I update krb5.conf on fileserver elektra2, after 2 hours was all in order. But same old krb5.conf file is on elektra1 without problems. I was this problem with group "system:av", when I used system:administrators, then priviledges were applied correctly.
Now is this problem solved, thanks for ideas. Michal. On Wed, Apr 13, 2011 at 17:04, Derrick Brashear <[email protected]> wrote: > On Wed, Apr 13, 2011 at 9:33 AM, Michal Svamberg <[email protected]> wrote: >> Hello, >> I have two same fileservers for user volumes - elektra1.zcu.cz and >> elektra2.zcu.cz >> The problem is only on all (I tested on 4 volumes) volumes at elektra2 >> server. >> The group 'system:av' have rlidwka rights, but the rights is not applied. >> >> $ fs la . >> Access list for . is >> Normal rights: >> system:av rlidwka >> meta-hosts l >> zcu.cz rl >> jvarga rl >> >> $ pts mem svamberg.root >> Groups svamberg.root (id: 129) is a member of: >> adm:backup >> system:av >> lps.root >> system:faidev >> system:faiadministrators >> system:administrators >> system:tftpboot >> system:root >> >> $ tokens >> Tokens held by the Cache Manager: >> >> User's (AFS ID 129) tokens for [email protected] [Expires Apr 13 18:35] >> --End of list-- >> >> $ touch x >> touch: cannot touch `x': Permission denied >> >> $ fs exa . >> File . (876024890.1.1) contained in volume 876024890 >> Volume status for vid = 876024890 named user.jvarga >> Current disk quota is 1000000 >> Current blocks used are 583253 >> The partition has 157451567 blocks available out of 292871036 >> >> I don't know where is problem. I haven't this problem on volumes at >> elektra1.zcu.cz. >> Any ideas? > > is the time wrong on elektra2, or anything of note in the FileLog? my > guess here would be that the fileserver > can't verify your identity, meaning you'd presumably see a > pr_Initialize failure in the FileLog. > > if you enable auditlogs (the -auditlog parameter to the fileserver) it > will tell you what identity it believes you have > in the audit event for your request (in this case, presumably a createfile) > > > -- > Derrick > _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
