[OpenAFS] openafs installation
Russ Allbery
rra@stanford.edu
Fri, 26 Dec 2008 10:25:49 -0800
"Roman Hlynovskiy" <roman.hlynovskiy@gmail.com> writes:
> I am trying to implement openafs to a couple of servers according to
> this guide: http://www.debian-administration.org/articles/610
>
> afs-newcell
> goes fine
> kinit root/admin; aklog
> also ok
>
> but afs-rootvol
> fails on fs sa /afs system:anyuser rl
> with
> fs sa /afs system:anyuser rl
> fs: You don't have the required access rights on '/afs'
> Failed: 256
>
> at the same time openafs module dumps the following line to dmesg:
> afs: Tokens for user of AFS id 0 for cell forever.kz are discarded
> (rxkad error=19270407)
windlord:~> translate_et 19270407
19270407 (rxk).7 = security object was passed a bad ticket
Chances are fairly high that this error message means that your AFS server
disagrees with your Kerberos server about the afs/* key. In other words,
what you have in the KeyFile for your AFS server doesn't match what's in
the KDC, either in the key or in the kvno. Possible causes:
* The key in the KDC is not restricted to only a DES enctype.
* You've changed the KDC key (such as with a subsequent kadmin addkey
command) since you imported the key into the AFS KeyFile with asetkey.
* You specified the wrong kvno in the asetkey command.
* You have both an afs key and an afs/<cell> key in Kerberos and aklog
isn't using the one that you expect it to use.
--
Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>