I am trying to build a new openafs file server. I have been following the
instructions in the Quick Start Guide and some other guides on the internet.
I have gotten to the point of trying to create the root.afs via the following
command:
vos create userv.slug.home /vicepa root.afs -cell
Hello, first of all I want to thank everyone on the list for their time
in reading this message.
I am looking for a high availability and backup solution for the files
stored on a server of the company where I work.
At the moment we have all files on a single production server which is
operated
Hello!
I've been trying to get OpenAFS 1.4.2 to work with Microsoft Active Directory
(AD) 2003 as KDC for some week now, and I starting to believe I should have
went on that early vaccation after all. I just can't get it to work. It ends at:
19270407 = security object was passed a bad ticket
Have you set the authentication realm the AFS server's krb.conf file
to LAB.SCANIA.COM ?
Jeffrey Altman
P.S. In your krb5.conf file, don't do this:
default_tkt_enctypes = des-cbc-crc des-cbc-md5
default_tgs_enctypes = des-cbc-crc des-cbc-md5
smime.p7s
Description: S/MIME Cryptographic
On Wed, 3 Jan 2007, Jacobo Garc�a wrote:
First of all I want to implement an instant replication solution in
another machine.
AFS does not provide instant replication service.
Next step would be that if server A falls server B could take his place
and that should be transparent to the rails
Am Mittwoch, 3. Januar 2007 14:29 schrieb ext Jeffrey Altman:
P.S. In your krb5.conf file, don't do this:
default_tkt_enctypes = des-cbc-crc des-cbc-md5
default_tgs_enctypes = des-cbc-crc des-cbc-md5
Is this a general recommendation or only for Erik? Can you give some
background info?
On Wed, 3 Jan 2007, Chris Huebsch wrote:
AFS does not provide hot-standby or failover.
Perhaps I should clearify that a little bit.
In some special cases, AFS can do that too. But it requires that those
Data is strictly read-only.
This read-only data has to be created from read-write data
Dirk Heinrichs wrote:
Am Mittwoch, 3. Januar 2007 14:29 schrieb ext Jeffrey Altman:
P.S. In your krb5.conf file, don't do this:
default_tkt_enctypes = des-cbc-crc des-cbc-md5
default_tgs_enctypes = des-cbc-crc des-cbc-md5
Is this a general recommendation or only for Erik? Can you
I believe I have... My file looks like this. Can I be sure this is OK? In my
missery I can't trust anything at the moment.
[EMAIL PROTECTED] ~]# cat /usr/afs/etc/krb.conf
LAB.SCANIA.COM
LAB.SCANIA.COM sesocolab11.scania.com
I have also looked in AD to se the Service principal binding (Is this
Lönroth Erik wrote:
I believe I have... My file looks like this. Can I be sure this is OK?
In my missery I can't trust anything at the moment.
[EMAIL PROTECTED] ~]# cat /usr/afs/etc/krb.conf
LAB.SCANIA.COM
LAB.SCANIA.COM sesocolab11.scania.com
This is fine. Although the second line is not
OK, I believe have resolved the problem now after 5 whole days of trial and
error.
It turns out that using the KTPASS native from Active Directory generates
keys that is not liked by AFS.
I instead used ktutil.exe (for windows) to generate my key that I then imported
as usual into AFS.
On
Sorry...I have been offline for a while.
Here it is the section of the config.log regarding rlim:
configure:11102: checking for rlim in struct task_struct
configure:11133: make -C $LINUX_KERNEL_PATH M=`pwd`/conftest.dir modules
/dev/null
Chris Huebsch wrote:
On Wed, 3 Jan 2007, Chris Huebsch wrote:
AFS does not provide hot-standby or failover.
Perhaps I should clearify that a little bit.
In some special cases, AFS can do that too. But it requires that those
Data is strictly read-only.
This read-only data has to be created
Correction on that:
The ktutil was run on the linux host! (not windows)
But still... the ktpass.exe gives me bogus keyfiles.
/Erik
-Original Message-
From: [EMAIL PROTECTED] on behalf of Lönroth Erik
Sent: Wed 1/3/2007 4:34 PM
To: Jeffrey Altman
Cc: openafs-info@openafs.org
Subject:
On Wed, 3 Jan 2007, Lönroth Erik wrote:
I swapped back again to the key generated by ktutil.exe - and it works again.
It seems that using the KTPASS.EXE generates bogus keys for me!
I have not read this anywhere and I have read pretty much everyting, did I miss
something critical here or is
Compare the keytab files produced with ktutil and ktpass for the same
key. How are they different?
Jeffrey Altman
Lönroth Erik wrote:
OK, I believe have resolved the problem now after 5 whole days of trial
and error.
