[OpenAFS] Re: Setting Up OpenAFS on FreeBSD

Benjamin Kaduk kaduk@MIT.EDU
Tue, 26 Jun 2012 18:34:03 -0400 (EDT)

On Tue, 26 Jun 2012, Andrew Deason wrote:

> On Tue, 26 Jun 2012 14:29:04 -0700
> Tim Gustafson <tjg@soe.ucsc.edu> wrote:
>> I was able to get past this problem by using FreeBSD's Kerberos
>> server.  I was previously trying to integrate with our MIT Kerberos
>> server, but that seems to be problematic.
> To be clear, that previous error should not be caused by any interaction
> with the KDC; that is an error reached while just looking at the local
> filesystem. It could have been triggered by troubles with the key
> extraction, though.
>> So, I set up FreeBSD Kerberos and now I've gotten to this command:
>> root@host: pts createuser -name tjg -id 1234 -localauth
>> pts: Couldn't read/write the database ; unable to create user tjg with id 1234
> Can you read from the database ('pts examine system:anyuser')? Is there
> anything in PtLog? I don't know where PtLog is with the paths the
> FreeBSD port uses, but it's wherever the other logs are. Can you check
> that prdb.DB0 and prdb.DBSYS exist, and appear to be writeable by root?
> I'm not sure where these are in the FreeBSD port, either, but they

At the moment, they are not initialized at all by the packaging, and I'm 
not entirely sure where the binaries would be looking for them.  truss(1) 
should know, though.

> should be in a /var/lib-like location.

I am told that you will need to use pt_util to initialize a protection 
database as part of setting up a server.

> I'm not sure if I've ever seen someone actually encounter that error
> before. Keep in mind it may be possible you are encountering
> BSD-specific bugs in OpenAFS, since I don't think modern AFS dbservers
> on any BSD are very common. (Not that the servers should have much
> platform-specific code in them...)

The servers should be portable; he is definitely running into issues with 
the wiki page linked in the original message being incorrect.

I don't have more detailed instructions handy at the moment, though.


P.S. Andrew, the instructions were originally from Tracy's talk but I 
tweaked them so as to not require building from source by hand.  This is 
where some of the transarc/non-transarc path issues arose, but the prdb 
initialization problems are more generic.