Re: [OpenAFS] Re: afs-newcell fail: Couldn't get CPS for AnyUser
On Sat, 2 May 2009 04:54:04 -0700 Xiong Jiang wrote: > Problem solved by using the key for afs/cell.n...@realm.name, instead > of a...@realm.name. I don't know why I cannot use the later. > > So the section about the Kerberos principal and key in the guide at > http://www.debian-administration.org/article/OpenAFS_installation_on_Debian > should be: > > sudo rm -f /tmp/afs.keytab > sudo kadmin.local > Authenticating as principal root/ad...@spinlock.hr with password. > > kadmin.local: addprinc -policy service -randkey -e des-cbc-crc:v4 > afs/spinlock.hr > Principal "afs/spinlock...@spinlock.hr" created. > > kadmin.local: ktadd -k /tmp/afs.keytab -e des-cbc-crc:v4 > afs/spinlock.hr Entry for principal afs with kvno 3, encryption type > DES cbc mode with CRC-32 added to keytab WRFILE:/tmp/afs.keytab. > > kadmin.local: quit This usually works, it may be non-working due to some quirk in your setup. I'll see if I'll update the guide, because I'm not sure that "masking" the possible misconfiguration that you have somewhere in this way is good or bad. If you find out the specific problem in your setup that prevented this from working with as-is instructions from d-a guide, let us know. Cya, -doc ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Re: afs-newcell fail: Couldn't get CPS for AnyUser
try aklog -d mytv.home -k MYTV.HOME if that works, you'll need to edit /etc/krb5.conf and make it reflect that your local realm is MYTV.HOME i suggest, btw, that you use afs/mytv.h...@mytv.home On Fri, May 1, 2009 at 2:41 PM, Xiong Jiang wrote: > Error when run aklog. > I don't know why it tries to get ticket for afs/m...@mytv.home, > afs/m...@mytv, a...@mytv, while I only have principal a...@mytv.home. > > Any idea? > > aklog -d > Authenticating to cell mytv (server mytv). > Trying to authenticate to user's realm MYTV.HOME. > Getting tickets: afs/m...@mytv.home > We've deduced that we need to authenticate using referrals. > Getting tickets: afs/mytv@ > We've deduced that we need to authenticate to realm MYTV. > Getting tickets: afs/m...@mytv > Getting tickets: a...@mytv > Kerberos error code returned by get_cred : -1765328377 > aklog: Couldn't get mytv AFS tickets: > aklog: unknown RPC error (-1765328377) while getting AFS tickets > > The principals I have are: > r...@mytv:/etc/openafs# kadmin.local > Authenticating as principal root/ad...@mytv.home with password. > kadmin.local: listprincs > K/m...@mytv.home > a...@mytv.home > jxi...@mytv.home > kadmin/ad...@mytv.home > kadmin/chang...@mytv.home > kadmin/hist...@mytv.home > krbtgt/mytv.h...@mytv.home > root/ad...@mytv.home > > > On Fri, May 1, 2009 at 11:33 AM, Xiong Jiang wrote: >> Finally, I get the cell created after managed to rewind/delete the >> server processes in bosserver. >> >> I think the reboot makes difference but still don't know what stale >> status it did clean up. >> >> Maybe I'll try a fresh start again some time later. >> >> Xiong >> >> On Fri, May 1, 2009 at 5:27 AM, Xiong Jiang wrote: >>> Hi there, >>> >>> I am installing OpenAFS on ubuntu karmic following the doc at: >>> http://www.debian-administration.org/article/OpenAFS_installation_on_Debian >>> >>> The OpenAFS version is 1.4.9.dfsg1-0+ubuntu3 >>> >>> I got error when running afs-newcell: >>> ... >>> bos setrestart mytv.home -time never -general -localauth >>> Waiting for database elections: done. >>> vos create mytv.home a root.afs -localauth >>> vos : partition a does not exist on the server >>> Failed: 65280 >>> >>> Cell setup failed, ABORTING >>> >>> and in /var/log/openafs/FileLog there is error: >>> Fri May 1 04:59:13 2009 File server starting >>> Fri May 1 04:59:13 2009 afs_krb_get_lrealm failed, using mytv.home. >>> Fri May 1 04:59:13 2009 Couldn't get CPS for AnyUser, will try again in 30 >>> seconds; code=267275. >>> >>> I verified that no partition is created by fileserver. How to >>> troubleshoot the error "Couldn't get CPS for AnyUser..." >>> >>> Any hint is appreciated. >>> >>> Xiong >>> >> > ___ > OpenAFS-info mailing list > OpenAFS-info@openafs.org > https://lists.openafs.org/mailman/listinfo/openafs-info > -- Derrick ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
