[OpenAFS] aklog: unknown RPC error (-1765328377) while getting AFS
tickets
marcus.nilsson@pulsen.se
marcus.nilsson@pulsen.se
Tue, 29 Jul 2008 09:42:00 +0200
This is a multipart message in MIME format.
--=_alternative 002A508DC1257495_=
Content-Type: text/plain; charset="US-ASCII"
Thanks! This is what I did on the fileserver:
# kadmin -q "addprinc -randkey afs/ps.pulsen"
WARNING: no policy specified for afs/ps.pulsen@PS.PULSEN; defaulting to no
policy
Principal "afs/ps.pulsen@PS.PULSEN" created.
# kadmin -q "ktadd -e des-cbc-crc:afs3 afs/ps.pulsen"
Entry for principal afs/ps.pulsen with kvno 3, encryption type DES cbc
mode with CRC-32 added to keytab WRFILE:/etc/krb5.keytab.
# asetkey add 3 /etc/krb5.keytab afs/ps.pulsen
# service openafs-server restart
Stopping openafs-server: [ OK ]
Starting openafs-server:
Now aklog now works without arguments on all clients. But on one ubuntu
8.04 machine running openafs 1.4.6 I get the folowing:
$ aklog -d
Authenticating to cell ps.pulsen (server afs01.gbg.ps.pulsen).
We've deduced that we need to authenticate using referrals.
Getting tickets: afs/ps.pulsen@
Using Kerberos V5 ticket natively
About to resolve name mani@PS.PULSEN to id in cell ps.pulsen.
Id 32766
doing first-time registration of mani@ps.pulsen at ps.pulsen
aklog: Permission denied so unable to create remote PTS user
mani@ps.pulsen in cell ps.pulsen (status: 267269).
Set username to mani@ps.pulsen
Setting tokens. mani@ps.pulsen / @ PS.PULSEN
I still get token;
$ tokens
Tokens held by the Cache Manager:
Tokens for afs@ps.pulsen [Expires Jul 30 08:39]
--End of list--
It seems that the client does not know witch cell it belong to.
CellServDB, ThisCell and /etc/krb5.conf is identical to fully working
clients. Any ideas?
Marcus
openafs-info-admin@openafs.org wrote on 07/29/2008 06:34:08 AM:
> Jeffrey Altman <jaltman@secure-endpoints.com>
> Sent by: openafs-info-admin@openafs.org
>
> 07/29/2008 06:37 AM
>
> Please respond to
> jaltman@secure-endpoints.com
>
> To
>
> marcus.nilsson@pulsen.se
>
> cc
>
> openafs-info@openafs.org
>
> Subject
>
> Re: [OpenAFS] aklog: unknown RPC error (-1765328377) while getting AFS
tickets
>
> KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN
>
> The service principal named "afs/ps.pulsen@GBG.PS.PULSEN" does not
> exist. Did you create it and install the matching key into the
> AFS KeyFile?
>
> marcus.nilsson@pulsen.se wrote:
> >
> > Hi!
> > I've just set up an new cell, "ps.pulsen" by folowing howto at the
> > AFSLore wiki (1). Everything works as expected, but I get an RPC error
> > shown below trying to obtain token;
> >
> > $ hostname
> > afs01.gbg.ps.pulsen
> > $ aklog -d
> > Authenticating to cell ps.pulsen (server afs01.gbg.ps.pulsen).
> > Trying to authenticate to user's realm PS.PULSEN.
> > Getting tickets: afs/ps.pulsen@PS.PULSEN
> > We've deduced that we need to authenticate using referrals.
> > Getting tickets: afs/ps.pulsen@
> > We've deduced that we need to authenticate to realm GBG.PS.PULSEN.
> > Getting tickets: afs/ps.pulsen@GBG.PS.PULSEN
> > Kerberos error code returned by get_cred : -1765328377
> > aklog: Couldn't get ps.pulsen AFS tickets:
> > aklog: unknown RPC error (-1765328377) while getting AFS tickets
> > $ aklog -c ps.pulsen -k PS.PULSEN
> > $ tokens
> >
> > Tokens held by the Cache Manager:
> >
> > User's (AFS ID 502) tokens for afs@ps.pulsen [Expires Jul 29 13:06]
> > --End of list--
> >
> > Fileserver, kdc and client are all running on CentOS 5.2 with openafs
> > 1.4.7 packages from atrpm.
> >
> > 1. http://www.dementia.org/twiki/bin/view/AFSLore/FedoraAFSInstall
> >
> >
> > Any help to would be greatly appreciated!
