* Steve Devine [2008-05-02 10:50:01 -0400]: > Gary Bowling wrote: > > [realms] > > GBCO.US = { > > #master_key_type = des3-hmac-sha1 > > master_key_type = des-cbc-crc
(Aside: why downgrade to single-DES here?) > >- Edited /etc/sysconfig/openafs and added the BOSSERVER_ARGS=-noauth > >line and started openafs-server - Success! > > > >- Ran bos setcellname localhost gbco.us -noauth - Success and bos > >listhosts localhost -noauth returns the cell name gbco.us and hostname > >homepc.gbco.us which are both correct. > > > >- Ran bos create -server homepc.gbco.us -instance ptserver -type > >simple -cmd /usr/afs/bin/ptserver -cell gbco.us -noauth - Success! > > > >- Ran kadmin.local -q "addprinc admin" - Success! > > > >- Ran bos adduser homepc.gbco.us admin -cell gbco.us -noauth - Success I think that one should answer Steve Devine's question. > > > >- Ran bos listkeys homepc.gbco.us -cell gbco.us -noauth - All looks > >good as follows. > > key 3 has cksum 2318139578 > > Keys last changed on Fri May 2 07:21:18 2008. > > All done. > > > >- Ran pts createuser -name admin -cell gbco.us -noauth - Success! > > > >- Ran pts adduser admin system:administrators -cell gbco.us -noauth - > >success Unless I'm mistaken you could restart bos without -noauth already at this point. Doing so would expose authentication issues early, separating them from the question of whether /afs is writeable to an administrator (if you started your client with -dynroot it won't be). > >- Ran pts membership admin -cell gbco.us -noauth - Looks good with the > >following results. > > Groups admin (id: 1) is a member of: > > system:administrators > > > >- Ran bos create -server homepc.gbco.us -instance fs -type fs -cmd > >/usr/afs/bin/fileserver -cmd /usr/afs/bin/volserver -cmd > >/usr/afs/bin/salvager -cell gbco.us -noauth - Success! > > > >- Ran bos create -server homepc.gbco.us -instance vlserver -type > >simple -cmd /usr/afs/bin/vlserver -cell gbco.us -noauth - Success! > > > >-Ran bos create -server homepc.gbco.us -instance buserver -type simple > >-cmd /usr/afs/bin/buserver -cell gbco.us -noauth - Success! > > > >- Created /vicepa mount point and mounted - looks good. > > > >- Ran vos create -server homepc.gbco.us -partition /vicepa -name > >root.afs -cell gbco.us -noauth - Success! > > > >- Ran bos status homepc.gbco.us fs -long -noauth - Looks good with the > >following results.. > > Instance fs, (type is fs) currently running normally. > > Auxiliary status is: file server running. > > Process last started at Fri May 2 09:25:37 2008 (2 proc starts) > > Command 1 is '/usr/afs/bin/fileserver' > > Command 2 is '/usr/afs/bin/volserver' > > Command 3 is '/usr/afs/bin/salvager' > > > >- Edited /etc/sysconfig/openafs and removed the "-noauth" - restarted > >openafs-server in normal mode requiring authentication. > > > >- Started client > > > >- Ran kinit admin - put in pass - Success! > > > >- Ran klist - with the following results: > > Ticket cache: FILE:/tmp/krb5cc_0 > > Default principal: [EMAIL PROTECTED] > > > > Valid starting Expires Service principal > > 05/02/08 09:34:21 05/03/08 09:34:21 krbtgt/[EMAIL PROTECTED] > > > > Kerberos 4 ticket cache: /tmp/tkt0 > > klist: You have no tickets cached > > > >- Ran aklog - Success! > > > >- Ran tokens with the following results > > Tokens held by the Cache Manager: > > > > User's (AFS ID 1) tokens for [EMAIL PROTECTED] [Expires May 3 09:34] > > --End of list-- > > > >- Ran klist again and get > > Ticket cache: FILE:/tmp/krb5cc_0 > > Default principal: [EMAIL PROTECTED] > > > > Valid starting Expires Service principal > > 05/02/08 09:34:21 05/03/08 09:34:21 krbtgt/[EMAIL PROTECTED] > > 05/02/08 09:35:38 05/03/08 09:34:21 [EMAIL PROTECTED] > > > > Kerberos 4 ticket cache: /tmp/tkt0 > > klist: You have no tickets cached > > > >- Ran fs checkvolumes - with the following results. > > All volumeID/name mappings checked. > > > >- Ran fs setacl /afs system:anyuser rl - Received the following error... > >fs: You don't have the required access rights on '/afs' Are you using -dynroot on the client by any chance? > >I've done a number of subsequent things in kadmin and other places, > >but am at a loss as to how to resolve. Any help would be appreciated. With -dynroot the way to manipulate root.afs is to first create and set up root.cell (which will automatically appear at /afs/.gbco.us, at least if your client-side CellServDB is properly set up), then mount root.afs somewhere under it, set it up and unmount it. Alternatively, you could run your client without -dynroot while you set up root.afs. _______________________________________________ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info