Re: OpenAFS trouble
Christopher Swingley <cswingle@iarc.uaf.edu> writes:
> Here'w what happens on the client machine (enemy):
>
> cswingle@enemy:~$ tokens
>
> Tokens held by the Cache Manager:
>
> User's (AFS ID 1112) tokens for afs@frontier.iarc.uaf.edu
> --End of list--
(Are your tokens expired? When I run 'tokens', it includes an
expiration date:
{11} dmaze% tokens
Tokens held by the Cache Manager:
User's (AFS ID 2367) tokens for afs@sipb.mit.edu [Expires May 19 23:57]
User's (AFS ID 2367) tokens for afs@athena.mit.edu [Expires May 19 23:57]
--End of list--
)
> cswingle@enemy:~$ ls -al /afs/frontier/user/cswingle
> ls: /afs/frontier/user/cswingle: Permission denied
Can you peek into things that don't have restrictive permissions?
Like, /afs/frontier is probably system:anyuser rl, can you ls there?
You could also conceivably have really bizarre things going on, like
your home directory having permissions set to an IP acl; you might try
'fs la /afs/frontier/user/cswingle' from the machine that works, but
it probalby won't say anything enlightening.
> What am I missing? What did I forget to do in order to allow a client
> to access a server's volumes? Is there any useful documentation out
> there? I've looked at the IBM documentation, but it is filled with
> commands that I don't have (uss, package, kas, etc.).
...yeah, I've never used any of those; wisdom around MIT seems to be
that you probably never want to use kaserver, since a "real" KDC and
krb524d provide the same functionality.
--
David Maze dmaze@debian.org http://people.debian.org/~dmaze/
"Theoretical politics is interesting. Politicking should be illegal."
-- Abra Mitchell
Reply to: