Greetings, As recommended, you should create an AFS service principal as afs/DOMAIN@REALM, eg, afs/sri.utoronto.ca. IPA does not allow a service principal to be created if there is no corresponding host principal. Hence, I have to have this: afs/openafs.sri.utoronto.ca, where openafs.sri.utoronto.ca is the FQDN of the server. OpenAFS seems to be happy with this, and by following the quick-start guide I have setup the first server on my RHEL 6.3 server. Now I am at "Configuring the Top Levels of the AFS Filespace", after kinit and aklog, this fails: [root@smb1 ~]# fs setacl /afs system:anyuser rl fs: You don't have the required access rights on '/afs'
I found this thread: http://lists.openafs.org/pipermail/openafs-info/2008-December/030552.html which says that I have to create a keyfile with des-cbc-crc:v4 salt, after some struggle with IPA I finally created the keyfile with des-cbc-crc:v4. It did not help, I still get the same error. ===== [root@smb1 ~]# bos status smb1 Instance buserver, currently running normally. Instance ptserver, currently running normally. Instance vlserver, currently running normally. Instance dafs, currently running normally. Auxiliary status is: file server running. Instance upserver, currently running normally. [root@smb1 ~]# kinit admin [root@smb1 ~]# aklog -d Authenticating to cell openafs.sri.utoronto.ca (server smb1.sri.utoronto.ca). Trying to authenticate to user's realm SRI.UTORONTO.CA. Getting tickets: afs/[email protected] Using Kerberos V5 ticket natively About to resolve name admin to id in cell openafs.sri.utoronto.ca. Id 1 Set username to AFS ID 1 Setting tokens. AFS ID 1 @ openafs.sri.utoronto.ca [root@smb1 ~]# klist -e Ticket cache: FILE:/tmp/krb5cc_0 Default principal: [email protected] Valid starting Expires Service principal 07/12/12 10:56:17 07/13/12 10:56:10 krbtgt/[email protected] Etype (skey, tkt): aes256-cts-hmac-sha1-96, aes256-cts-hmac-sha1-96 07/12/12 10:56:29 07/13/12 10:56:10 afs/[email protected] Etype (skey, tkt): des-cbc-crc, des-cbc-crc [root@smb1 ~]# fs setacl /afs system:anyuser rl fs: You don't have the required access rights on '/afs' ===== All logs seem OK except this: [root@smb1 ~]# cat /usr/afs/logs/FileLog Wed Jul 11 15:45:27 2012 File server starting (/usr/afs/bin/dafileserver) Wed Jul 11 15:45:27 2012 afs_krb_get_lrealm failed, using openafs.sri.utoronto.ca. Wed Jul 11 15:45:30 2012 VL_RegisterAddrs rpc failed; will retry periodically (code=5376, err=0) Wed Jul 11 15:45:30 2012 VLRU: starting scanner with the following configuration parameters: Wed Jul 11 15:45:30 2012 VLRU: offlining volumes after minimum of 7200 seconds of inactivity Wed Jul 11 15:45:30 2012 VLRU: running VLRU soft detach pass every 120 seconds Wed Jul 11 15:45:30 2012 VLRU: taking up to 8 volumes offline per pass Wed Jul 11 15:45:30 2012 VLRU: scanning generation 0 for inactive volumes every 900 seconds Wed Jul 11 15:45:30 2012 VLRU: scanning for promotion/demotion between generations 0 and 1 every 14400 seconds Wed Jul 11 15:45:30 2012 VLRU: scanning for promotion/demotion between generations 1 and 2 every 28800 seconds Wed Jul 11 15:45:30 2012 Set thread id 3 for FSYNC_sync Wed Jul 11 15:45:30 2012 VInitVolumePackage: beginning parallel fileserver startup Wed Jul 11 15:45:30 2012 VInitVolumePackage: using 1 threads to pre-attach volumes on 1 partitions Wed Jul 11 15:45:30 2012 Scanning partitions on thread 1 of 1 Wed Jul 11 15:45:30 2012 Partition /vicepa: pre-attaching volumes Wed Jul 11 15:45:30 2012 Partition scan thread 1 of 1 ended Wed Jul 11 15:45:30 2012 fs_stateRestore: commencing fileserver state restore Wed Jul 11 15:45:30 2012 fs_stateRestore: host table restored Wed Jul 11 15:45:30 2012 fs_stateRestore: FileEntry and CallBack tables restored Wed Jul 11 15:45:30 2012 fs_stateRestore: host table indices remapped Wed Jul 11 15:45:30 2012 fs_stateRestore: FileEntry and CallBack indices remapped Wed Jul 11 15:45:30 2012 fs_stateRestore: restore phase complete Wed Jul 11 15:45:30 2012 fs_stateRestore: beginning state verification phase Wed Jul 11 15:45:30 2012 fs_stateRestore: fileserver state verification complete Wed Jul 11 15:45:30 2012 fs_stateRestore: restore was successful Wed Jul 11 15:45:30 2012 Getting FileServer name... Wed Jul 11 15:45:30 2012 FileServer host name is 'smb1.sri.utoronto.ca' Wed Jul 11 15:45:30 2012 Getting FileServer address... Wed Jul 11 15:45:30 2012 Set thread id 0000000000000010 for 'HostCheckLWP' Wed Jul 11 15:45:30 2012 FileServer smb1.sri.utoronto.ca has address x.x.x.x Wed Jul 11 15:45:30 2012 File Server started Wed Jul 11 15:45:30 2012 Wed Jul 11 15:45:30 2012 Set thread id 000000000000000B for 'FiveMinuteCheckLWP' Wed Jul 11 15:45:30 2012 Set thread id 000000000000000C for 'FsyncCheckLWP' Thanks, Qing
