[OpenAFS] Re: afs-newcell fail: Couldn't get CPS for AnyUser
Xiong Jiang
linuster@gmail.com
Sat, 2 May 2009 04:54:04 -0700
Problem solved by using the key for afs/cell.name@REALM.NAME, instead
of afs@REALM.NAME. I don't know why I cannot use the later.
So the section about the Kerberos principal and key in the guide at
http://www.debian-administration.org/article/OpenAFS_installation_on_Debian
should be:
sudo rm -f /tmp/afs.keytab
sudo kadmin.local
Authenticating as principal root/admin@SPINLOCK.HR with password.
kadmin.local: addprinc -policy service -randkey -e des-cbc-crc:v4
afs/spinlock.hr
Principal "afs/spinlock.hr@SPINLOCK.HR" created.
kadmin.local: ktadd -k /tmp/afs.keytab -e des-cbc-crc:v4 afs/spinlock.hr
Entry for principal afs with kvno 3, encryption type DES cbc mode with
CRC-32 added to keytab WRFILE:/tmp/afs.keytab.
kadmin.local: quit
On Fri, May 1, 2009 at 11:41 AM, Xiong Jiang <linuster@gmail.com> wrote:
> Error when run aklog.
> I don't know why it tries to get ticket for afs/mytv@MYTV.HOME,
> afs/mytv@MYTV, afs@MYTV, while I only have principal afs@MYTV.HOME.
>
> Any idea?
>
> aklog -d
> Authenticating to cell mytv (server mytv).
> Trying to authenticate to user's realm MYTV.HOME.
> Getting tickets: afs/mytv@MYTV.HOME
> We've deduced that we need to authenticate using referrals.
> Getting tickets: afs/mytv@
> We've deduced that we need to authenticate to realm MYTV.
> Getting tickets: afs/mytv@MYTV
> Getting tickets: afs@MYTV
> Kerberos error code returned by get_cred : -1765328377
> aklog: Couldn't get mytv AFS tickets:
> aklog: unknown RPC error (-1765328377) while getting AFS tickets
>
> The principals I have are:
> root@mytv:/etc/openafs# kadmin.local
> Authenticating as principal root/admin@MYTV.HOME with password.
> kadmin.local: =A0listprincs
> K/M@MYTV.HOME
> afs@MYTV.HOME
> jxiong@MYTV.HOME
> kadmin/admin@MYTV.HOME
> kadmin/changepw@MYTV.HOME
> kadmin/history@MYTV.HOME
> krbtgt/MYTV.HOME@MYTV.HOME
> root/admin@MYTV.HOME
>
>
> On Fri, May 1, 2009 at 11:33 AM, Xiong Jiang <linuster@gmail.com> wrote:
>> Finally, I get the cell created after managed to rewind/delete the
>> server processes in bosserver.
>>
>> I think the reboot makes difference but still don't know what stale
>> status it did clean up.
>>
>> Maybe I'll try a fresh start again some time later.
>>
>> Xiong
>>
>> On Fri, May 1, 2009 at 5:27 AM, Xiong Jiang <linuster@gmail.com> wrote:
>>> Hi there,
>>>
>>> I am installing OpenAFS on ubuntu karmic following the doc at:
>>> http://www.debian-administration.org/article/OpenAFS_installation_on_De=
bian
>>>
>>> The OpenAFS version is 1.4.9.dfsg1-0+ubuntu3
>>>
>>> I got error when running afs-newcell:
>>> ...
>>> bos setrestart mytv.home -time never -general -localauth
>>> Waiting for database elections: done.
>>> vos create mytv.home a root.afs -localauth
>>> vos : partition a does not exist on the server
>>> Failed: 65280
>>>
>>> Cell setup failed, ABORTING
>>>
>>> and in /var/log/openafs/FileLog there is error:
>>> Fri May =A01 04:59:13 2009 File server starting
>>> Fri May =A01 04:59:13 2009 afs_krb_get_lrealm failed, using mytv.home.
>>> Fri May =A01 04:59:13 2009 Couldn't get CPS for AnyUser, will try again=
in 30
>>> seconds; code=3D267275.
>>>
>>> I verified that no partition is created by fileserver. How to
>>> troubleshoot the error "Couldn't get CPS for AnyUser..."
>>>
>>> Any hint is appreciated.
>>>
>>> Xiong
>>>
>>
>