In addition, how does one change the AFS UID of a member of
system:administrators ? (Such as m_singh above) ?
That m_singh is a member of system:administrators makes no difference to
how you would change the AFS UID. The answer is, you can't (at least so
far as I know; I welcome
Thanks for the help again.
I am now reading up on the administration of OpenAFS.
Let us refer to :
http://www.openafs.org/pages/doc/AdminGuide/auagd018.htm#HDRWQ503
This provides a command by command reference for setting up individual user
accounts on AFS. For my users, I decided to create a
Thanks for your exhaustive response.
I ran the afs-newcell script :
What administrative principal should be used? /admin
echo \omega.domain.edu /etc/openafs/server/CellServDB
/etc/init.d/openafs-fileserver start
Starting AFS Server: bosserver.
bos addhost omega omega -localauth ||true
bos:
Where do you set ThisCell?
-derek
Madhusudan Singh [EMAIL PROTECTED] writes:
Thanks for your exhaustive response.
I ran the afs-newcell script :
What administrative principal should be used? /admin
echo \omega.domain.edu /etc/openafs/server/CellServDB
/etc/init.d/openafs-fileserver
On Wednesday 24 August 2005 12:19 pm, Derek Atkins wrote:
Where do you set ThisCell?
-derek
omega:/etc/openafs# pwd
/etc/openafs
omega:/etc/openafs# cat ThisCell
omega.domain.edu
omega:/etc/openafs# cat server/ThisCell
omega.domain.edu
___
* Madhusudan Singh [2005-08-24 11:23:03 -0400]:
I ran the afs-newcell script :
Which version? Make sure you are using the one Russ posted on this list.
bos addhost omega omega -localauth ||true
bos: could not find entry (can't find cell 'default' in cell database)
I believe the new version
Madhusudan Singh [EMAIL PROTECTED] writes:
Thanks for your exhaustive response.
I ran the afs-newcell script :
What administrative principal should be used? /admin
echo \omega.domain.edu /etc/openafs/server/CellServDB
/etc/init.d/openafs-fileserver start
Starting AFS Server: bosserver.
On Wednesday 24 August 2005 3:33 pm, Russ Allbery wrote:
Madhusudan Singh [EMAIL PROTECTED] writes:
Thanks for your exhaustive response.
I ran the afs-newcell script :
What administrative principal should be used? /admin
echo \omega.domain.edu /etc/openafs/server/CellServDB
Madhusudan Singh [EMAIL PROTECTED] writes:
Just ran it :
#afs-newcell
Do you meet these requirements? [y/n] y
If the fileserver is not running, this may hang for 30 seconds.
/etc/init.d/openafs-fileserver stop
Stopping AFS Server: bosserver.
What administrative principal should be
Thanks for all the help. Ran afs-newcell, got tokens as the admin, and ran
afs-rootvol and the whole process seems to have concluded successfully.
Thanks for the very helpful scripts. I will be studying the logs to see how
this process differed from my prior attempt.
Your excellent README then
Madhusudan Singh [EMAIL PROTECTED] writes:
Thanks for all the help. Ran afs-newcell, got tokens as the admin, and
ran afs-rootvol and the whole process seems to have concluded
successfully. Thanks for the very helpful scripts. I will be studying
the logs to see how this process differed from
Hi
Thanks for your response. I contacted the KDC admins yesterday and they
suggested that I use :
kinit -k -t /etc/krb5.keytab afs/[EMAIL PROTECTED]
where the keytab is stored in /etc/krb5.keytab
instead of kinit
In this case, what would my admin
Madhusudan Singh [EMAIL PROTECTED] writes:
Thanks for your response. I contacted the KDC admins yesterday and they
suggested that I use :
kinit -k -t /etc/krb5.keytab afs/[EMAIL PROTECTED]
where the keytab is stored in /etc/krb5.keytab
instead of kinit
In this
Russ Allbery [EMAIL PROTECTED] writes:
Madhusudan Singh [EMAIL PROTECTED] writes:
Thanks for your response. I contacted the KDC admins yesterday and they
suggested that I use :
kinit -k -t /etc/krb5.keytab afs/[EMAIL PROTECTED]
[snip]
When running afs-newcell, the admin principal is
Derek Atkins [EMAIL PROTECTED] writes:
Don't you have to do something special when cellname != REALM? ISTR you
needed to make some modification to some kerberos configuration (on the
server?) to get this working? Or is my memory completely out of date?
Yeah, you do, but I think we already
I presume /usr/afs/etc/krb.conf is the Transarc path?
tedc
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Russ Allbery
Sent: Tuesday, August 23, 2005 2:25 PM
To: Madhusudan Singh; openafs-info@openafs.org
Subject: Re: [OpenAFS] Debian - openafs -noauth
Hi
Thanks for the instructions.
