[HCoop-Help] "aklog: can't get afs configuration"

Zrajm C Akfohg zrajmc at gmail.com
Sat Apr 4 09:21:46 EDT 2009 

On Sat, Apr 4, 2009 at 12:42 PM, Davor Ocelic <docelic at hcoop.net> wrote:
>>
>> Now, when running kinit and aklog I get:
>>
>> $ kinit zrajm at HCOOP.NET
>> zrajm at HCOOP.NET's Password:
>> $ aklog
>> aklog: unable to obtain tokens for cell hcoop.net (status: 11862788).
>
> Okay, so kinit worked, which you can check with klist -5.

To me klist -5 speaks thusly:

Credentials cache: FILE:/tmp/krb5cc_1000
        Principal: zrajm at HCOOP.NET

  Issued           Expires          Principal
Apr  4 15:02:46  Apr  5 01:02:46  krbtgt/HCOOP.NET at HCOOP.NET
Apr  4 15:03:00  Apr  5 01:02:46  afs/hcoop.net at HCOOP.NET

> Aklog didn't, due to the following problem:
>
>>     DB server host names for your home cell:
>>
>> (I answered: "lal" -- the name of my machine as returned by "uname
>> -n")
>
> Here you need to say deleuze.hcoop.net.

I see. I took your advice did the following.

> Run dpkg-reconfigure openafs-client, adjust the answers per
> above and it should work.

But that didn't give me the option of changing "DB server host". So I
grepped through /etc/openafs/*, found it mentioned in
/etc/openafs/CellServDB (with ip 127.0.0.1) and changed those lines to
the same as on mire.hcoop.net i.e.

>hcoop.net
69.90.123.67            # deleuze.hcoop.net
69.90.123.70            # krunk.hcoop.net

>>     Run Openafs client now and at boot?
>>
>>        <Yes>                                       <No>
>
> You can say Yes here. The No option was provided for cases when
> you're not installing a new server and don't want to start the
> client before server is configured.

I'll do that when everything seems to work then. :)

> Running command 'tokens' should list your AFS tokens, in the
> same way klist -5 does for kerberos tickets.
>
> Tell us how it goes.

Even with the above changes I'm still unable to run "aklog", still getting:

# aklog
aklog: unable to obtain tokens for cell hcoop.net (status: 11862788).

When running "tokens" I just get an empty list:

# tokens

Tokens held by the Cache Manager:

   --End of list--

However "klist -T" tells a different story:

# klist -T
Credentials cache: FILE:/tmp/krb5cc_1000
        Principal: zrajm at HCOOP.NET

  Issued           Expires          Principal
Apr  4 15:02:46  Apr  5 01:02:46  krbtgt/HCOOP.NET at HCOOP.NET
Apr  4 15:03:00  Apr  5 01:02:46  afs/hcoop.net at HCOOP.NET

So I can get an afs token when initially running kinit, if I
understand this right (and if I didn't I assume I would be totally
unable to write anything to the filesystem on hcoop)?

But from what I understand I should also (but can't, yet) be able to
run "aklog" to get older connections (and re-attached screen sessions)
to "live" (i.e. be able to write to the file system) again?

/zrajm

P.S. Sorry if I appear dense, but I'm completely new to this
kerberos/afs stuff. Many thanx for your advice and patience. It is
very much appreciated.

-- 
  Zrajm C Akfohg   Mobil: 076-211 50 43   E-post: zrajm at klingonska.org
  Villav.33, 2tr   Telefon: 018-500 911   http://zrajm.klingonska.org/
  Upsala, Sweden   ICQ-nummer: 16769663   voDleH Hol DajatlhlaH'a' je?

More information about the HCoop-Help mailing list