Because the instructions in Debian are a bit out of date I put here a quick summary of how to setup a new OpenAFS cell. This instructions complements the existing documentation and add some interesting bits for debug.First setup the kerberos client, we use in this example the MIT implementation:
apt install krb5-user
The install the fileserver software including the aklog command:
apt install openafs-dbserver openafs-fileserver openafs-krb5
Get a keytab to authenticate your OpenAFS servers:
kadmin.local addprinc -randkey -e aes256-cts-hmac-sha1-96 afs/cell-name ktadd -k /root/afs.keytab afs/cell-name getprinc afs/cell-name quit
Copy this keytab into you first server:
scp afs.keytab afs01:
Move the keytab into the final place:
mv afs.keytab /etc/openafs/server/rxkad.keytab chown root: /etc/openafs/server/rxkad.keytab
To workaround a bug on afs-newcell:
touch /etc/openafs/server/KeyFile
Check if you mounted the /vicepa:
df -h /vicepa
Bootstrap:
afs-newcell
If something goes wrong you can to debug the aklog command with:
KRB5_TRACE=/dev/stdout aklog -d