I ran dpkg-reconfigure openafs-client, entered the cell name in lower
case
and answered most of the questions.
cat /etc/openafs/server/CellServDB now has
OMEGA.DOMAIN.EDU
No IP addresses at all. Is this to be expected
Madhusudan Singh [EMAIL PROTECTED] writes:
Thanks for the instructions.
I ran dpkg-reconfigure openafs-client, entered the cell name in
lower case and answered most of the questions.
cat /etc/openafs/server/CellServDB now has
OMEGA.DOMAIN.EDU
No IP addresses at
On Monday 22 August 2005 1:18 pm, Russ Allbery wrote:
Madhusudan Singh [EMAIL PROTECTED] writes:
Thanks for the instructions.
I ran dpkg-reconfigure openafs-client, entered the cell name in
lower case and answered most of the questions.
cat /etc/openafs/server/CellServDB
Madhusudan Singh [EMAIL PROTECTED] writes:
Upon getting credentials as user (kinit ; aklog ) , I noticed
that :
omega:/etc/openafs/server# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: [EMAIL PROTECTED]
Valid starting ExpiresService principal
Sergio Gelato [EMAIL PROTECTED] writes:
* Russ Allbery [2005-08-19 21:20:49 -0700]:
Attached. (Review from anyone else would also be welcome.)
A few minor comments follow. Overall, it looks good.
7. If the name of your Kerberos realm does not match the name of your
[...]
7. Create
* Russ Allbery [2005-08-19 21:20:49 -0700]:
Attached. (Review from anyone else would also be welcome.)
A few minor comments follow. Overall, it looks good.
7. If the name of your Kerberos realm does not match the name of your
[...]
7. Create some space to use for AFS volumes. You can
Hi
The only reason was that I was under the impression that reiserfs does
not
work with openafs.
Can the cache be located on a reiserfs partition as well ?
Thanks,
MS
On Saturday 20 August 2005 7:15 am, Derek Atkins wrote:
Madhusudan Singh [EMAIL PROTECTED] writes:
Thus spake Madhusudan Singh ([EMAIL PROTECTED]):
Can the cache be located on a reiserfs partition as well ?
No, the cache can't.
--
Consistency: Every time you release an apple over Sir Isaac Newton,
it will drop on his head. That's good.
___
Sergio Gelato [EMAIL PROTECTED] writes:
One aspect that I found to be insufficiently documented is the need to
write your realm name in /etc/openafs/server/krb.conf . It's been
mentioned before on this mailing list, but seems to be missing from both
Debian's and Gentoo's instructions,
Madhusudan Singh [EMAIL PROTECTED] writes:
One more thing -
I did not create/start kaserver as I intend to use MIT Kerberos v5
exclusively. Could that be a factor ?
No, you should not be using kaserver with a new setup. You want to use
MIT Kerberos v5. You were correct in your
Madhusudan Singh [EMAIL PROTECTED] writes:
omega:~# tokens
Tokens held by the Cache Manager:
User's (AFS ID 2) tokens for [EMAIL PROTECTED] [Expires Aug 13 01:18]
--End of list--
omega:~# fs setacl /afs system:anyuser rl
fs: You don't have the required access rights on '/afs'
This is
Hi
Thanks for your response.
On Friday 19 August 2005 4:10 pm, Russ Allbery wrote:
Madhusudan Singh [EMAIL PROTECTED] writes:
omega:~# tokens
Tokens held by the Cache Manager:
User's (AFS ID 2) tokens for [EMAIL PROTECTED] [Expires Aug 13 01:18]
--End of list--
Madhusudan Singh [EMAIL PROTECTED] writes:
omega:~# pts exam 2
libprot: a pioctl failed Could not get afs tokens, running unauthenticated.
Name: , id: 2, owner: system:administrators, creator: anonymous,
membership: 1, flags: S, group quota: unlimited.
Okay. That looks fine.
When
Thanks for your response.
On Friday 19 August 2005 10:02 pm, Russ Allbery wrote:
Madhusudan Singh [EMAIL PROTECTED] writes:
omega:~# pts exam 2
libprot: a pioctl failed Could not get afs tokens, running
unauthenticated. Name: , id: 2, owner: system:administrators,
creator:
Madhusudan Singh [EMAIL PROTECTED] writes:
On Friday 19 August 2005 10:02 pm, Russ Allbery wrote:
If so, there should be a kernel message in syslog explaining why the
tokens were discarded and giving an error code. You can translate that
error code to a message with the command
Madhusudan Singh [EMAIL PROTECTED] writes:
On Friday 19 August 2005 11:28 pm, Russ Allbery wrote:
I have new instructions and new copies of the scripts if you'd like to
give them a try instead as a test. They're the ones that will be in
the next release of the Debian packages.
