Did you add cell_admin to /usr/afs/etc/UserList
using the bos adduser?
Tony D'Amato wrote:
Douglas E. Engert wrote:
Tony D'Amato wrote:
Okay, I'm beating my head against the wall on this one... I've compiled,
installed, and attempting to set up OpenAFS 1.4.8 as a server on Solaris
10 x86 (originally Update 5, with some U6 patches). I'm using Sun Studio
12 to compile the software. After setting up the services with -noauth,
using asetkey to add the afs principal, created the admin principal
'cell_admin' (we're a former DCE/DFS shop), but when I issue the setacl
on the /afs mount point, I get the infamous error message in the
subject. Please note that due to local requirements, the Kerberos domain
is not and cannot be the same as the AFS cell name... perhaps that's my
problem?
Anywho, here's a log of what I've done...
# kinit cell_admin
Password for [email protected]:
# aklog -d
Authenticating to cell lionstest.odu.edu (server marcos.server1.odu.edu).
Trying to authenticate to user's realm AUTH.ODU.EDU.
Getting tickets: afs/[email protected]
Using Kerberos V5 ticket natively
About to resolve name cell_admin to id in cell lionstest.odu.edu.
Id 1
Set username to AFS ID 1
Setting tokens. AFS ID 1 / @ AUTH.ODU.EDU
# fs setacl /afs system:anyuser rl
What does "fs exam /afs" and "fs whichcell" show?
# fs exam /afs
fs: You don't have the required access rights on '/afs'
# fs whichcell /afs
File /afs lives in cell 'lionstest.odu.edu'
#
If its readonly that could be the issue.
You can make a temp mount point for root.afs and set the acl,
then release the volume and unmount the temp mount point?
cd /afs/.lionstest.odu.edu
fs mkm -dir tmp.root -vol root.afs
fs sa tmp.root -acl system:anyuser rl
vos release root.afs
fs rmm tmp.root
Unfortunately, this is a new cell, I just created root.afs w/ -noauth,
and I haven't been able to create /afs/lionstest.odu.edu because of the
permission issue on /afs. When I try my next step in creating root.cell,
I get this:
# /usr/sbin/vos create marcos.server1.odu.edu /vicepa root.cell
Could not get an Id for volume root.cell
VLDB: no permission access for call
VLDB: no permission access for call
Error in vos create command.
VLDB: no permission access for call
# tokens
Tokens held by the Cache Manager:
User's (AFS ID 1) tokens for [email protected] [Expires Dec 11 20:32]
--End of list--
#
In a separate email, Derrick Brashear is thinking it might be a bad
token giving me issues. Thoughts all?
[...snip...]
--
Tony D'Amato, SCSA (it's Exchange that puts "Nicholas" there)
Senior UNIX Systems Administrator
Server Support Group, OCCS
Old Dominion University
--
Douglas E. Engert <[email protected]>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
