[OpenAFS] Rookie problems

[David S.]

I'm trying to install OpenAFS 1.3.71 on Linux 2.6.8.1 system 
(x86 hardware), with Heimdal 0.6.3.  I'm making this machine a KDC,
an AFS server, and an AFS client.  It will just be an AFS server
eventually, but for testing purposes it needs to perform all three
roles now.  I've followed the instructions at 

	http://www.central.org/twiki/bin/view/AFSLore/KerberosAFSInstall

the "Installing Kerberos & AFS" section of the "AFSLore" wiki.  I'm
obviously doing something wrong with the Kerberos configuration, and I'd 
be grateful for some guidance on where to look for the problem.

I'm fairly sure that my Kerberos domain is working properly at a basic
level.  I can "kinit" and get tickets, and telnet into the localhost using 
Kerberos authentication.  Likewise, I think that my installation and 
configuration of OpenAFS went well, or at least well enough not to leave 
any error messages is the log files.  I'm stuck in the section of the
OpenAFS installation documentation entitled "Configuring the Top Levels 
of the AFS Filespace".  The AFS servers and the cache manager seem to
be running properly.  I can "kinit" as the "admin" user and get what
seem to be valid tickets, but when I try the command

	fs setacl /afs system:anyuser rl

I get the response

	fs: You don't have the required access rights on '/afs'

(I did use 'pts' to create and add the "admin" user to the AFS
database.)  Indeed, if I try the "tokens" command, I get

	tweedledee:28% tokens

	Tokens held by the Cache Manager:

	User's (AFS ID 20177) tokens for afs@grid.gs.washington.edu [Expires Oct  8 03:05]
	   --End of list--

I'm not sure what I should see here, but I don't think that's right.
Trying various combinations of "kinit", "kinit --afslog", and "afslog"
didn't make any difference.

I'm at a loss.  I'd be grateful for any help.

David S.