[OpenAFS] Help setting up openafs on debian bookworm
Cheyenne Wills
cwills@sinenomine.net
Wed, 29 May 2024 10:55:57 -0600
Ernesto,
Could you try adding -localauth to the command?
sudo bos listkeys -server asus.erjoalgo.com -localauth
The bos command is used to manage the openafs servers and requires that
the user that is issuing the bos command be authenticated to kerberos
unless the -localauth option is specified.
The messages you are seeing in dmesg are related to the openafs
cache manager kernel module which is part of the openafs client. The
bos command does not use the openafs client (cache manager/kernel
module) for communication to the servers.
--
Cheyenne Wills
cwills@sinenomine.net
On Tue, 28 May 2024 21:38:01 -0400
Ernesto Alfonso <erjoalgo@gmail.com> wrote:
> Hello,
>
> I'm having trouble setting up openafs on debian bookworm.
>
> I've imported kerberos keys into openafs via `akeyconvert -all`:
>
> sudo asetkey list
> rxkad_krb5 kvno 4 enctype 17; key is:
> ????????????????????????????????
> rxkad_krb5 kvno 4 enctype 18; key is:
> ????????????????????????????????????????????????????????????????
> All done.
>
>
> I'm now try to use the bos command line, but this fails:
>
> $ sudo bos listkeys -server asus.erjoalgo.com
> bos: unable to build security class (configuring connection
> security)
>
> I have tried building `bos` from source to better understand the
> context of the error message. I've only narrowed it down to:
>
> function afsconf_ClientAuthToken in auth/authcon.c
> code = ktc_GetTokenEx(info->name, &tokenSet);
>
> function ktc_GetTokenEx in auth/ktc.c:
> code = PIOCTL(0, VIOC_GETTOK2, &iob, 0);
>
> This returns a non-zero code, causing the command line to fail.
>
> What could be the reason that the PIOCTL command is failing? Is there
> any way to get more information?
>
> I've tried rebuilding the kernel module as suggested here
> <https://unix.stackexchange.com/questions/404247/openafs-suddenly-fails-a-pioctl-failed-while-obtaining-tokens>
> :
>
> sudo dpkg-reconfigure openafs-modules-dkms
>
> And restarting the openafs-client service, but this does not change
> anything.
>
> I only noticed some bening-looking warnings in dmesg:
>
> [ 20.377862] systemd-fstab-generator[637]: Checking was
> requested for "/var/cache/openafs.img", but it is not a device.
> [ 20.676946] systemd[1]:
> /lib/systemd/system/openafs-client.service:22: Unit uses
> KillMode=none. This is unsafe, as it disables systemd's process
> lifecycle management for the service. Please update the service to
> use a safer KillMode=, such as 'mixed' or 'control-group'. Support
> for KillMode=none is deprecated and will eventually be removed.
> [ 49.217272] openafs: loading out-of-tree module taints kernel.
> [ 49.217278] openafs: module license '
> http://www.openafs.org/dl/license10.html' taints kernel.
> [ 49.217987] openafs: module verification failed: signature
> and/or required key missing - tainting kernel
>
> I don't see anything interesting in the openafs-client service logs
> or in syslog:
>
> $ sudo journalctl -feu openafs-client
> May 28 09:03:43 asus systemd[1]: Starting openafs-client.service -
> OpenAFS client...
> May 28 09:03:50 asus afsd[1823]: afsd: All AFS daemons started.
> May 28 09:03:50 asus afsd[1787]: afsd: All AFS daemons started.
> May 28 09:03:50 asus systemd[1]: Started openafs-client.service -
> OpenAFS client.
> May 28 09:03:52 asus fs[1827]: Usage: /usr/bin/fs sysname
> [-newsys <new
> sysname>+] [-help]
> May 28 21:11:53 asus systemd[1]: Stopping openafs-client.service -
> OpenAFS client...
> May 28 21:11:54 asus systemd[1]: openafs-client.service:
> Deactivated successfully.
> May 28 21:11:54 asus systemd[1]: Stopped openafs-client.service -
> OpenAFS client.
> May 28 21:11:54 asus systemd[1]: openafs-client.service: Consumed
> 2.957s CPU time.
> May 28 21:11:54 asus systemd[1]: Starting openafs-client.service -
> OpenAFS client...
> May 28 21:11:56 asus afsd[275229]: afsd: All AFS daemons started.
> May 28 21:11:56 asus afsd[275250]: afsd: All AFS daemons started.
> May 28 21:11:56 asus fs[275253]: Usage: /usr/bin/fs sysname
> [-newsys <new sysname>+] [-help]
> May 28 21:11:56 asus systemd[1]: Started openafs-client.service -
> OpenAFS client.
>
> How can I further debug this bos error?
>
> openafs 1.8.9-1-debian
>
> $ sudo lsmod | grep openafs
> openafs 2863104 2
> $
>
> Ernesto