"Roman Hlynovskiy" <[email protected]> writes: > I am trying to implement openafs to a couple of servers according to > this guide: http://www.debian-administration.org/articles/610 > > afs-newcell > goes fine > kinit root/admin; aklog > also ok > > but afs-rootvol > fails on fs sa /afs system:anyuser rl > with > fs sa /afs system:anyuser rl > fs: You don't have the required access rights on '/afs' > Failed: 256 > > at the same time openafs module dumps the following line to dmesg: > afs: Tokens for user of AFS id 0 for cell forever.kz are discarded > (rxkad error=19270407)
windlord:~> translate_et 19270407 19270407 (rxk).7 = security object was passed a bad ticket Chances are fairly high that this error message means that your AFS server disagrees with your Kerberos server about the afs/* key. In other words, what you have in the KeyFile for your AFS server doesn't match what's in the KDC, either in the key or in the kvno. Possible causes: * The key in the KDC is not restricted to only a DES enctype. * You've changed the KDC key (such as with a subsequent kadmin addkey command) since you imported the key into the AFS KeyFile with asetkey. * You specified the wrong kvno in the asetkey command. * You have both an afs key and an afs/<cell> key in Kerberos and aklog isn't using the one that you expect it to use. -- Russ Allbery ([email protected]) <http://www.eyrie.org/~eagle/> _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
