arlad configuration

mc@hack.org mc at hack.org
Wed Aug 9 20:22:30 CEST 2000 

I'm playing around with Arla and kth-krb on a few machines and I'm
having trouble making it work. I guess this is a naive question, but
please bear with me. I haven't found any answer in the FAQ or in the
mailing list archives.

I snarfed arla 0.34.1 and the latest kth-krb. I compiled them on
Debian GNU/Linux systems with a 2.2.16 kernel and glibc 2.1 running on
Intel.

I read through some manuals and filled in /etc/krb.conf like this:

  STACKEN.KTH.SE
  STACKEN.KTH.SE	kerberos.stacken.kth.se admin server

and krb.realms like this:

  .stacken.kth.se	STACKEN.KTH.SE

Yes, I do have an account at Stacken. I got a bit confused about what
to keep in krb.conf since the FAQ seemed to say I should list the AFS
servers. Just to check I tried to use the three servers listed in
CellServDB for stacken.kth.se, but that only made my principal
unknown.

With the setup above I can use kinit or kauth at will and I get a
ticket just fine. I can use a Kerberized telnet to get into machines
at Stacken.

If I load the xfs module, start arlad and try to mount /afs with

  mount -t xfs arla /afs

it just hangs there.

I I start arlad with -t, I get:

  /usr/arla/bin/arlad -t
  hipri was 3 actually 0
  hipri was 3 actually 1
  hipri was 3 actually 1
  hipri was 3 actually 1
  hipri was 3 actually 1
  Wed Aug  9 19:38:10 2000: arlad: getting ticket for stacken.kth.se: No ticket file (tf_util)
  Wed Aug  9 19:38:10 2000: arlad: Lost connection to 130.237.237.230/afs3-vlserver
  Wed Aug  9 19:38:10 2000: arlad: Lost connection to 130.237.234.3/afs3-vlserver
  Wed Aug  9 19:38:10 2000: arlad: Lost connection to 130.237.234.43/afs3-vlserver
  Wed Aug  9 19:38:10 2000: arlad: Failed to contact any db servers in cell 221(stacken.kth.se)
  Wed Aug  9 19:38:10 2000: arlad: Cannot find the root volume (root.afs) in cell stacken.kth.se

I figured it all had something to do with the machine hiding on a
local network behind a NAT, so I tried it on a clean, non-firewalled
connection, but I got the same results.

I messed about with arlad and tried to restart it differently. If I
added -n, to prevent it from forking in to daemon mode, it suddenly
seemed to work after a bunch of these:

Wed Aug  9 20:04:21 2000: arlad: Failed to contact any db servers in cell 221(stacken.kth.se)

but then, suddenly:

Wed Aug  9 20:04:54 2000: arlad: Server 130.237.234.3/afs3-vlserver up again
Wed Aug  9 20:04:54 2000: arlad: running pinger
Wed Aug  9 20:04:54 2000: arlad: pinger: probing 130.237.234.43/afs3-vlserver
Wed Aug  9 20:04:54 2000: arlad: Server 130.237.234.43/afs3-vlserver up again
Wed Aug  9 20:04:54 2000: arlad: running pinger
Wed Aug  9 20:04:54 2000: arlad: pinger: probing 130.237.237.230/afs3-vlserver
Wed Aug  9 20:04:54 2000: arlad: Server 130.237.237.230/afs3-vlserver up again
Wed Aug  9 20:04:54 2000: arlad: running pinger
Wed Aug  9 20:05:02 2000: arlad: pre-created 4000 nodes

I tried mounting the AFS space and then, as myself, mc, I did:

  dingo:~ $ kauth
  mc at STACKEN.KTH.SE's Password:

but then, when I checked, klist didn't list any AFS tokens:

  dingo:~ $ klist -T
  Ticket file:    /tmp/tkt1000
  Principal:      mc at STACKEN.KTH.SE

    Issued           Expires          Principal
  Aug  9 20:07:57  Aug 10 06:07:57  krbtgt.STACKEN.KTH.SE at STACKEN.KTH.SE

  AFS tokens:

I tried a simple

  dingo:~ $ cd /afs/stacken.kth.se/home/mc

and it blocked.

The arlad daemon said

Wed Aug  9 20:09:15 2000: arlad: Rec message: opcode = 4 (getnode), size = 296
Wed Aug  9 20:09:15 2000: arlad: getnode (221.536870913.1.1) "stacken.kth.se"
Wed Aug  9 20:09:15 2000: arlad: read_data

and my tcpdump showed UDP traffic from my host to
fishburger.stacken.kth.se, but nothing coming back.

I have tried several times, unmounting /afs, stopping arlad, removing
xfs and trying it all over again, first with arlad -t, with the same
result as above.

Everytime I repeat

  arlad --debug=all,-cleaner -n

I get things to seemingly work, until I try to _do_ something, like cd
into a directory. Sometimes I actually get it to work for a while, so
I can move around and look at some files. However, I don't seem to be
identified as myself, since I can't actually do something like "touch
foo" in my home directory at Stacken.

I realize that I most likely have done something terribly wrong, but I
would be very grateful if someone could point me in the right
direction.

--
Baron Rev. Dr. Georg Mikael "MC" von Cardell, Scientific Goth
Temple of the Moby Hack
!sirE laiH

More information about the Arla-drinkers mailing list