter                           e-mail reuter@rzg.mpg.de
					   phone +49-89-3299-1328
RZG (Rechenzentrum Garching)               fax   +49-89-3299-1301
Computing Center of the Max-Planck-Gesellschaft (MPG) and the
Institut fuer Plasmaphysik (IPP)
-----------------------------------------------------------------