Hi Chris, Chris Huebsch wrote: > Hi, > > On Fri, 8 Sep 2006, Mike Bydalek wrote: > >> Thanks for the responses Russ and Ted. I read through everything, but >> I'm still having problems that I can't figure out. >> >> Here are the commands that I'm trying to execute on the new fileserver >> (mars) where the database server is (earth). I have kadmin and aklog'd >> as admin which belongs to the system:administrators group. > > You say that you have a valid token for your cell. Can you verify that > by creating a volume on your aold fileserver? Works as expected: [EMAIL PROTECTED]:/etc# vos create earth.testbed.lan /vicepa test.vol Volume 536870927 created on partition /vicepa of earth.testbed.lan
> > My guess is that your fileserver does not have the necesarry information > to validate your token. > > Every fileserver has to have a keyfile storing some sort of key for > decrypting or something like that. (If you want to know more, read about > Kerberos protocols.) > > This file is called KeyFile and stored on each server. If those files > are not identical, authentication will fail. To setup the new fileserver, I copied over the keytab that I created and ran asetkey successfully. You're right in that there is a problem with the authentication, but I am able to get tokens successfully. [EMAIL PROTECTED]:/etc# aklog -d -c testbed.lan -k TESTBED.LAN Authenticating to cell testbed.lan (server earth.testbed.lan). We were told to authenticate to realm TESTBED.LAN. Getting tickets: afs/[EMAIL PROTECTED] Principal not found, trying alternate service name: afs/@TESTBED.LAN Using Kerberos V5 ticket natively About to resolve name admin to id in cell testbed.lan. Id 1 Set username to AFS ID 1 Setting tokens. AFS ID 1 / @ TESTBED.LAN But if I try and do something that requires authentication, it fails: [EMAIL PROTECTED]:/var/log/openafs# bos listkeys mars.testbed.lan -cell testbed.lan bos: you are not authorized for this operation error encountered while listing keys But the keys are there ... [EMAIL PROTECTED]:/var/log/openafs# bos listkeys mars.testbed.lan -cell testbed.lan -localauth key 3 has cksum 2873560082 Keys last changed on Fri Sep 8 12:19:55 2006. All done. Am I missing something obvious? > > A good hint is to read the logfiles of your AFS-Server too. They are not > too verbose, but they can contain valuable information sometimes. > > You find them in the logs directory. The logs haven't proved too useful so far =/ Thanks! -Mike _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
