[OpenAFS] Re: Trouble creating AFS KeyFile on FreeBSD 10.0

[Andrew Deason]

On Mon, 22 Sep 2014 11:46:57 -0700
Eric Shell <eshell@soe.ucsc.edu> wrote:

> Thanks, Ben.  Copying a regular krb5 keytab to
> /usr/local/etc/openafs/server/rxkad.keytab worked and I was able to proceed
> until trying to create a user.  I tried running
> 
> pts createuser -name test -id 1000 -localauth
> 
>  but it returns
> 
> > pts: server or network not responding; unable to create user test with id
> > 1000

Does it hang for a little while before returning this error?

> I find out what's causing the error?  I tried to learn what was going on
> with truss and found that it was complaining that no
> /usr/local/etc/openafs/server/KeyFile and
> /usr/local/etc/openafs/server/UserList files existed, so I touched them,
> but that didn't make a difference.  I shouldn't need the KeyFile at
> all if /usr/local/etc/openafs/server/rxkad.keytab is present, correct?

Don't create those files; we just probe to see if they exist, but
indeed, you don't need them.

> In case it is relevant, when I run the pts createuser command with
> -noauth it immediately returns a "Permission denied" error.

That's helpful to know, since it shows we don't actually have a problem
with simply contacting the server. Questions and things to try:

Can you run any command successfully with -localauth? A good simple test
is 'bos status' like you showed; just run it with -localauth.

Did you restart the servers after putting rxkad.keytab in place? (This
isn't always necessary, but at least in situations like this I think
it's simpler to do so.)

Can you show the contents of rxkad.keytab? Not the keys, obviously; just
what the principals and enctypes are.

-- 
Andrew Deason
adeason@sinenomine.net