[OpenAFS] Re: Trouble creating AFS KeyFile on FreeBSD 10.0

Andrew Deason adeason@sinenomine.net
Fri, 26 Sep 2014 10:03:40 -0500

On Wed, 24 Sep 2014 08:22:12 -0700
Eric Shell <eshell@soe.ucsc.edu> wrote:

> > Can you run any command successfully with -localauth? A good simple
> > test is 'bos status' like you showed; just run it with -localauth.
> Yes, this works.  It immediately says that buserver, vlserver, and
> ptserver are running normally.

That seems a little odd; is it only ptserver that fails? Try these, to
check each individual server:

bosserver: bos status <server> -localauth
vlserver: vos listaddrs -noresolv -localauth
ptserver: pts listmax -localauth
buserver: backup listhosts -localauth

I guess you don't have any fileservers up yet, but if you did, you could
check volserver via:

volserver: vos listpart <server> -localauth

If doing that still shows only ptserver as failing, maybe try getting a
packet trace while trying to run the 'pts' command, and sharing that
privately. For pts, just capture udp port 7002. (If you want to capture
traffic for others, you can just get all udp traffic to be sure.)

> > Can you show the contents of rxkad.keytab? Not the keys, obviously;
> > just what the principals and enctypes are.
> Sure thing:
> Vno  Type                     Principal                      Aliases
>    2  aes256-cts-hmac-sha1-96  afs/soe.ucsc.edu@SOE.UCSC.EDU
>    2  des3-cbc-sha1            afs/soe.ucsc.edu@SOE.UCSC.EDU
>    2  arcfour-hmac-md5         afs/soe.ucsc.edu@SOE.UCSC.EDU

That's fine.

Andrew Deason