[OpenAFS] Re: afs-newcell fail: Couldn't get CPS for AnyUser
Problem solved by using the key for afs/cell.n...@realm.name, instead of a...@realm.name. I don't know why I cannot use the later. So the section about the Kerberos principal and key in the guide at http://www.debian-administration.org/article/OpenAFS_installation_on_Debian should be: sudo rm -f /tmp/afs.keytab sudo kadmin.local Authenticating as principal root/ad...@spinlock.hr with password. kadmin.local: addprinc -policy service -randkey -e des-cbc-crc:v4 afs/spinlock.hr Principal "afs/spinlock...@spinlock.hr" created. kadmin.local: ktadd -k /tmp/afs.keytab -e des-cbc-crc:v4 afs/spinlock.hr Entry for principal afs with kvno 3, encryption type DES cbc mode with CRC-32 added to keytab WRFILE:/tmp/afs.keytab. kadmin.local: quit On Fri, May 1, 2009 at 11:41 AM, Xiong Jiang wrote: > Error when run aklog. > I don't know why it tries to get ticket for afs/m...@mytv.home, > afs/m...@mytv, a...@mytv, while I only have principal a...@mytv.home. > > Any idea? > > aklog -d > Authenticating to cell mytv (server mytv). > Trying to authenticate to user's realm MYTV.HOME. > Getting tickets: afs/m...@mytv.home > We've deduced that we need to authenticate using referrals. > Getting tickets: afs/mytv@ > We've deduced that we need to authenticate to realm MYTV. > Getting tickets: afs/m...@mytv > Getting tickets: a...@mytv > Kerberos error code returned by get_cred : -1765328377 > aklog: Couldn't get mytv AFS tickets: > aklog: unknown RPC error (-1765328377) while getting AFS tickets > > The principals I have are: > r...@mytv:/etc/openafs# kadmin.local > Authenticating as principal root/ad...@mytv.home with password. > kadmin.local: listprincs > K/m...@mytv.home > a...@mytv.home > jxi...@mytv.home > kadmin/ad...@mytv.home > kadmin/chang...@mytv.home > kadmin/hist...@mytv.home > krbtgt/mytv.h...@mytv.home > root/ad...@mytv.home > > > On Fri, May 1, 2009 at 11:33 AM, Xiong Jiang wrote: >> Finally, I get the cell created after managed to rewind/delete the >> server processes in bosserver. >> >> I think the reboot makes difference but still don't know what stale >> status it did clean up. >> >> Maybe I'll try a fresh start again some time later. >> >> Xiong >> >> On Fri, May 1, 2009 at 5:27 AM, Xiong Jiang wrote: >>> Hi there, >>> >>> I am installing OpenAFS on ubuntu karmic following the doc at: >>> http://www.debian-administration.org/article/OpenAFS_installation_on_Debian >>> >>> The OpenAFS version is 1.4.9.dfsg1-0+ubuntu3 >>> >>> I got error when running afs-newcell: >>> ... >>> bos setrestart mytv.home -time never -general -localauth >>> Waiting for database elections: done. >>> vos create mytv.home a root.afs -localauth >>> vos : partition a does not exist on the server >>> Failed: 65280 >>> >>> Cell setup failed, ABORTING >>> >>> and in /var/log/openafs/FileLog there is error: >>> Fri May 1 04:59:13 2009 File server starting >>> Fri May 1 04:59:13 2009 afs_krb_get_lrealm failed, using mytv.home. >>> Fri May 1 04:59:13 2009 Couldn't get CPS for AnyUser, will try again in 30 >>> seconds; code=267275. >>> >>> I verified that no partition is created by fileserver. How to >>> troubleshoot the error "Couldn't get CPS for AnyUser..." >>> >>> Any hint is appreciated. >>> >>> Xiong >>> >> > ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
