[OpenAFS] Re: Trouble creating AFS KeyFile on FreeBSD 10.0

Eric Shell eshell@soe.ucsc.edu
Tue, 30 Sep 2014 08:34:04 -0700


--001a11c34d940a09c005044a1dd7
Content-Type: text/plain; charset=UTF-8

>
> That seems a little odd; is it only ptserver that fails? Try these, to
> check each individual server:
>
> bosserver: bos status <server> -localauth
> vlserver: vos listaddrs -noresolv -localauth
> ptserver: pts listmax -localauth
> buserver: backup listhosts -localauth
>
>
It looks like all three servers are unhappy, despite what bos status thinks:

# bos status localhost -localauth
Instance buserver, currently running normally.
Instance vlserver, currently running normally.
Instance ptserver, currently running normally.

# vos listaddrs -noresolve -localauth
vos: could not list the server addresses
Possible communication failure

# pts listmax -localauth
pts: server or network not responding getting maximum user id

# backup listhosts -localauth
backup: server or network not responding ; Can't access backup database
backup: server or network not responding ; Can't initialize backup



> I guess you don't have any fileservers up yet, but if you did, you could
> check volserver via:
>
> volserver: vos listpart <server> -localauth
>
> If doing that still shows only ptserver as failing, maybe try getting a
> packet trace while trying to run the 'pts' command, and sharing that
> privately. For pts, just capture udp port 7002. (If you want to capture
> traffic for others, you can just get all udp traffic to be sure.)
>
> > > Can you show the contents of rxkad.keytab? Not the keys, obviously;
> > > just what the principals and enctypes are.
> >
> > Sure thing:
> >
> > Vno  Type                     Principal                      Aliases
> >    2  aes256-cts-hmac-sha1-96  afs/soe.ucsc.edu@SOE.UCSC.EDU
> >    2  des3-cbc-sha1            afs/soe.ucsc.edu@SOE.UCSC.EDU
> >    2  arcfour-hmac-md5         afs/soe.ucsc.edu@SOE.UCSC.EDU
>
> That's fine.
>
> --
> Andrew Deason
> adeason@sinenomine.net
>
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
>



-- 
Eric Shell

--001a11c34d940a09c005044a1dd7
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div class=3D"gmail_extra"><div class=3D"gmail_quote"><blo=
ckquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left=
-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;paddi=
ng-left:1ex">That seems a little odd; is it only ptserver that fails? Try t=
hese, to<br>
check each individual server:<br>
<br>
bosserver: bos status &lt;server&gt; -localauth<br>
vlserver: vos listaddrs -noresolv -localauth<br>
ptserver: pts listmax -localauth<br>
buserver: backup listhosts -localauth<br>
<br></blockquote><div><br></div><div>It looks like all three servers are un=
happy, despite what bos status thinks:</div><div><br></div><div><div># bos =
status localhost -localauth</div><div>Instance buserver, currently running =
normally.</div><div>Instance vlserver, currently running normally.</div><di=
v>Instance ptserver, currently running normally.</div></div><div><br></div>=
<div><div># vos listaddrs -noresolve -localauth</div><div>vos: could not li=
st the server addresses</div><div>Possible communication failure</div></div=
><div><br></div><div><div># pts listmax -localauth</div><div>pts: server or=
 network not responding getting maximum user id</div></div><div><br></div><=
div># backup listhosts -localauth<br>backup: server or network not respondi=
ng ; Can&#39;t access backup database<br>backup: server or network not resp=
onding ; Can&#39;t initialize backup<br></div><div><br></div><div>=C2=A0<br=
></div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;=
border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:=
solid;padding-left:1ex">
I guess you don&#39;t have any fileservers up yet, but if you did, you coul=
d<br>
check volserver via:<br>
<br>
volserver: vos listpart &lt;server&gt; -localauth<br>
<br>
If doing that still shows only ptserver as failing, maybe try getting a<br>
packet trace while trying to run the &#39;pts&#39; command, and sharing tha=
t<br>
privately. For pts, just capture udp port 7002. (If you want to capture<br>
traffic for others, you can just get all udp traffic to be sure.)<br>
<span class=3D""><br>
&gt; &gt; Can you show the contents of rxkad.keytab? Not the keys, obviousl=
y;<br>
&gt; &gt; just what the principals and enctypes are.<br>
&gt;<br>
&gt; Sure thing:<br>
&gt;<br>
&gt; Vno=C2=A0 Type=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0Principal=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Aliases<br>
&gt;=C2=A0 =C2=A0 2=C2=A0 aes256-cts-hmac-sha1-96=C2=A0 afs/<a href=3D"mail=
to:soe.ucsc.edu@SOE.UCSC.EDU">soe.ucsc.edu@SOE.UCSC.EDU</a><br>
&gt;=C2=A0 =C2=A0 2=C2=A0 des3-cbc-sha1=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 afs/<a href=3D"mailto:soe.ucsc.edu@SOE.UCSC.EDU">soe.ucsc.edu@SOE.UC=
SC.EDU</a><br>
&gt;=C2=A0 =C2=A0 2=C2=A0 arcfour-hmac-md5=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0afs/<a href=3D"mailto:soe.ucsc.edu@SOE.UCSC.EDU">soe.ucsc.edu@SOE.UCSC.E=
DU</a><br>
<br>
</span>That&#39;s fine.<br>
<div class=3D""><div class=3D"h5"><br>
--<br>
Andrew Deason<br>
<a href=3D"mailto:adeason@sinenomine.net">adeason@sinenomine.net</a><br>
<br>
_______________________________________________<br>
OpenAFS-info mailing list<br>
<a href=3D"mailto:OpenAFS-info@openafs.org">OpenAFS-info@openafs.org</a><br=
>
<a href=3D"https://lists.openafs.org/mailman/listinfo/openafs-info" target=
=3D"_blank">https://lists.openafs.org/mailman/listinfo/openafs-info</a><br>
</div></div></blockquote></div><br><br clear=3D"all"><div><br></div>-- <br>=
<div dir=3D"ltr"><span></span>Eric Shell<br></div>
</div></div>

--001a11c34d940a09c005044a1dd7--