On Wed, 25 Sep 2013 00:37:19 +0300 (EEST) "Jukka Tuominen" <[email protected]> wrote:
> >> mkdir saids it cannot be done because it's readonly. > > > > For a dir in /afs/.cell? Not /afs/cell, but /afs/.cell; that is, > > /afs/.[new.domain]. Can you 'fs lsm' /afs/.[new.domain] ? > > Oops! > '/afs/.[new.domain]' is a mount point for volume '%[new.domain]:root.cell' I assume this gives a 'permission denied' error now? > > No, it should not. What you're looking for are messages that say > > something like 'invalid tokens' or 'tokens discarded' from AFS. If you > > see anything like that, the kerberos stuff is broken, so you won't be > > able to access anything that requires authentication. > > Yes, indeed: > afs: Tokens for user of AFS id 1 for cell liitin.org are discarded (rxkad > error=19270408, server x.x.x.x) $ translate_et 19270408 19270408 (rxk).8 = ticket contained unknown key version number So yes, the authentication setup is broken. Are you using the non-DES setup, and do you remember exactly what you did? Can you run in kadmin: kadmin: getprinc afs/[new.domain] and provide the parts that say "Key: vno X, [...]". Then run: # ktutil ktutil: rkt /usr/afs/etc/rxkad.keytab ktutil: l -e [output] Either provide the output, or just look yourself to see if it the 'ktutil' output seems to be consistent with the 'getprinc' output above. -- Andrew Deason [email protected] _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
