[OpenAFS] Adding Additional Fileserver to Cell
Mike Bydalek
mbydalek@contentconnections.com
Fri, 8 Sep 2006 13:18:24 -0700
Hi Chris,
Chris Huebsch wrote:
> Hi,
>
> On Fri, 8 Sep 2006, Mike Bydalek wrote:
>
>> Thanks for the responses Russ and Ted. I read through everything, but
>> I'm still having problems that I can't figure out.
>>
>> Here are the commands that I'm trying to execute on the new fileserver
>> (mars) where the database server is (earth). I have kadmin and aklog'd
>> as admin which belongs to the system:administrators group.
>
> You say that you have a valid token for your cell. Can you verify that
> by creating a volume on your aold fileserver?
Works as expected:
root@earth:/etc# vos create earth.testbed.lan /vicepa test.vol
Volume 536870927 created on partition /vicepa of earth.testbed.lan
>
> My guess is that your fileserver does not have the necesarry information
> to validate your token.
>
> Every fileserver has to have a keyfile storing some sort of key for
> decrypting or something like that. (If you want to know more, read about
> Kerberos protocols.)
>
> This file is called KeyFile and stored on each server. If those files
> are not identical, authentication will fail.
To setup the new fileserver, I copied over the keytab that I created and
ran asetkey successfully. You're right in that there is a problem with
the authentication, but I am able to get tokens successfully.
root@mars:/etc# aklog -d -c testbed.lan -k TESTBED.LAN
Authenticating to cell testbed.lan (server earth.testbed.lan).
We were told to authenticate to realm TESTBED.LAN.
Getting tickets: afs/testbed.lan@TESTBED.LAN
Principal not found, trying alternate service name: afs/@TESTBED.LAN
Using Kerberos V5 ticket natively
About to resolve name admin to id in cell testbed.lan.
Id 1
Set username to AFS ID 1
Setting tokens. AFS ID 1 / @ TESTBED.LAN
But if I try and do something that requires authentication, it fails:
root@mars:/var/log/openafs# bos listkeys mars.testbed.lan -cell testbed.lan
bos: you are not authorized for this operation error encountered while
listing keys
But the keys are there ...
root@mars:/var/log/openafs# bos listkeys mars.testbed.lan -cell
testbed.lan -localauth
key 3 has cksum 2873560082
Keys last changed on Fri Sep 8 12:19:55 2006.
All done.
Am I missing something obvious?
>
> A good hint is to read the logfiles of your AFS-Server too. They are not
> too verbose, but they can contain valuable information sometimes.
>
> You find them in the logs directory.
The logs haven't proved too useful so far =/
Thanks!
-Mike