[OpenAFS] New installation, linux server, AD kerberos

Benjamin Kaduk kaduk@mit.edu
Fri, 23 Jun 2017 16:24:56 -0500


On Fri, Jun 23, 2017 at 04:06:41PM -0400, Jeffrey Altman wrote:
> On 6/23/2017 12:33 PM, John D'Ausilio wrote:
> > So .. I downloaded and installed the 1.8 debs, and everything seems to be good. The packages end up starting bosserver ..
> > I keep getting stuck at doing anything with bos .. most commands result in the error "bos: could not find entry (configuring connection security)"
> > Tried setcellname .. maybe this is already done at client install? Weird that the client is a dependency of the fileserver ..
> > 
> > root@njdev216083:/home/sysdev# bos setcellname njdev216083 corp.1010data.com -localauth
> > bos: could not find entry (configuring connection security)
> 
> My guess is that you need to add the cell wide key via asetkey before
> you can start the service.  Key management is an area that has changed
> from OpenAFS 1.6 and OpenAFS 1.8 went in a different direction than
> AuriStorFS so I'm not entirely sure.

Yes, it looks very much like the needed key can't be found, from
first glance.  (I haven't had time to double-check against the code
yet, though.)

The 'akeyconvert' utiltiy should help with converting a krb5 keytab
(named rxkad.keytab) into the proper KeyFileExt entries.

-Ben