[OpenAFS] Re: afs-newcell fail: Couldn't get CPS for AnyUser
Error when run aklog. I don't know why it tries to get ticket for afs/m...@mytv.home, afs/m...@mytv, a...@mytv, while I only have principal a...@mytv.home. Any idea? aklog -d Authenticating to cell mytv (server mytv). Trying to authenticate to user's realm MYTV.HOME. Getting tickets: afs/m...@mytv.home We've deduced that we need to authenticate using referrals. Getting tickets: afs/mytv@ We've deduced that we need to authenticate to realm MYTV. Getting tickets: afs/m...@mytv Getting tickets: a...@mytv Kerberos error code returned by get_cred : -1765328377 aklog: Couldn't get mytv AFS tickets: aklog: unknown RPC error (-1765328377) while getting AFS tickets The principals I have are: r...@mytv:/etc/openafs# kadmin.local Authenticating as principal root/ad...@mytv.home with password. kadmin.local: listprincs K/m...@mytv.home a...@mytv.home jxi...@mytv.home kadmin/ad...@mytv.home kadmin/chang...@mytv.home kadmin/hist...@mytv.home krbtgt/mytv.h...@mytv.home root/ad...@mytv.home On Fri, May 1, 2009 at 11:33 AM, Xiong Jiang wrote: > Finally, I get the cell created after managed to rewind/delete the > server processes in bosserver. > > I think the reboot makes difference but still don't know what stale > status it did clean up. > > Maybe I'll try a fresh start again some time later. > > Xiong > > On Fri, May 1, 2009 at 5:27 AM, Xiong Jiang wrote: >> Hi there, >> >> I am installing OpenAFS on ubuntu karmic following the doc at: >> http://www.debian-administration.org/article/OpenAFS_installation_on_Debian >> >> The OpenAFS version is 1.4.9.dfsg1-0+ubuntu3 >> >> I got error when running afs-newcell: >> ... >> bos setrestart mytv.home -time never -general -localauth >> Waiting for database elections: done. >> vos create mytv.home a root.afs -localauth >> vos : partition a does not exist on the server >> Failed: 65280 >> >> Cell setup failed, ABORTING >> >> and in /var/log/openafs/FileLog there is error: >> Fri May 1 04:59:13 2009 File server starting >> Fri May 1 04:59:13 2009 afs_krb_get_lrealm failed, using mytv.home. >> Fri May 1 04:59:13 2009 Couldn't get CPS for AnyUser, will try again in 30 >> seconds; code=267275. >> >> I verified that no partition is created by fileserver. How to >> troubleshoot the error "Couldn't get CPS for AnyUser..." >> >> Any hint is appreciated. >> >> Xiong >> > ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
[OpenAFS] Re: afs-newcell fail: Couldn't get CPS for AnyUser
Finally, I get the cell created after managed to rewind/delete the server processes in bosserver. I think the reboot makes difference but still don't know what stale status it did clean up. Maybe I'll try a fresh start again some time later. Xiong On Fri, May 1, 2009 at 5:27 AM, Xiong Jiang wrote: > Hi there, > > I am installing OpenAFS on ubuntu karmic following the doc at: > http://www.debian-administration.org/article/OpenAFS_installation_on_Debian > > The OpenAFS version is 1.4.9.dfsg1-0+ubuntu3 > > I got error when running afs-newcell: > ... > bos setrestart mytv.home -time never -general -localauth > Waiting for database elections: done. > vos create mytv.home a root.afs -localauth > vos : partition a does not exist on the server > Failed: 65280 > > Cell setup failed, ABORTING > > and in /var/log/openafs/FileLog there is error: > Fri May 1 04:59:13 2009 File server starting > Fri May 1 04:59:13 2009 afs_krb_get_lrealm failed, using mytv.home. > Fri May 1 04:59:13 2009 Couldn't get CPS for AnyUser, will try again in 30 > seconds; code=267275. > > I verified that no partition is created by fileserver. How to > troubleshoot the error "Couldn't get CPS for AnyUser..." > > Any hint is appreciated. > > Xiong > ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
