Hi, We wanted a fresh new AFS server as a single server new cell for testing purpose.
On Debian wheezy installed openafs-fileserver and openafs-dbserver from wheezy-backports. Created new an kerberos principal with only aes256-cts-hmac-sha1-96 enctype bos adduser dancsa created the db processes pts createu dancsa -lo pts adduser dancsa system:administrators reboot. root@afstest:~# bos listu -lo localhost SUsers are: dancsa (...and others) root@afstest:/etc/openafs/server# pts mem dancsa -lo Groups dancsa (id: 1) is a member of: system:administrators root@afstest:~# ktutil -k /etc/openafs/server/rxkad.keytab list /etc/openafs/server/rxkad.keytab: Vno Type Principal Aliases 1 aes256-cts-hmac-sha1-96 afs/[email protected] root@afstest:~# aklog -d Authenticating to cell afstest.elte.hu (server afstest.elte.hu). Trying to authenticate to user's realm ELTE.HU. Getting tickets: afs/[email protected] Using Kerberos V5 ticket natively About to resolve name dancsa to id in cell afstest.elte.hu. Id 1 Set username to AFS ID 1 Setting tokens. AFS ID 1 @ afstest.elte.hu root@afstest:~# tokens Tokens held by the Cache Manager: User's (AFS ID 1) tokens for [email protected] [Expires Aug 9 06:35] --End of list-- I can acquire tokens, bos and pts doesn't print out that run unauthenticated, yet i got permission denied # pts mem dancsa pts: Permission denied ; unable to get membership of dancsa (id: 1) //audit and debug log at the end of mail. root@afstest:~# bos restart -all localhost bos: failed to restart servers (you are not authorized for this operation) Then I started the bosserver under GDB, and asked the restart again. at afsconf_SuperUser auth/userok.c:364 rx_SecurityClassOf(tconn) returns with zero and the following comment is placed there /* not authenticated at all, answer is no */. tcpdump records this: cpdump: listening on lo, link-type EN10MB (Ethernet), capture size 65535 bytes 20:48:31.886856 IP (tos 0x0, ttl 64, id 59999, offset 0, flags [none], proto UDP (17), length 60) 127.0.0.1.52578 > 127.0.0.1.7007: [bad udp cksum 0xfe3b -> 0x1d28!] rx data cid 6306f090 call# 1 seq 1 ser 1 secindex 2 serviceid 1 <client-init>,<last-pckt> bos call restart-all (32) 20:48:31.886925 IP (tos 0x0, ttl 64, id 60000, offset 0, flags [none], proto UDP (17), length 72) 127.0.0.1.7007 > 127.0.0.1.52578: [bad udp cksum 0xfe47 -> 0x348b!] rx challenge cid 6306f090 call# 0 seq 0 ser 1 secindex 2 serviceid 1 (44) 20:48:31.887041 IP (tos 0x0, ttl 64, id 60001, offset 0, flags [none], proto UDP (17), length 456) 127.0.0.1.52578 > 127.0.0.1.7007: [bad udp cksum 0xffc7 -> 0x8a28!] rx response cid 6306f090 call# 0 seq 0 ser 2 secindex 2 serviceid 1 <client-init> (428) 20:48:31.887163 IP (tos 0x0, ttl 64, id 60002, offset 0, flags [none], proto UDP (17), length 60) 127.0.0.1.7007 > 127.0.0.1.52578: [bad udp cksum 0xfe3b -> 0xa4f3!] rx abort cid 6306f090 call# 1 seq 0 ser 2 secindex 2 serviceid 1 bos reply restart-all errcode 39430 (32) With localauth, the same query runs without problem. Could this be my fault at somewhere (altought i tried to follow the manual) or is this some kind of bug? Thanks, Dancsa root@afstest:/var/log/openafs# cat ptaudit Fri Aug 8 21:08:15 2014 