[OpenAFS] fs: You don't have the required access rights on '/afs'
- SOLVED
Tony D'Amato
tdamato@odu.edu
Fri, 12 Dec 2008 08:46:41 -0500
FYI - I've already been told that I just sent everyone what was the real
key (excised below) :-( , but it's now been changed...
Oh well, live and learn... Thanks again to Jeff, Doug and Derrick for
the help!
---
Tony.
Tony D'Amato wrote:
> After working the problem with Jeffrey Altman and Douglas Engert as
> well as Derrick Brashear offline, here's what I was doing wrong:
>
> 1) The afs/lionstest.odu.edu key was using the wrong salt... I fixed
> this by removing all instances of afs/lionstest.odu.edu from the
> keytab and from AFS (using asetkey delete) and replaced them with the
> proper one, then recycled the server:
>
> kadmin: addprinc -randkey -e "des-cbc-crc:v4" afs/lionstest.odu.edu
>
> kadmin: ktadd -e "des-cbc-crc:v4" afs/lionstest.odu.edu
>
> [..snip..]
>
> # asetkey add 3 /etc/krb5/krb5.keytab afs/lionstest.odu.edu
>
> [..snip..]
> 2) Because I'm using a Kerberos realm name which does not match the
> AFS cell name, I had to enter that realm into the following two files
> and recycle the AFS server and client:
>
> /usr/vice/etc/krb.conf # for the client
> /usr/afs/etc/krb.conf # for the server
>
> Once this was done, it worked!
>
> # tokens
>
> Tokens held by the Cache Manager:
>
> User's (AFS ID 1) tokens for afs@lionstest.odu.edu
> <mailto:afs@lionstest.odu.edu> [Expires Dec 12 01:58]
> --End of list--
> # fs setacl /afs system:anyuser rl
> # fs listacl /afs
> Access list for /afs is
> Normal rights:
> system:administrators rlidwka
> system:anyuser rl
> #
>
>
> Thanks for all of you - you're the greatest!
> --
> Tony D'Amato, SCSA (it's Exchange that puts "Nicholas" there)
> Senior UNIX Systems Administrator
> Server Support Group, OCCS
> Old Dominion University
>