Tony D'Amato wrote:
Okay, I'm beating my head against the wall on this one... I've compiled,
installed, and attempting to set up OpenAFS 1.4.8 as a server on Solaris
10 x86 (originally Update 5, with some U6 patches). I'm using Sun Studio
12 to compile the software. After setting up the services with -noauth,
using asetkey to add the afs principal, created the admin principal
'cell_admin' (we're a former DCE/DFS shop), but when I issue the setacl
on the /afs mount point, I get the infamous error message in the
subject. Please note that due to local requirements, the Kerberos domain
is not and cannot be the same as the AFS cell name... perhaps that's my
problem?
Anywho, here's a log of what I've done...
# kinit cell_admin
Password for [EMAIL PROTECTED]:
# aklog -d
Authenticating to cell lionstest.odu.edu (server marcos.server1.odu.edu).
Trying to authenticate to user's realm AUTH.ODU.EDU.
Getting tickets: afs/[EMAIL PROTECTED]
Using Kerberos V5 ticket natively
About to resolve name cell_admin to id in cell lionstest.odu.edu.
Id 1
Set username to AFS ID 1
Setting tokens. AFS ID 1 / @ AUTH.ODU.EDU
# fs setacl /afs system:anyuser rl
What does "fs exam /afs" and "fs whichcell" show?
If its readonly that could be the issue.
You can make a temp mount point for root.afs and set the acl,
then release the volume and unmount the temp mount point?
cd /afs/.lionstest.odu.edu
fs mkm -dir tmp.root -vol root.afs
fs sa tmp.root -acl system:anyuser rl
vos release root.afs
fs rmm tmp.root
fs: You don't have the required access rights on '/afs'
# /usr/afs/bin/pt_util -members
Ubik Version is: 1229008544.4
system:backup 2/0 -205 -204 -204
system:administrators 130/20 -204 -204 -204
cell_admin 1
system:ptsviewers 2/0 -203 -204 -204
system:authuser 2/0 -102 -204 -204
system:anyuser 2/0 -101 -204 -204
# tokens
Tokens held by the Cache Manager:
User's (AFS ID 1) tokens for [EMAIL PROTECTED] [Expires Dec 11 20:32]
--End of list--
# pts me system:administrators
pts: Permission denied ; unable to get membership of
system:administrators (id: -204)
# pts me system:administrators -noauth
Members of system:administrators (id: -204) are:
cell_admin
# fstrace setset cm -active
# fs setacl /afs system:anyuser rl
fs: You don't have the required access rights on '/afs'
# fstrace dump cm
AFS Trace Dump -
Date: Thu Dec 11 10:37:00 2008
Found 1 logs.
Contents of log cmfx:
time 916.908804, pid 0: Thu Dec 11 10:36:52 2008
time 916.908804, pid 1376: Analyze RPC op 2 conn 0x83d7e258 code 0x0
user 0x0
time 916.908814, pid 1376: ProcessFS vp 0x85899000 old len (0x0,
0x800) new len (0x0, 0x800)
time 916.908821, pid 1376: vfs root vp 0x85899000, code 0
time 916.908828, pid 1376: Pioctl command 0x2 for vp 0x85899000, follow=1
time 916.908992, pid 1376: Analyze RPC op 1 conn 0x83d7e258 code
0x2f6df0c user 0x0
time 916.908999, pid 1376: Returning code 49733388 from 41
AFS Trace Dump - Completed
# vos listaddrs
marcos.server1.odu.edu
# fs checkservers
All servers are running.
# fs checkvolumes
All volumeID/name mappings checked.
# pts me cell_admin -cell lionstest.odu.edu -localauth
Groups cell_admin (id: 1) is a member of:
system:administrators
#
Thanks in advance for any assistance you can give me!
--
Douglas E. Engert <[EMAIL PROTECTED]>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
