[OpenAFS] Debian - openafs -noauth problems
Madhusudan Singh
singh.madhusudan@gmail.com
Mon, 15 Aug 2005 11:26:16 -0400
Hi
Thanks for your response.
On Saturday 13 August 2005 7:41 am, Sergio Gelato wrote:
> * Madhusudan Singh [2005-08-12 15:34:14 -0400]:
> > Tokens held by the Cache Manager:
> >
> > User's (AFS ID 2) tokens for afs@omega.domain.edu [Expires Aug 13 01:18]
> > --End of list--
> >
> > omega:~# fs setacl /afs system:anyuser rl
> > fs: You don't have the required access rights on '/afs'
> >
> > Yet again.
>
> Yes, and to me that still smells of a krb.conf problem. Can you show us
> the ouput of head -1 krb.conf (i.e., the first line of the file)? That
> should name the realm for your cell, and no other.
>
I get :
omega:~# head -1 /etc/openafs/server/krb.conf
KERBEROS.DOMAIN.EDU
> If that checks out, I'd look at the enctypes for the afs/omega.domain.edu
> Kerberos principal. Make sure it only has single-DES: no DES3, no AES, etc.
> At the very least you should check that kinit/aklog got you single-DES
> AFS service tickets (klist -e (MIT, Sun) or klist -v (Heimdal) should
> tell).
>
I have :
Etype (skey, tkt): DES cbc mode with CRC-32, DES cbc mode with CRC-32
> > Out of sheer frustration,
> >
> > omega:~# cd /etc/openafs/server
> > omega:/etc/openafs/server# ln -s /etc/krb.conf .
>
> How about a bos restart at this point?
>
Done.
omega:~# /etc/init.d/openafs-fileserver restart
Same as before :
omega:~# fs setacl /afs system:anyuser rl
fs: You don't have the required access rights on '/afs'