On Mon, 22 Sep 2014 11:46:57 -0700 Eric Shell <[email protected]> wrote:
> Thanks, Ben. Copying a regular krb5 keytab to > /usr/local/etc/openafs/server/rxkad.keytab worked and I was able to proceed > until trying to create a user. I tried running > > pts createuser -name test -id 1000 -localauth > > but it returns > > > pts: server or network not responding; unable to create user test with id > > 1000 Does it hang for a little while before returning this error? > I find out what's causing the error? I tried to learn what was going on > with truss and found that it was complaining that no > /usr/local/etc/openafs/server/KeyFile and > /usr/local/etc/openafs/server/UserList files existed, so I touched them, > but that didn't make a difference. I shouldn't need the KeyFile at > all if /usr/local/etc/openafs/server/rxkad.keytab is present, correct? Don't create those files; we just probe to see if they exist, but indeed, you don't need them. > In case it is relevant, when I run the pts createuser command with > -noauth it immediately returns a "Permission denied" error. That's helpful to know, since it shows we don't actually have a problem with simply contacting the server. Questions and things to try: Can you run any command successfully with -localauth? A good simple test is 'bos status' like you showed; just run it with -localauth. Did you restart the servers after putting rxkad.keytab in place? (This isn't always necessary, but at least in situations like this I think it's simpler to do so.) Can you show the contents of rxkad.keytab? Not the keys, obviously; just what the principals and enctypes are. -- Andrew Deason [email protected] _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
