[OpenAFS] RHEL4 kdc/afs server - using "afs" vs "afs/<cellname>" in kerberos
Sun, 21 Sep 2008 16:56:44 +0000 (GMT)
Thank you very much Sergio (and Jason for F9 pointer)!=20
I gave up on using the microsoft KDC server for now & as someone suggested =
followed the Fedora9 instructions to do as they do, own+operate RHEL kdc se=
rver on the new (test) AFS server itself to get everything working.=20
Doing this, things are progressing further.
But it seems just using "afs" is insufficient on RHEL :
root@vlad> kadmin.local -q "addprinc -randkey afs"
Authenticating as principal root/admin@KTEST.PHY with password.
WARNING: no policy specified for afs@KTEST.PHY; defaulting to no policy
Principal "afs@KTEST.PHY" created.
Because down the road aklog failed:
aklog: Couldn't get atest.phy AFS tickets:
aklog: unknown RPC error (-1765328377) while getting AFS tickets
Based on the error in /var/log/krb5kdc.log:
UNKNOWN_SERVER: authtime 1222007068, admin@KTEST.PHY for
afs/atest.phy@KTEST.PHY, Server not found in Kerberos database
it seems pretty obvious there was a difference between
So the solution was to instead use afs/<cellname>
root@vlad> kadmin.local -q "addprinc -randkey afs/atest.phy"
Then aklog works. (Is there a different/better solution?)
But then next step fs setacl doesn't:
root@vlad> fs setacl /afs system:anyuser rl
fs: You don't have the required access rights on '/afs'
I've reproduced this on another test server, exactly.
Can anyone clarify using afs in the kerberos commands vs afs/<cellname> ??
RHEL debugging hints welcome!
> I also see /usr/share/doc/openafs-dbserver/README.servers.gz and
These appear to be un-RHEL things - no such package openafs-docs for RHEL.
Could you send them to me somehow?
The posting & perl scripts listed on
are somewhat useful, if they're not out of date.
Very grateful thanks for all for hints+help.