arla on Mac OS Tiger
Jacques Goldberg
Jacques.Goldberg at cern.ch
Sun Oct 23 20:20:36 CEST 2005
Torsten
Port 7001 should be open . This is the standard OpenAFS convention.
Torsten Harenberg wrote:
> Hi Tomas, Love, Jacques et al.,
>
> Tomas Olsson wrote:
>
>> Also, Afslog.app defaults (as does heimdal) to using the file-based
>> credential cache. The easiest way to get tickets is probably using
>> /usr/arla/bin/kinit from the package.
>>
>> Torsten Harenberg <harenberg at physik.uni-wuppertal.de> writes:
>>
>>> [Torsten-Harenbergs-PowerBook:~] harenber% kinit -f harenber at CERN.CH
>
>
> [...]
>
>> That should have been fine, especially if you used /usr/arla/bin/kinit.
>>
>
> arghh.. it was a little late maybe, so I cutted the "wrong" information
> out of my terminal.
>
> See below...
>
>> But it's probably right. You need to get details on CERN.CH kerberos
>> servers, which is usually done in /etc/krb5.conf or proper dns
>> records. Ask
>> CERN about that. If they are still using krb4 or kaserver tell them to
>> upgrade (and try /usr/arla/bin/kalog, it may still work).
>
>
> So I guess this the problem.
>
> What I did:
>
> Some google'ing took me to:
>
> http://jdurand.home.cern.ch/jdurand/knoppix.html
>
> He quotes this information has to be entered:
>
> % cat /etc/krb.conf
> CERN.CH
> CERN.CH afsdb1.cern.ch
> CERN.CH afsdb3.cern.ch
> CERN.CH afsdb2.cern.ch
> CASPUR.IT pomodoro.caspur.it
> CASPUR.IT banana.caspur.it
> CASPUR.IT maslo.caspur.it
> INFN.IT afs1.infn.it
> INFN.IT afs2.infn.it
> INFN.IT afs3.infn.it
> AFS1.SCRI.FSU.EDU afs1.scri.fsu.edu
> DESY.DE aixsr2.desy.de
> DESY.DE rikki.desy.de
> DESY.DE shiva.desy.de
> % cat /etc/krb5.conf
> [libdefaults]
> default_realm = CERN.CH
> default_etypes = des-cbc-crc
> default_etypes_des = des-cbc-crc
> ticket_lifetime = 90000
> renew_lifetime = 1209600
> [realms]
> CERN.CH = {
> kdc = afsmisc2.cern.ch afsmisc1.cern.ch
> admin_server = afskrb5m.cern.ch
> kpasswd_server = afskrb5m.cern.ch
> default_domain = cern.ch
> v4_name_convert = {
> host = {
> rcmd = host
> ftp = ftp
> imap = imap
> }
> }
> }
> [domain_realm]
> .cern.ch = CERN.CH
> [kadmin]
> default_keys = v4 v5
> [kdc]
> enable-kerberos4 = yes
> enable-kaserver = yes
>
> This ends up in:
>
> [Torsten-Harenbergs-PowerBook:/etc] harenber% /usr/arla/bin/kinit -4 -f
> harenber at CERN.CH
> harenber at CERN.CH's Password:
> kinit: krb5_get_init_creds: unable to reach any KDC in realm CERN.CH
>
> *BUT*
>
> I have a DSL line at home with a router which does NAT (*argh*). I
> looked into a netstat -f inet while waiting for kinit:
>
> Proto Recv-Q Send-Q Local Address Foreign Address (state)
> tcp4 0 0 localhost.netinfo-loca localhost.1010 ESTABLISHED
> tcp4 0 0 localhost.1010 localhost.netinfo-loca
> ESTABLISHED
> tcp4 0 0 localhost.netinfo-loca localhost.1021 ESTABLISHED
> tcp4 0 0 localhost.1021 localhost.netinfo-loca
> ESTABLISHED
> udp4 0 0 192.168.100.201.49326 afsmisc1.cern.ch.kerbe
> udp4 0 0 192.168.2.100.49280 *.*
> [...]
>
> This looks okay to me, but I don't know if there have to be any ports
> opened in the router's internal firewall. Looking at the arla doc I
> didn't found any information about this, but I'm pretty sure some of you
> will know.
>
>
>> Are there any public parts of /afs/cern.ch that you can access? Do we
>> have
>> any cern related people on the list?
>
>
> Yes, I can see public areas:
>
> [Torsten-Harenbergs-PowerBook:~] harenber% ls /afs/cern.ch/atlas
> commissioning i386_linux22 man project users
> ftp i386_linux24 maxidisk rlprod utilities
> groups i386_redhat51 mbone scripts www
> hp700_ux90 licensed misc software
> hp_ux102 logs offline testbeam
>
> So the entries in CellServDB seem to be correct:
>
> [Torsten-Harenbergs-PowerBook:/usr/arla/etc] harenber% grep -i cern
> CellServDB
> >cern.ch #European Laboratory for Particle Physics, Geneva
> 137.138.128.148 #afsdb1.cern.ch
> 137.138.246.50 #afsdb3.cern.ch
> 137.138.246.51 #afsdb2.cern.ch
>
> Any hint is very much appreciated!!!
>
> Best regards,
>
> Torsten
>
>
More information about the Arla-drinkers
mailing list