* avison4 [2008-09-13 17:54:05 +0000]: > Sergio Gelato said > > My favourite cell setup instructions are the ones that ship as part of > > the Debian OpenAFS packages. The reason is that they don't require you > > to use the -noauth switch. > > When I looked at this, the only "instructions" for configure of a new afs > server were: "Run afs-newcell" & "Run afs-rootvol" which are perl scripts. > Is that what you mean?
I also see /usr/share/doc/openafs-dbserver/README.servers.gz and /usr/share/doc/openafs-dbserver/configuration-transcript.txt.gz. Besides, the perl scripts may be executable but they can also be studied as documentation (and modified to meet local needs). > Jason said: > > You don't need to set up a KDC, but you must make sure that the > > Linux server can kinit against the AD servers. > > Stuck there. Servers are running, no errors in logfiles (that I can see); > client proccesses running, but start with error: > afsd: Can't mount AFS on /afs(22) That's (at least superficially) a client-side problem. I'd check that the kernel module is properly loaded. If you aren't using -dynroot, then maybe your client has trouble getting to the root.afs volume of its default cell (did you remember to create that volume?) > Next they say login to Kerberos then AFS: > > [EMAIL PROTECTED]> kinit admin > kinit(v5): Client not found in Kerberos database while getting initial > credentials > > No matter what variant tried, that's the response. The information you gave in the rest of the message shows pretty conclusively that your old cell has *not* been fully migrated to Kerberos 5. I think that's the source of your confusion. If you want to replicate the current state of your old cell, you'll have to run a kaserver. But that solution is not future-proof: kaserver (and indeed Kerberos 4) is deprecated. You should plan on moving to Kerberos 5 ASAP. You don't need the AFS administration account to be called "admin". Any principal(s) listed in the cell's UserList file will have administrative privileges. _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
