[OpenAFS] Re: Trouble creating AFS KeyFile on FreeBSD 10.0
Andrew Deason
adeason@sinenomine.net
Tue, 23 Sep 2014 10:52:19 -0500
On Mon, 22 Sep 2014 11:46:57 -0700
Eric Shell <eshell@soe.ucsc.edu> wrote:
> Thanks, Ben. Copying a regular krb5 keytab to
> /usr/local/etc/openafs/server/rxkad.keytab worked and I was able to proceed
> until trying to create a user. I tried running
>
> pts createuser -name test -id 1000 -localauth
>
> but it returns
>
> > pts: server or network not responding; unable to create user test with id
> > 1000
Does it hang for a little while before returning this error?
> I find out what's causing the error? I tried to learn what was going on
> with truss and found that it was complaining that no
> /usr/local/etc/openafs/server/KeyFile and
> /usr/local/etc/openafs/server/UserList files existed, so I touched them,
> but that didn't make a difference. I shouldn't need the KeyFile at
> all if /usr/local/etc/openafs/server/rxkad.keytab is present, correct?
Don't create those files; we just probe to see if they exist, but
indeed, you don't need them.
> In case it is relevant, when I run the pts createuser command with
> -noauth it immediately returns a "Permission denied" error.
That's helpful to know, since it shows we don't actually have a problem
with simply contacting the server. Questions and things to try:
Can you run any command successfully with -localauth? A good simple test
is 'bos status' like you showed; just run it with -localauth.
Did you restart the servers after putting rxkad.keytab in place? (This
isn't always necessary, but at least in situations like this I think
it's simpler to do so.)
Can you show the contents of rxkad.keytab? Not the keys, obviously; just
what the principals and enctypes are.
--
Andrew Deason
adeason@sinenomine.net