Thank you very much Sergio (and Jason for F9 pointer)! I gave up on using the microsoft KDC server for now & as someone suggested followed the Fedora9 instructions to do as they do, own+operate RHEL kdc server on the new (test) AFS server itself to get everything working. Doing this, things are progressing further.
But it seems just using "afs" is insufficient on RHEL : [EMAIL PROTECTED]> kadmin.local -q "addprinc -randkey afs" Authenticating as principal root/[EMAIL PROTECTED] with password. WARNING: no policy specified for [EMAIL PROTECTED]; defaulting to no policy Principal "[EMAIL PROTECTED]" created. Because down the road aklog failed: aklog: Couldn't get atest.phy AFS tickets: aklog: unknown RPC error (-1765328377) while getting AFS tickets Based on the error in /var/log/krb5kdc.log: UNKNOWN_SERVER: authtime 1222007068, [EMAIL PROTECTED] for afs/[EMAIL PROTECTED], Server not found in Kerberos database it seems pretty obvious there was a difference between Principal "[EMAIL PROTECTED]" and afs/[EMAIL PROTECTED] So the solution was to instead use afs/<cellname> [EMAIL PROTECTED]> kadmin.local -q "addprinc -randkey afs/atest.phy" Then aklog works. (Is there a different/better solution?) But then next step fs setacl doesn't: [EMAIL PROTECTED]> fs setacl /afs system:anyuser rl fs: You don't have the required access rights on '/afs' I've reproduced this on another test server, exactly. Can anyone clarify using afs in the kerberos commands vs afs/<cellname> ?? RHEL debugging hints welcome! > I also see /usr/share/doc/openafs-dbserver/README.servers.gz and > /usr/share/doc/openafs-dbserver/configuration-transcript.txt.gz. These appear to be un-RHEL things - no such package openafs-docs for RHEL. Could you send them to me somehow? The posting & perl scripts listed on http://lists.openafs.org/pipermail/openafs-info/2005-August/019061.html are somewhat useful, if they're not out of date. Very grateful thanks for all for hints+help. _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