EVENT AFS_PTS_Start CODE 0 Fri Aug 8 21:08:17 2014 EVENT AFS_PTS_NmToId CODE 0 STR dancsa ID 1 Fri Aug 8 21:08:17 2014 EVENT AFS_PTS_NmToId CODE 0 NAME [email protected] HOST 157.181.151.42 Fri Aug 8 21:08:17 2014 EVENT AFS_PTS_NmToId CODE 0 STR dancsa ID 1 Fri Aug 8 21:08:17 2014 EVENT AFS_PTS_NmToId CODE 0 NAME [email protected] HOST 157.181.151.42 Fri Aug 8 21:08:17 2014 EVENT AFS_PTS_IdToNm CODE 0 NAME [email protected] HOST 157.181.151.42 Fri Aug 8 21:08:17 2014 EVENT AFS_PTS_LstEle CODE 267269 NAME [email protected] HOST 157.181.151.42 ID 1 root@afstest:/var/log/openafs# cat PtLog Fri Aug 8 21:08:15 2014 Using 157.181.151.42 as my primary address Fri Aug 8 21:08:15 2014 Starting AFS ptserver 1.1 (/usr/lib/openafs/ptserver -d 255 -auditlog /var/log/openafs/ptaudit) Fri Aug 8 21:08:17 2014 allbetter checking Fri Aug 8 21:08:17 2014 allbetter: returning 1 Fri Aug 8 21:08:17 2014 allbetter checking Fri Aug 8 21:08:17 2014 allbetter: returning 1 Fri Aug 8 21:08:17 2014 allbetter checking Fri Aug 8 21:08:17 2014 allbetter: returning 1 Fri Aug 8 21:08:17 2014 allbetter checking Fri Aug 8 21:08:17 2014 allbetter: returning 1 Fri Aug 8 21:08:17 2014 allbetter checking Fri Aug 8 21:08:17 2014 allbetter: returning 1 Fri Aug 8 21:08:17 2014 allbetter checking Fri Aug 8 21:08:17 2014 allbetter: returning 1 Fri Aug 8 21:08:17 2014 allbetter checking Fri Aug 8 21:08:17 2014 allbetter: returning 1 Fri Aug 8 21:08:17 2014 allbetter checking Fri Aug 8 21:08:17 2014 allbetter: returning 1 Fri Aug 8 21:08:17 2014 allbetter checking Fri Aug 8 21:08:17 2014 allbetter: returning 1 Fri Aug 8 21:08:17 2014 allbetter checking Fri Aug 8 21:08:17 2014 allbetter: returning 1 Fri Aug 8 21:08:17 2014 allbetter checking Fri Aug 8 21:08:17 2014 allbetter: returning 1 Fri Aug 8 21:08:17 2014 PTS_NameToID: code 0 aname dancsa aid 1 Fri Aug 8 21:08:17 2014 allbetter checking Fri Aug 8 21:08:17 2014 allbetter: returning 1 Fri Aug 8 21:08:17 2014 PTS_NameToID: code 0 Fri Aug 8 21:08:17 2014 allbetter checking Fri Aug 8 21:08:17 2014 allbetter: returning 1 Fri Aug 8 21:08:17 2014 allbetter checking Fri Aug 8 21:08:17 2014 allbetter: returning 1 Fri Aug 8 21:08:17 2014 allbetter checking Fri Aug 8 21:08:17 2014 allbetter: returning 1 Fri Aug 8 21:08:17 2014 allbetter checking Fri Aug 8 21:08:17 2014 allbetter: returning 1 Fri Aug 8 21:08:17 2014 allbetter checking Fri Aug 8 21:08:17 2014 allbetter: returning 1 Fri Aug 8 21:08:17 2014 PTS_NameToID: code 0 aname dancsa aid 1 Fri Aug 8 21:08:17 2014 allbetter checking Fri Aug 8 21:08:17 2014 allbetter: returning 1 Fri Aug 8 21:08:17 2014 PTS_NameToID: code 0 Fri Aug 8 21:08:17 2014 PTS_IDToName: code 0 Fri Aug 8 21:08:17 2014 allbetter checking Fri Aug 8 21:08:17 2014 allbetter: returning 1 Fri Aug 8 21:08:17 2014 allbetter checking Fri Aug 8 21:08:17 2014 allbetter: returning 1 Fri Aug 8 21:08:17 2014 allbetter checking Fri Aug 8 21:08:17 2014 allbetter: returning 1 Fri Aug 8 21:08:17 2014 allbetter checking Fri Aug 8 21:08:17 2014 allbetter: returning 1 Fri Aug 8 21:08:17 2014 PTS_ListElements: code 267269 cid 32766 aid 1 Fri Aug 8 21:08:19 2014 recovery running in state 0 _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
