[OpenAFS] Problems with OpenAFS Fileserver.../ Kerberos5 Problem
Lars Schimmer
schimmer@cg.cs.tu-bs.de
Thu, 17 Mar 2005 19:39:43 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Jeffrey Hutzelman schrieb:
|
|
| On Thursday, March 17, 2005 05:42:11 PM +0100 Lars Schimmer
| <schimmer@cg.cs.tu-bs.de> wrote:
|
|> -----BEGIN PGP SIGNED MESSAGE-----
|> Hash: SHA1
|>
|> Hi!
|>
|> One of our fileserver prints out:
|> VL_RegisterAddrs rpc failed; will retry periodically (code=19270408,
|> err=0)
|> in the filelog.
|> OK, it is okd 1.3.73 on 2.6.9 kernel, I?m gonna update these both next
|> hour, but any hint for me, whats wrong there?
|
|
| error 19270408
| 19270408 RXK.8 RXKADUNKNOWNKEY
| ticket contained unknown key version number
|
| Which means the keyfile on that fileserver is not the same as the one on
| whichever vlserver is the coordinator (normally the one with the lowest
| IP address).
|
|
|> Ok, I checked another Server with 2.6.10 and 1.3.79 AFS with MIT
|> Kerberos5.
|> Taht filelog prints out:
|> Wed Mar 16 10:31:52 2005 File server starting
|> Wed Mar 16 10:31:52 2005 afs_krb_get_lrealm failed, using cg.cs.tu-bs.de.
|> Wed Mar 16 10:31:53 2005 VL_RegisterAddrs rpc failed; will retry
|> periodically (code=19270408, err=0)
|
|
| Same problem.
|
|> Wed Mar 16 10:31:55 2005 Couldn't get CPS for AnyUser, will try again in
|> 30 seconds; code=19270408.
|
|
| Same problem, but this error is talking to the ptserver, not the vlserver.
|
|
|> And keyfile, I changed the original one (to add the line for kerberos5)
|> and manually copied it to all fileservers.
|> Could it be, that the fileservers need to restart to accept this new
|> keyfile?
|
|
| Possibly.
Thx for the quick answer. But I´m not at work right now, so I´m kinda
letft out. Next thing I´ll try is to restart all the fileservers and see
whats happen after that.
If there are two entrys in the keyfile, one from old kaserver and one
from Kerberos5 server, and the krb5 hat kvno of 1, the kaserver a kvno
of 0, is it possible for all clients (linux and windows) to get tokens
via kaserv? The new kerberos server isn´t in their (clients) CellServDB
yet.
| -- Jeff
Thx,
Lars
- --
- -----------------------------------------------------------------
Technische Universität Braunschweig, Institut für Computergraphik
Tel.: +49 531 391-2109 E-Mail: schimmer@cg.cs.tu-bs.de
PGP-Key-ID: 0xB87A0E03
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (MingW32)
iD8DBQFCOc7uVguzrLh6DgMRAl6MAJ47PyVmRd/bAgPsluJEXu/jiyi6LgCgt3fI
rzzOjCJwPKz5NBs1bK8uru8=
=ICFN
-----END PGP SIGNATURE-----