> On Wed, 25 Sep 2013 00:37:19 +0300 (EEST) > "Jukka Tuominen" <[email protected]> wrote: > >> >> mkdir saids it cannot be done because it's readonly. >> > >> > For a dir in /afs/.cell? Not /afs/cell, but /afs/.cell; that is, >> > /afs/.[new.domain]. Can you 'fs lsm' /afs/.[new.domain] ? >> >> Oops! >> '/afs/.[new.domain]' is a mount point for volume >> '%[new.domain]:root.cell' > > I assume this gives a 'permission denied' error now? > >> > No, it should not. What you're looking for are messages that say >> > something like 'invalid tokens' or 'tokens discarded' from AFS. If you >> > see anything like that, the kerberos stuff is broken, so you won't be >> > able to access anything that requires authentication. >> >> Yes, indeed: >> afs: Tokens for user of AFS id 1 for cell liitin.org are discarded >> (rxkad >> error=19270408, server x.x.x.x) > > $ translate_et 19270408 > 19270408 (rxk).8 = ticket contained unknown key version number > > So yes, the authentication setup is broken. Are you using the non-DES > setup, and do you remember exactly what you did?
addprinc -policy service -randkey -e aes256-cts-hmac-sha1-96:normal afs/[new.domain] > Can you run in kadmin: > > kadmin: getprinc afs/[new.domain] > > and provide the parts that say "Key: vno X, [...]". Key: vno 1, AES-256 CTS mode with 96-bit SHA-1 HMAC, no salt > Then run: > > # ktutil > ktutil: rkt /usr/afs/etc/rxkad.keytab > ktutil: l -e > [output] > > Either provide the output, or just look yourself to see if it the > 'ktutil' output seems to be consistent with the 'getprinc' output above. There is no file by name rxkad.keytab (tried to 'locate' it). Maybe it has a different name in Ubuntu 10.04 or may this be the error? br, jukka > > -- > Andrew Deason > [email protected] > > _______________________________________________ > OpenAFS-info mailing list > [email protected] > https://lists.openafs.org/mailman/listinfo/openafs-info > _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
