[OpenAFS] enctype issues with Heimdal and debian for afs/cell
Fri, 19 Jul 2013 14:29:36 +0200
2013-07-19 14:15 keltezéssel, Coy Hile írta:
>> Maybe you should remove the non des-cbc ones and couldn't hurt to have a
>> des-cbc-crc one as well before generating the KeyFile
> That certainly helped. Now I'm getting a different set of errors from aklog;
> chaos:/var/log # aklog -d
> Authenticating to cell coyhile.com (server chaos.coyhile.com).
> Trying to authenticate to user's realm COYHILE.COM.
> Getting tickets: afs/coyhile.com@COYHILE.COM
> Using Kerberos V5 ticket natively
> About to resolve name admin to id in cell coyhile.com.
> Id 1
> Set username to AFS ID 1
> Setting tokens. AFS ID 1 @ coyhile.com
> aklog: unknown cell was passed to SetToken while obtaining tokens for cell coyhile.com
> Yet the server seems to know its cell:
> chaos:/var/log # bos listhosts chaos -localauth
> Cell name is coyhile.com
> Host 1 is chaos.coyhile.com
> chaos:/var/log #
> Am I conflating error messages since I've configured neither the client (besides whatever configuration debconf did on install) nor the (da)fileserver yet?
The problem seems to be that the client (even if it on same box) needs
to know about the dbserver(s). You have two choices:
1. Add them to the /etc/openafs/CellServDB on each client,
2. set up two SRV records on dns:
for each db servers in your cell.
IMHO first method is faster to accomplish with a small number of
clients, second is more future proof as new client systems get added to