[OpenAFS] fs: You don't have the required access rights on '/afs'
Tony D'Amato
tdamato@odu.edu
Thu, 11 Dec 2008 11:26:36 -0500
This is a multi-part message in MIME format.
--------------070005070303020301050908
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Jeffrey Altman wrote:
> Tony D'Amato wrote:
>
>> Okay, I'm beating my head against the wall on this one... I've compiled,
>> installed, and attempting to set up OpenAFS 1.4.8 as a server on Solaris
>> 10 x86 (originally Update 5, with some U6 patches). I'm using Sun Studio
>> 12 to compile the software. After setting up the services with -noauth,
>> using asetkey to add the afs principal, created the admin principal
>> 'cell_admin' (we're a former DCE/DFS shop), but when I issue the setacl
>> on the /afs mount point, I get the infamous error message in the
>> subject. Please note that due to local requirements, the Kerberos domain
>> is not and cannot be the same as the AFS cell name... perhaps that's my
>> problem?
>>
>
> If the cache manager, afsd, is started using -dynroot /afs does not
> point to a real root.afs volume. So you can't set an ACL on it.
> Due to the fact that the kernel module cannot start if the root.afs
> volume cannot be accessed when -dynroot is off, -dynroot is becoming
> the default on more platforms.
>
Dynroot is off - I double-checked that one several times *grin*:
# ps -ef|grep afsd
root 1521 1359 0 11:23:05 pts/2 0:00 grep afsd
root 711 1 0 10:28:11 ? 0:00 /usr/vice/etc/afsd
-stat 2000 -dcache 800 -daemons 3 -volumes 70 -afsdb
root 693 1 0 10:28:11 ? 0:00 /usr/vice/etc/afsd
-stat 2000 -dcache 800 -daemons 3 -volumes 70 -afsdb
root 695 1 0 10:28:11 ? 0:00 /usr/vice/etc/afsd
-stat 2000 -dcache 800 -daemons 3 -volumes 70 -afsdb
root 692 1 0 10:28:11 ? 0:00 /usr/vice/etc/afsd
-stat 2000 -dcache 800 -daemons 3 -volumes 70 -afsdb
root 700 1 0 10:28:11 ? 0:00 /usr/vice/etc/afsd
-stat 2000 -dcache 800 -daemons 3 -volumes 70 -afsdb
root 701 1 0 10:28:11 ? 0:00 /usr/vice/etc/afsd
-stat 2000 -dcache 800 -daemons 3 -volumes 70 -afsdb
root 702 1 0 10:28:11 ? 0:00 /usr/vice/etc/afsd
-stat 2000 -dcache 800 -daemons 3 -volumes 70 -afsdb
root 703 1 0 10:28:11 ? 0:00 /usr/vice/etc/afsd
-stat 2000 -dcache 800 -daemons 3 -volumes 70 -afsdb
root 704 1 0 10:28:11 ? 0:00 /usr/vice/etc/afsd
-stat 2000 -dcache 800 -daemons 3 -volumes 70 -afsdb
#
> Perhaps that is your problem.
>
> What does fs examine /afs report?
>
Same thing:
# fs examine /afs
fs: You don't have the required access rights on '/afs'
It's wierd... I've set up servers before on Linux systems (specifically
RHEL and CentOS) perfectly fine, but this is my first Solaris server
install... Thanks!
--
Tony D'Amato, SCSA (it's Exchange that puts "Nicholas" there)
Senior UNIX Systems Administrator
Server Support Group, OCCS
Old Dominion University
--------------070005070303020301050908
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Jeffrey Altman wrote:
<blockquote cite="mid:49413D75.8080309@secure-endpoints.com" type="cite">
<pre wrap="">Tony D'Amato wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Okay, I'm beating my head against the wall on this one... I've compiled,
installed, and attempting to set up OpenAFS 1.4.8 as a server on Solaris
10 x86 (originally Update 5, with some U6 patches). I'm using Sun Studio
12 to compile the software. After setting up the services with -noauth,
using asetkey to add the afs principal, created the admin principal
'cell_admin' (we're a former DCE/DFS shop), but when I issue the setacl
on the /afs mount point, I get the infamous error message in the
subject. Please note that due to local requirements, the Kerberos domain
is not and cannot be the same as the AFS cell name... perhaps that's my
problem?
</pre>
</blockquote>
<pre wrap=""><!---->
If the cache manager, afsd, is started using -dynroot /afs does not
point to a real root.afs volume. So you can't set an ACL on it.
Due to the fact that the kernel module cannot start if the root.afs
volume cannot be accessed when -dynroot is off, -dynroot is becoming
the default on more platforms.
</pre>
</blockquote>
<br>
Dynroot is off - I double-checked that one several times *grin*:<br>
<br>
# ps -ef|grep afsd<br>
root 1521 1359 0 11:23:05 pts/2 0:00 grep afsd<br>
root 711 1 0 10:28:11 ? 0:00 /usr/vice/etc/afsd
-stat 2000 -dcache 800 -daemons 3 -volumes 70 -afsdb<br>
root 693 1 0 10:28:11 ? 0:00 /usr/vice/etc/afsd
-stat 2000 -dcache 800 -daemons 3 -volumes 70 -afsdb<br>
root 695 1 0 10:28:11 ? 0:00 /usr/vice/etc/afsd
-stat 2000 -dcache 800 -daemons 3 -volumes 70 -afsdb<br>
root 692 1 0 10:28:11 ? 0:00 /usr/vice/etc/afsd
-stat 2000 -dcache 800 -daemons 3 -volumes 70 -afsdb<br>
root 700 1 0 10:28:11 ? 0:00 /usr/vice/etc/afsd
-stat 2000 -dcache 800 -daemons 3 -volumes 70 -afsdb<br>
root 701 1 0 10:28:11 ? 0:00 /usr/vice/etc/afsd
-stat 2000 -dcache 800 -daemons 3 -volumes 70 -afsdb<br>
root 702 1 0 10:28:11 ? 0:00 /usr/vice/etc/afsd
-stat 2000 -dcache 800 -daemons 3 -volumes 70 -afsdb<br>
root 703 1 0 10:28:11 ? 0:00 /usr/vice/etc/afsd
-stat 2000 -dcache 800 -daemons 3 -volumes 70 -afsdb<br>
root 704 1 0 10:28:11 ? 0:00 /usr/vice/etc/afsd
-stat 2000 -dcache 800 -daemons 3 -volumes 70 -afsdb<br>
#<br>
<br>
<blockquote cite="mid:49413D75.8080309@secure-endpoints.com" type="cite">
<pre wrap="">
Perhaps that is your problem.
What does fs examine /afs report?
</pre>
</blockquote>
<br>
Same thing:<br>
<br>
# fs examine /afs<br>
fs: You don't have the required access rights on '/afs'<br>
<br>
<br>
It's wierd... I've set up servers before on Linux systems (specifically
RHEL and CentOS) perfectly fine, but this is my first Solaris server
install... Thanks!<br>
<pre class="moz-signature" cols="72">--
Tony D'Amato, SCSA (it's Exchange that puts "Nicholas" there)
Senior UNIX Systems Administrator
Server Support Group, OCCS
Old Dominion University
</pre>
</body>
</html>
--------------070005070303020301050908--