[OpenAFS] Trouble creating AFS KeyFile on FreeBSD 10.0

Eric Shell eshell@soe.ucsc.edu
Mon, 22 Sep 2014 11:46:57 -0700 

--089e011615021c08e60503abe053
Content-Type: text/plain; charset=UTF-8

Thanks, Ben.  Copying a regular krb5 keytab to
/usr/local/etc/openafs/server/rxkad.keytab worked and I was able to proceed
until trying to create a user.  I tried running

pts createuser -name test -id 1000 -localauth


 but it returns


> pts: server or network not responding; unable to create user test with id
> 1000


Nothing gets written to the log files in /var/openafs/log though.  How can
I find out what's causing the error?  I tried to learn what was going on
with truss and found that it was complaining that no
/usr/local/etc/openafs/server/KeyFile and
/usr/local/etc/openafs/server/UserList files existed, so I touched them,
but that didn't make a difference.  I shouldn't need the KeyFile at all if
/usr/local/etc/openafs/server/rxkad.keytab is present, correct?

buserver, vlserver, and ptserver seem to be running normally according to
bos status:

root@bsd-afs-server:~ # bos status bsd-afs-server -long
>
> bos: running unauthenticated
>
> Instance buserver, (type is simple) currently running normally.
>
>     Process last started at Mon Sep 22 11:17:47 2014 (1 proc starts)
>
>     Command 1 is '/usr/local/libexec/openafs/buserver'
>
>
> Instance vlserver, (type is simple) currently running normally.
>
>     Process last started at Mon Sep 22 11:17:47 2014 (1 proc starts)
>
>     Command 1 is '/usr/local/libexec/openafs/vlserver'
>
>
> Instance ptserver, (type is simple) currently running normally.
>
>     Process last started at Mon Sep 22 11:17:47 2014 (1 proc starts)
>
>     Command 1 is '/usr/local/libexec/openafs/ptserver'
>
In case it is relevant, when I run the pts createuser command with -noauth
it immediately returns a "Permission denied" error.

-- 
Eric Shell

--089e011615021c08e60503abe053
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">Thanks, Ben.=C2=A0 Copying a regular krb5 keytab to=C2=A0<=
span style=3D"font-family:arial,sans-serif;font-size:13px">/usr/local/etc/o=
penafs/server/</span><span style=3D"font-family:arial,sans-serif;font-size:=
13px">rxkad.keytab worked and I was able to proceed until trying to create =
a user.=C2=A0 I tried running=C2=A0</span><div><font face=3D"arial, sans-se=
rif"><br></font><div><blockquote class=3D"gmail_quote" style=3D"margin:0px =
0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);bord=
er-left-style:solid;padding-left:1ex"><font face=3D"arial, sans-serif">pts =
createuser -name test -id 1000 -localauth</font></blockquote><div>=C2=A0</d=
iv><div>=C2=A0b<span style=3D"font-family:arial,sans-serif">ut it returns</=
span></div><div><div>=C2=A0</div><blockquote class=3D"gmail_quote" style=3D=
"margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,2=
04,204);border-left-style:solid;padding-left:1ex"><font face=3D"arial, sans=
-serif">pts: server or network not responding; unable to create user test w=
ith id 1000</font></blockquote><div><br></div><div>Nothing gets written to =
the log files in /var/openafs/log though.=C2=A0 How can I find out what&#39=
;s causing the error?=C2=A0 I tried to learn what was going on with truss a=
nd found that it was complaining that no /usr/local/etc/openafs/server/KeyF=
ile and /usr/local/etc/openafs/server/UserList files existed, so I touched =
them, but that didn&#39;t make a difference.=C2=A0 I shouldn&#39;t need the=
 KeyFile at all if=C2=A0<span style=3D"font-size:13px;font-family:arial,san=
s-serif">/usr/local/etc/openafs/</span><span style=3D"font-size:13px;font-f=
amily:arial,sans-serif">server/</span>rxkad.keytab is present, correct?</di=
v><div><br></div><div>buserver, vlserver, and ptserver seem to be running n=
ormally according to bos status:</div><div><br></div><blockquote class=3D"g=
mail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left-width:1px;border-=
left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">







<p class=3D"">root@bsd-afs-server:~ # bos status bsd-afs-server -long</p>
<p class=3D"">bos: running unauthenticated</p>
<p class=3D"">Instance buserver, (type is simple) currently running normall=
y.</p>
<p class=3D"">=C2=A0 =C2=A0 Process last started at Mon Sep 22 11:17:47 201=
4 (1 proc starts)</p>
<p class=3D"">=C2=A0 =C2=A0 Command 1 is &#39;/usr/local/libexec/openafs/bu=
server&#39;</p>
<p class=3D""><br></p>
<p class=3D"">Instance vlserver, (type is simple) currently running normall=
y.</p>
<p class=3D"">=C2=A0 =C2=A0 Process last started at Mon Sep 22 11:17:47 201=
4 (1 proc starts)</p>
<p class=3D"">=C2=A0 =C2=A0 Command 1 is &#39;/usr/local/libexec/openafs/vl=
server&#39;</p>
<p class=3D""><br></p>
<p class=3D"">Instance ptserver, (type is simple) currently running normall=
y.</p>
<p class=3D"">=C2=A0 =C2=A0 Process last started at Mon Sep 22 11:17:47 201=
4 (1 proc starts)</p>
<p class=3D"">=C2=A0 =C2=A0 Command 1 is &#39;/usr/local/libexec/openafs/pt=
server&#39;</p></blockquote><div class=3D"gmail_extra"><div>In case it is r=
elevant, when I run the pts createuser command with -noauth it immediately =
returns a &quot;Permission denied&quot; error.</div><div><br></div>-- <br><=
div dir=3D"ltr"><span></span>Eric Shell<br><br></div>
</div></div></div></div></div>

--089e011615021c08e60503abe053--