I would like
* Madhusudan Singh [2005-08-12 15:34:14 -0400]:
Tokens held by the Cache Manager:
User's (AFS ID 2) tokens for [EMAIL PROTECTED] [Expires Aug 13 01:18]
--End of list--
omega:~# fs setacl /afs system:anyuser rl
fs: You don't have the required access rights on '/afs'
Yet again.
Yes,
Hi
Thanks for your response.
On Saturday 13 August 2005 7:41 am, Sergio Gelato wrote:
* Madhusudan Singh [2005-08-12 15:34:14 -0400]:
Tokens held by the Cache Manager:
User's (AFS ID 2) tokens for [EMAIL PROTECTED] [Expires Aug 13 01:18]
--End of list--
omega:~# fs setacl /afs
Hi
Thanks for your patience.
On Monday 15 August 2005 12:44 pm, Sergio Gelato wrote:
* Madhusudan Singh [2005-08-15 11:26:16 -0400]:
On Saturday 13 August 2005 7:41 am, Sergio Gelato wrote:
* Madhusudan Singh [2005-08-12 15:34:14 -0400]:
Tokens held by the Cache Manager:
* Madhusudan Singh [2005-08-15 13:26:45 -0400]:
My /etc/openafs/server/KeyFile was generated using asetkey from the supplied
keytab.
How do I check what is going on there ?
asetkey list, or use Heimdal's ktutil (package heimdal-clients):
ktutil -k
Hi
On Monday 15 August 2005 2:26 pm, Sergio Gelato wrote:
* Madhusudan Singh [2005-08-15 13:26:45 -0400]:
My /etc/openafs/server/KeyFile was generated using asetkey from the
supplied keytab.
How do I check what is going on there ?
asetkey list, or use Heimdal's ktutil (package
Madhusudan Singh wrote:
I do get a key (kinit) and a token (aklog). (Checked with klist and
tokens).
Shouldn't that pretty much settle this ?
The question is:
can the key that is known to the AFS server be used to decrypt the
contents of the token the client constructs by communicating
On Monday 15 August 2005 4:57 pm, Jeffrey Altman wrote:
Madhusudan Singh wrote:
I do get a key (kinit) and a token (aklog). (Checked with klist and
tokens).
Shouldn't that pretty much settle this ?
The question is:
can the key that is known to the AFS server be used to decrypt the
One more thing -
I did not create/start kaserver as I intend to use MIT Kerberos v5
exclusively. Could that be a factor ?
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
Hi
On Wednesday 10 August 2005 1:53 pm, Sergio Gelato wrote:
* Frank Burkhardt [2005-08-10 10:51:38 +0200]:
On Tue, Aug 09, 2005 at 10:01:01PM -0400, Madhusudan Singh wrote:
I was wondering if I could ask a few questions regarding AFS setup on
Debian. I am trying to follow the
* Madhusudan Singh [2005-08-12 10:47:00 -0400]:
Why not follow the /usr/sbin/afs-newcell script that comes with Debian's
openafs-dbserver package? It's rumoured to have some problems, but they
are worth reporting. (See below.)
I am trying to get a feel of how the whole thing works, so I
Hi
Thanks for your response.
That's OK, but by follow I didn't necessarily mean run. One can also
read the script as documentation and type in the commands by hand.
Point taken.
One aspect that I found to be insufficiently documented is the need to
write your realm name in
Further developments. I decided to bypass the firewall issues for the moment,
drop the firewall, and go on to filesystem setup.
As I write this, I am logged in as root, and have the kerberos tickets and
aklog tokens of user zzz, who is the admin for the AFS server. And
omega:~# pgrep -fl afsd
On Tue, Aug 09, 2005 at 10:01:01PM -0400, Madhusudan Singh wrote:
Hi
I was wondering if I could ask a few questions regarding AFS setup on
Debian.
I am trying to follow the instructions
http://www.gentoo.org/doc/en/openafs.xml?style=printable
in a Cell A, Realm B type setup.
* Frank Burkhardt [2005-08-10 10:51:38 +0200]:
On Tue, Aug 09, 2005 at 10:01:01PM -0400, Madhusudan Singh wrote:
I was wondering if I could ask a few questions regarding AFS setup on
Debian.
I am trying to follow the instructions
Hi
I was wondering if I could ask a few questions regarding AFS setup on
Debian.
I am trying to follow the instructions
http://www.gentoo.org/doc/en/openafs.xml?style=printable
in a Cell A, Realm B type setup.
# bos setcellname omega.domain.edu omega.domain.edu -noauth
bos: failed to
47 matches
Mail list logo