[OpenAFS] 1.4.2 installiation problems on Debian

Lars Bensmann lars@almosthappy.de
Fri, 23 Feb 2007 20:11:22 +0100 

Hello,

I've tried to install OpenAFS on Debian Sarge (with backports-Packages
from etch) on Debian for a couple of days now and don't get it to work.

I've installed the following packages:
Kerberos-Packages are version: 1.4.4-6~bpo.1
krb5-admin-server
krb5-config
krb5-kdc
krb5-user

OpenAFS-Packages are version: 1.4.2-4~bpo.1
openafs-client
openafs-dbserver
openafs-fileserver
openafs-krb5
openafs-modules-source

I've successfully built the required kernel-module-package:
openafs-modules-2.6.18-4-k7

I've followed the installation instructions for Debian in
README.servers.gz, especially I executed:

krb5_newrealm
kadmin.local: addprinc lb/admin
kadmin.local: addprinc lb
kadmin.local: addprinc -randkey -e des-cbc-crc:v4 afs
kadmin.local: ktadd -k /tmp/afs.keytab -e des-cbc-crc:v4 afs

asetkey add <kvno> /tmp/afs.keytab afs
afs-newcell

So far, so good. The -local checks all work:

# bos status localhost -local
Instance ptserver, currently running normally.
Instance vlserver, currently running normally.
Instance fs, currently running normally.
    Auxiliary status is: file server running

# kinit lb/admin@GBIT-GMBH.DE
Password for lb/admin@GBIT-GMBH.DE:
# aklog -d gbit-gmbh.de -k GBIT-GMBH.DE
Authenticating to cell gbit-gmbh.de (server kain.gbit-gmbh.de).
We were told to authenticate to realm GBIT-GMBH.DE.
Getting tickets: afs/gbit-gmbh.de@GBIT-GMBH.DE
Principal not found, trying alternate service name: afs/@GBIT-GMBH.DE
Using Kerberos V5 ticket natively
About to resolve name lb.admin to id in cell gbit-gmbh.de.
Id 1
Set username to AFS ID 1
Setting tokens. AFS ID 1 /  @ GBIT-GMBH.DE
# tokens

Tokens held by the Cache Manager:

User's (AFS ID 1) tokens for afs@gbit-gmbh.de [Expires Feb 24 06:06]
   --End of list--

But omitting -local does not:
# bos status kain.gbit-gmbh.de
bos: failed to contact host's bosserver (security object was passed a bad ticket).

As I don't have any experience with neither OpenAFS nor Kerberos I'm
stuck and don't know what to do.

Does anybody have an idea what I did wrong and what I can do to fix
this?

Thanks a lot,
Lars

-- 
Here pigs will fly, lightning will strike twice, hell will freeze over,
and eventually, things will get really interesting...