> On Tue, 24 Sep 2013 23:31:22 +0300 (EEST) > "Jukka Tuominen" <[email protected]> wrote: > >> > Okay, I thought you meant they were just offline or something. If >> > that's the problem, then it probably is related to authentication; >> > it seems more like the authentication setup is broken, not related >> > to the migration. Are your tokens not working at all, then? (A way >> > to test would be to try writing to, say, a new file in /afs/.cell/ ) >> >> mkdir saids it cannot be done because it's readonly. > > For a dir in /afs/.cell? Not /afs/cell, but /afs/.cell; that is, > /afs/.[new.domain]. Can you 'fs lsm' /afs/.[new.domain] ?
Oops! '/afs/.[new.domain]' is a mount point for volume '%[new.domain]:root.cell' > >> According to the syslog, the cause might be the ldap service which is >> still somehow off sync, eventhough it is trying to contact the new >> domain. But I don't know whether it should prevent root/admin >> accessing dirs? > > No, it should not. What you're looking for are messages that say > something like 'invalid tokens' or 'tokens discarded' from AFS. If you > see anything like that, the kerberos stuff is broken, so you won't be > able to access anything that requires authentication. Yes, indeed: afs: Tokens for user of AFS id 1 for cell liitin.org are discarded (rxkad error=19270408, server x.x.x.x) br, jukka > > If you do not see that, you can turn up debugging in the fileserver to > see who the fileserver thinks you are when you are accessing it, and it > may provide insight into why you are getting permissions errors. > > To turn up debugging all the way in the fileserver, 'pkill -TSTP > fileserver' 4 times (or 'pkill -TSTP dafileserver' if you're running > DAFS). Then run 'fs la' on the directory you're getting an error for, > and you should see a bunch of entries in FileLog. Run 'pkill -HUP > fileserver' to turn off debugging (or 'pkill -HUP dafileserver' for > DAFS). > > Then provide the debugging FileLog entries. Either just send it to me > privately or post it with obfuscation or whatever you want to do :) > > -- > Andrew Deason > [email protected] > > _______________________________________________ > OpenAFS-info mailing list > [email protected] > https://lists.openafs.org/mailman/listinfo/openafs-info > _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
