[OpenAFS] Access rights

Hagbard Celine Hagbard Celine <footourist@gmail.com>
Fri, 14 Jan 2005 12:59:43 +0100 

Hello,

I'm quite new in both the kerberos and the afs world. I'm trying to
start an afs cell in my home network.
The machine I'm starting install to is a x86 debian 2.6.10 machine and
for a lot of other reason I would like not go back to the 2.4 kernel
series.
So, in order to have the kernel module I've installed the 1.3.74
version of openafs from the experimental debian repository. As
kerberosV implementation I'm using heimdal 0.6.3 as provided in the
unstable debian repository.

I've followed the instruction on
http://www.hpc2n.umu.se/support/showdoc.html?doc=admin/afs/server/initial
as their setup reflect mine.

All goes as expected until the 6.5 step, the one where I create the
volumes and I should mount them on /afs partition.
After a bit of trouble, caused by the delay between the fileserver
restart and the exact time when it's ready to issue the volume
creation commands, I was able to create the root.afs and root.cell
volumes.

Then it's said to kinit into the admin account specified before and
issue some "fs mkm" commands. It's not said but I suppose I've to
start the afs client to mount the /afs directory as an AFS filesystem.
I'm at this point and:

deathstar:~# fs mkm /afs/inet6.info root.cell -cell inet6.info -fast
fs: You don't have the required access rights on '/afs/inet6.info'

This is what I get. I don't have the required access rights.
I've looked at the heimdal log, but seems that no request is made to
the kerberos at this point, so no clue there.

I've googled a bit and I have found that I should issue the "afslog"
command to get tokens or something.
So, after a bit of problems caused by a misconfiguration of the
heimdal kdc (about krb4 support), and some strange but time-related
problem with afslog (at one point all tries with afslog ended in some
Unknown errors, but the problem solved by himself waiting few hours) I
was able to issue the afslog command without errors and get tokens:

deathstar:~# afslog -v
krb5 tried afs@INET6.INFO -> -1765328377
krb5 tried afs/inet6.info@INET6.INFO -> 0
deathstar:~# tokens

Tokens held by the Cache Manager:

Tokens for afs@inet6.info [Expires Jan 14 22:38]
   --End of list--

but:

deathstar:~# fs mkm /afs/inet6.info root.cell -cell inet6.info -fast
fs: You don't have the required access rights on '/afs/inet6.info'

still there.

I'm quite lost, and I hope someone of you can show me the right road.
Thanks.

-- 
---
Hagbard Celine