[OpenAFS] enctype issues with Heimdal and debian for afs/cell

Gémes Géza geza@kzsdabas.hu
Fri, 19 Jul 2013 14:29:36 +0200


2013-07-19 14:15 keltezéssel, Coy Hile írta:
>
>> Maybe you should remove the non des-cbc ones and couldn't hurt to have a
>> des-cbc-crc one as well before generating the KeyFile
> That certainly helped.  Now I'm getting a different set of errors from aklog;
>
> chaos:/var/log # aklog -d
> Authenticating to cell coyhile.com (server chaos.coyhile.com).
> Trying to authenticate to user's realm COYHILE.COM.
> Getting tickets: afs/coyhile.com@COYHILE.COM
> Using Kerberos V5 ticket natively
> About to resolve name admin to id in cell coyhile.com.
> Id 1
> Set username to AFS ID 1
> Setting tokens. AFS ID 1 @ coyhile.com
> aklog: unknown cell was passed to SetToken while obtaining tokens for cell coyhile.com
>
> Yet the server seems to know its cell:
>
> chaos:/var/log # bos listhosts chaos -localauth
> Cell name is coyhile.com
>      Host 1 is chaos.coyhile.com
> chaos:/var/log #
>
> Am I conflating error messages since I've configured neither the client (besides whatever configuration debconf did on install) nor the (da)fileserver yet?
>
> -c
The problem seems to be that the client (even if it on same box) needs 
to know about the dbserver(s). You have two choices:
1. Add them to the /etc/openafs/CellServDB on each client,
or
2. set up two SRV records on dns:
_afs3-vlserver._udp.coyhile.com
_afs3-prserver._udp.coyhile.com

for each db servers in your cell.

IMHO first method is faster to accomplish with a small number of 
clients, second is more future proof as new client systems get added to 
your cell.

Regards

Geza Gemes