> >
> > / Marcus
--=_alternative 002A508DC1257495_=
Content-Type: text/html; charset="US-ASCII"
<br><font size=2 face="sans-serif">Thanks! This is what I did on the fileserver:</font>
<br>
<br><font size=2 face="sans-serif"># kadmin -q "addprinc -randkey
afs/ps.pulsen"</font>
<br><font size=2 face="sans-serif">WARNING: no policy specified for afs/ps.pulsen@PS.PULSEN;
defaulting to no policy</font>
<br><font size=2 face="sans-serif">Principal "afs/ps.pulsen@PS.PULSEN"
created.</font>
<br><font size=2 face="sans-serif"># kadmin -q "ktadd -e des-cbc-crc:afs3
afs/ps.pulsen"</font>
<br><font size=2 face="sans-serif">Entry for principal afs/ps.pulsen with
kvno 3, encryption type DES cbc mode with CRC-32 added to keytab WRFILE:/etc/krb5.keytab.</font>
<br><font size=2 face="sans-serif"># asetkey add 3 /etc/krb5.keytab afs/ps.pulsen</font>
<br><font size=2 face="sans-serif"># service openafs-server restart</font>
<br><font size=2 face="sans-serif">Stopping openafs-server:
[ OK ]</font>
<br><font size=2 face="sans-serif">Starting openafs-server: </font>
<br>
<br><font size=2 face="sans-serif">Now aklog now works without arguments
on all clients. But on one ubuntu 8.04 machine running openafs 1.4.6 I
get the folowing:</font>
<br>
<br><font size=2 face="sans-serif">$ aklog -d</font>
<br><font size=2 face="sans-serif">Authenticating to cell ps.pulsen (server
afs01.gbg.ps.pulsen).</font>
<br><font size=2 face="sans-serif">We've deduced that we need to authenticate
using referrals.</font>
<br><font size=2 face="sans-serif">Getting tickets: afs/ps.pulsen@</font>
<br><font size=2 face="sans-serif">Using Kerberos V5 ticket natively</font>
<br><font size=2 face="sans-serif">About to resolve name mani@PS.PULSEN
to id in cell ps.pulsen.</font>
<br><font size=2 face="sans-serif">Id 32766</font>
<br><font size=2 face="sans-serif">doing first-time registration of mani@ps.pulsen
at ps.pulsen</font>
<br><font size=2 face="sans-serif">aklog: Permission denied so unable to
create remote PTS user mani@ps.pulsen in cell ps.pulsen (status: 267269).</font>
<br><font size=2 face="sans-serif">Set username to mani@ps.pulsen</font>
<br><font size=2 face="sans-serif">Setting tokens. mani@ps.pulsen / @
PS.PULSEN </font>
<br>
<br><font size=2 face="sans-serif">I still get token;</font>
<br>
<br><font size=2 face="sans-serif">$ tokens</font>
<br>
<br><font size=2 face="sans-serif">Tokens held by the Cache Manager:</font>
<br>
<br><font size=2 face="sans-serif">Tokens for afs@ps.pulsen [Expires Jul
30 08:39]</font>
<br><font size=2 face="sans-serif"> --End of list--</font>
<br>
<br><font size=2 face="sans-serif">It seems that the client does not know
witch cell it belong to. CellServDB, ThisCell and /etc/krb5.conf is identical
to fully working clients. Any ideas?</font>
<br>
<br><font size=2 face="sans-serif">Marcus</font>
<br>
<br>
<br>
<br><tt><font size=2>openafs-info-admin@openafs.org wrote on 07/29/2008
06:34:08 AM:<br>
<br>
> Jeffrey Altman <jaltman@secure-endpoints.com> </font></tt>
<br><tt><font size=2>> Sent by: openafs-info-admin@openafs.org<br>
> </font></tt>
<br><tt><font size=2>> 07/29/2008 06:37 AM</font></tt>
<br><tt><font size=2>> <br>
> Please respond to<br>
> jaltman@secure-endpoints.com</font></tt>
<br><tt><font size=2>> <br>
> To</font></tt>
<br><tt><font size=2>> <br>
> marcus.nilsson@pulsen.se</font></tt>
<br><tt><font size=2>> <br>
> cc</font></tt>
<br><tt><font size=2>> <br>
> openafs-info@openafs.org</font></tt>
<br><tt><font size=2>> <br>
> Subject</font></tt>
<br><tt><font size=2>> <br>
> Re: [OpenAFS] aklog: unknown RPC error (-1765328377) while getting
AFS tickets</font></tt>
<br><tt><font size=2>> <br>
> KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN<br>
> <br>
> The service principal named "afs/ps.pulsen@GBG.PS.PULSEN"
does not<br>
> exist. Did you create it and install the matching key into the<br>
> AFS KeyFile?<br>
> <br>
> marcus.nilsson@pulsen.se wrote:<br>
> > <br>
> > Hi!<br>
> > I've just set up an new cell, "ps.pulsen" by folowing
howto at the <br>
> > AFSLore wiki (1). Everything works as expected, but I get an
RPC error <br>
> > shown below trying to obtain token;<br>
> > <br>
> > $ hostname<br>
> > afs01.gbg.ps.pulsen<br>
> > $ aklog -d<br>
> > Authenticating to cell ps.pulsen (server afs01.gbg.ps.pulsen).<br>
> > Trying to authenticate to user's realm PS.PULSEN.<br>
> > Getting tickets: afs/ps.pulsen@PS.PULSEN<br>
> > We've deduced that we need to authenticate using referrals.<br>
> > Getting tickets: afs/ps.pulsen@<br>
> > We've deduced that we need to authenticate to realm GBG.PS.PULSEN.<br>
> > Getting tickets: afs/ps.pulsen@GBG.PS.PULSEN<br>
> > Kerberos error code returned by get_cred : -1765328377<br>
> > aklog: Couldn't get ps.pulsen AFS tickets:<br>
> > aklog: unknown RPC error (-1765328377) while getting AFS tickets<br>
> > $ aklog -c ps.pulsen -k PS.PULSEN<br>
> > $ tokens<br>
> > <br>
> > Tokens held by the Cache Manager:<br>
> > <br>
> > User's (AFS ID 502) tokens for afs@ps.pulsen [Expires Jul 29
13:06]<br>
> > --End of list--<br>
> > <br>
> > Fileserver, kdc and client are all running on CentOS 5.2 with
openafs <br>
> > 1.4.7 packages from atrpm.<br>
> > <br>
> > 1. </font></tt><a href=http://www.dementia.org/twiki/bin/view/AFSLore/FedoraAFSInstall><tt><font size=2>http://www.dementia.org/twiki/bin/view/AFSLore/FedoraAFSInstall</font></tt></a><tt><font size=2><br>
> > <br>
> > <br>
> > Any help to would be greatly appreciated!<br>
> > <br>
> > / Marcus<br>
</font></tt>
--=_alternative 002A508DC1257495_=--