After doing a lot of reading online, I’ve finally built a new OpenAFS cell in my home network. This involved reading piles of terribly out-of-date documentation and HOWTO’s, and a lot of frustration on my part. I help administer OpenAFS at work, but I’d never set up a new cell before, and the process of working out the right Kerberos keys and setting up the servers with bos were throwing me for a loop.

Eventually, I found the guides hosted on spinlocksolutions.com, which have a very clear walkthrough, with up-to-date explanations on how to setup a Debian-based OpenAFS cell, as well as a Kerberos 5 domain and an OpenLDAP server. They can be used with Ubuntu Server almost without alteration. This is good, as I have a passing knowledge of Ubuntu from previous projects.

However, there were two gotchas I ran into when doing an install with Ubuntu Server:

1. The Ubuntu installer had added my FQDN to /etc/hosts with an IP address of 127.0.2.1, which makes the afs-newcell script lose it’s mind when trying to create the CellServeDB entry it needs.
2. The Ubuntu apt-get delivered copy of the afs-newcell perl script has an error in it, that it doesn’t add the -noauth flag when creating the dafs server. You will see errors about not having permissions to create the dafs server. Simply edit the script and add the ‘-noauth’ flag.

Once afs-newcell runs properly, everything else goes exactly according to the documentation – afs-rootcell creates things as it’s supposed to, and the various Debian/Ubuntu packages to configure PAM work as expected.