/etc/openafs/server should be 755. (I don't know why it was 700.) The only file in there that shouldn't be world readable is KeyFile. You likely want to add your admin pts user to the UserList on deleuze. I have done this for myself by (as root) bos adduser deleuze -user cclausen.admin -local; bos listusers deleuze -local to verify that it worked. You need to be in the UserList and in system:administrators to perform certain commands.
The openafs 1.4.2 release has some downsides. One being that pts rename is broken and segfaults, so you can't currently run that from deleuze. (It seems to be broken in 1.5.12 as well.) B/c of this, I've attempted to install openafs 1.4.3rc1 onto mire. It seems to be working, but note that this is not a production release, so there might be errors. PTS rename works at least. Copies of both versions of afs are in deleuze:/usr/src/oafs* [EMAIL PROTECTED]:~]% rxdebug mire 7001 -version Trying 69.90.123.68 (port 7001): AFS version: OpenAFS 1.4.3rc1 built 2007-01-28 [EMAIL PROTECTED]:~]% rxdebug deleuze 7001 -version Trying 69.90.123.67 (port 7001): AFS version: OpenAFS 1.4.2 built 2007-01-28 I've gone ahead and renamed all user_admin PTS entries to user.admin. That way you can use your /admin Kerberos creds to get AFS tokens as these users. This will allow you to actually do stuff in AFS. Please do not install openafs from source. Debian uses the "openafs.ko" name for the kernel module and installing manually gets you "libafs.ko" as well as no seperate package for the kernel module. There are additional patches that ensure compliance with Debian policy in the Debian packages that Russ maintains and I'd strongly suggest sticking with them. As I just did, its not that hard to manually re-package an openafs.org release into a debian package so that things function properly. I installed a version of debhelper from backports.org on mire to get the openafs-module to build correctly. Apparently there is some version 5 stuff in the openafs packages now. (I also copied some of the apt souces.list from deleuze to mire b/c it seemed stupid to go to kernel.org if there is a local Debian mirror.) Ideally, there should be a dedicated ext2/3 /var/cache/openafs partitions for the openafs cache. I don't want to mess with filesystem layout, so I'm not going to change this, but if someone is so inclined, please talk to me about an afs cache parition. On deleuze, since it is the server and the data is already local, I've configured things to use an in-memory 64MB cache. Going much larger than that causes kernel panics, so I'd recomend leaving it at that size. If there are performance issues let me know and I'll try to tweak some stuff. I set the AFS cache on mire to 1GB. Note that if /var gets other random stuff in it, afsd might kernel panic if it runs out of disk space, which is why a dedicated cache partition is recomended. I'm not sure how large this cache needs to be, but it should be large enough to cache all frequently read items in it as well as a little extra for various users doing stuff. I added my illigal.uiuc.edu cell to the client CellServDB on both mire and deleuze so that I can get to there. I also added a mount point in root.afs. If anyone has a problem with this let me know and I'll remove it. If there are no objections, I'd like to submit an entry to the public CellServDB here: http://www.central.org/csdb.html I'd also appreciate DNS entries for Kerberos and AFS being added. Should I just fill out a normal support request? I don't see anyone under the BIND column on the TaskDistribution page. AFSDB records as well as Kerberos SRV records will help users configure their client machines. <<CDC _______________________________________________ HCoop-SysAdmin mailing list [email protected] http://hcoop.net/cgi-bin/mailman/listinfo/hcoop-sysadmin
