Fwd: Re: [OpenAFS] Re: IPA + OpenAFS

Qing Chang qchang@sri.utoronto.ca
Thu, 12 Jul 2012 17:18:52 -0400 

On 12/07/2012 4:47 PM, Andrew Deason wrote:
>  On Thu, 12 Jul 2012 15:10:36 -0500
>  Qing Chang<qchang@sri.utoronto.ca>   wrote:
>
>>  [root@smb1 ~]# asetkey list
>>  kvno   20:
>  I assume you removed the actual key from this output? That is, 'asetkey'
>  did show a key there. What about 'bos listkeys'? Can you run 'kvno
>  afs/openafs.sri.utoronto.ca' after authenticating? Are there any
>  afs-related messages in /var/log/messages? (or /var/log/syslog, or
>  whatever; 'dmesg' should also show them)
yes, I removed the key displayed.

[root@smb1 log]# bos listkeys -server smb1
bos: you are not authorized for this operation error encountered while listing keys

[root@smb1 log]# kvno afs/openafs.sri.utoronto.ca
afs/openafs.sri.utoronto.ca@SRI.UTORONTO.CA: kvno = 20

[root@smb1 log]# dmesg |grep -i afs
openafs: module license 'http://www.openafs.org/dl/license10.html' taints kernel.
Starting AFS cache scan...found 1 non-empty cache files (0%).
SELinux: initialized (dev afs, type afs), uses genfs_contexts

>>  [root@smb1 ~]# fs setacl /afs system:anyuser rl
>>  fs: You don't have the required access rights on '/afs'
>  Also, you don't need to do this if you are running with 'dynroot' (an
>  option that can be turned off or on in the init script configuration). I
>  thought we gave a different error in that case, but perhaps that is it.
>  Is there anything in /afs ? Does 'fs listacl /afs' show anything?
I actually removed dynroot because of the timeout error message. Now I put dynroot
back and get this as expected:
[root@smb1 ~]# fs setacl /afs system:anyuser rl
fs:'/afs': Connection timed out

[root@smb1 ~]# fs listacl /afs
fs:'/afs': Connection timed out

/afs has the global afs structure plus my cell:
[root@smb1 ~]# ls -l /afs
total 802
.....
drwxr-xr-x. 100 root root 4096 Dec 31  1969 numenor.mit.edu
drwxr-xr-x. 100 root root 4096 Dec 31  1969 oc7.org
drwxr-xr-x. 100 root root 4096 Dec 31  1969 openafs.sri.utoronto.ca
drwxr-xr-x. 100 root root 4096 Dec 31  1969 pdc.kth.se
.....

Qing