It turns out that using the KTPASS native from Active Directory
Derrick J Brashear wrote:
When I was preparing my slides I had this error, and then I took a
package from Jeff Altman with ktpass; then ktpass worked, but I assumed
I had changed something else.
Right. What version of ktpass are you using? There was a bug in one
version. The one that came
Jeffrey Altman [EMAIL PROTECTED] wrote:
If you are in a position to get a new entry added to the Linux
sys/statfs.h header file, please do so. I would suggest a value of
AFS_SUPER_MAGIC 0x5346414F
To be honest, I really don't think there would be any harm in just
using this value. OAFS
CC and CPPFLAGS being ignored (I am using GNU make of course)
when building aklog. Also, isn't this supposed to build by
default, what with kaserver's deprecation and all... ?
Any ideas?
LDFLAGS=-L/export/k5/lib -R/export/k5/lib
CPPFLAGS=-I/export/k5/include
export LDFLAGS CPPFLAGS
CC=gcc;
Configure OpenAFS with --with-krb5 then aklog will build.
Jeff Blaine wrote:
CC and CPPFLAGS being ignored (I am using GNU make of course)
when building aklog. Also, isn't this supposed to build by
default, what with kaserver's deprecation and all... ?
Any ideas?
Jeff Blaine wrote:
CC and CPPFLAGS being ignored (I am using GNU make of course)
when building aklog. Also, isn't this supposed to build by
default, what with kaserver's deprecation and all... ?
You want KRB5CFLAGS and KRB5LIBS. These are options to configure, not to
make. If this isn't
Indeed - error on my part.
I mistakenly assumed that the option for pointing to
krb5-config would be --with-krb5-config=PATH
It's --with-krb5-conf :|
Jeffrey Altman wrote:
Configure OpenAFS with --with-krb5 then aklog will build.
Jeff Blaine wrote:
CC and CPPFLAGS being ignored (I am using
Jim Rees wrote:
Jeff Blaine wrote:
CC and CPPFLAGS being ignored (I am using GNU make of course)
when building aklog. Also, isn't this supposed to build by
default, what with kaserver's deprecation and all... ?
You want KRB5CFLAGS and KRB5LIBS. These are options to configure, not to
Jeff Blaine wrote:
If I'm not misunderstanding the current configure output, these
are set by configure these days (when one runs configure properly).
That's only if you have krb5-config. I thought you didn't, because a) you
have Solaris and I thought Solaris didn't come with anything, and
CC and CPPFLAGS being ignored (I am using GNU make of course)
when building aklog. Also, isn't this supposed to build by
default, what with kaserver's deprecation and all... ?
You want KRB5CFLAGS and KRB5LIBS. These are options to configure, not to
make. If this isn't documented
Jim Rees wrote:
To build aklog you need configure --with-krb5. This is not currently the
default but I'm sure it will be soon. Note that if you are using heimdal
you don't need aklog, use heimdal's afslog instead. Again, if this isn't
documented, it should be.
aklog builds with Heimdal.
Jeffrey Altman wrote:
Compare the keytab files produced with ktutil and ktpass for the same
key. How are they different?
Does the test AD domain have more then one DC? If so is this a
replication timing problem? It may take minutes for all the DCs
to get in sync.
It could be a salt
On Wed, 3 Jan 2007, Jeff Blaine wrote:
CC and CPPFLAGS being ignored (I am using GNU make of course)
when building aklog. Also, isn't this supposed to build by
default, what with kaserver's deprecation and all... ?
CC will be ignored. Because we build kernel stuff, we go out of our way to
On Jan 3, 2007, at 16:30 , Jeffrey Altman wrote:
Jim Rees wrote:
To build aklog you need configure --with-krb5. This is not
currently the
default but I'm sure it will be soon. Note that if you are using
heimdal
you don't need aklog, use heimdal's afslog instead. Again, if
this isn't
Here's what you need to do to *start to begin* to even think
about migrating from kaserver to an MIT KDC under Solaris 9:
These exact steps are determined to be REQUIRED after countless
hours of screwing around with this and having errata explained
to me via email from folks. Hopefully it will
[EMAIL PROTECTED] replied:
Jim Rees wrote:
To build aklog you need configure --with-krb5. This is not currently the
default but I'm sure it will be soon. Note that if you are using heimdal
you don't need aklog, use heimdal's afslog instead. Again, if this isn't
documented, it should
Chris Huebsch wrote:
On Thu, 7 Dec 2006, Stefan Heimers wrote:
But if I don't do a graceful shutdown, but rather turn off the power on
one machine, the afs server won't work on the other. Filesystems are
mounted, processes are started, but the clients cannot access afs
directories.
Are
32 matches
Mail list logo
