Re: Who is responsible for Heimdal/Kerberos in FreeBSD

2012-08-03 Thread Attila Bogár 

On 02/08/12 16:04, Chris Nehren wrote:
Rather than sending repeated mails to the list (which you've already 
seen get dropped on the floor), consider using the proper channels for 
reporting bugs. Send a PR. See http://www.freebsd.org/send-pr.html for 
more information. 

Unfortunately I have to disagree with you.

I have come across 3 NFS related PR's so far, I manually patching my 
system with them against STABLE.

Let's see them:

http://www.freebsd.org/cgi/query-pr.cgi?pr=147998 - patch provided by 
the reporter, no resolution after 2 years.
http://www.freebsd.org/cgi/query-pr.cgi?pr=162009 - patch provided by 
the reporter, no resolution after 9 month
http://www.freebsd.org/cgi/query-pr.cgi?pr=164933 - I reported with a 
patch, no resolution after 6 month


Certainly I can report another PR with the problems I spotted and wait 2 
years before I get an answer, but I don't call that problem solving. Or 
can you please explain what do you mean by "proper channel"?


I can understand, that's pretty annoying (from my point SAD) that 
someone is sending problems to the mailing list and gets no hints.


However I think, it's more sad, that the freebsd developer community is 
just ignoring the patches they are sent and doesn't considers quality 
assurance.


Thanks,
  Attila

___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: Who is responsible for Heimdal/Kerberos in FreeBSD

2012-08-02 Thread Attila Bogár 

Hi Rick,

On 03/08/12 00:30, Rick Macklem wrote:
If you have the time/expertise to come up with good patches for the 
code and are willing to donate these to the project, I'd suggest you 
either post the patches or attach them to a bug report. Please 
remember that almost all work on FreeBSD is done by volunteers in 
their spare time, rick.
I reported PR164933 early this year with a patch, but unfortunately no 
one responded.


I've attached the patch against 9-STABLE now.
Please review.

I found also other problems with NFS reliability (can reproduce 
consistently) - will discuss tomorrow on freebsd-fs.


Cheers,
Attila

PS: Sorry about the language (ESL) of my letter, I'd like to contribute 
if I can.


--- usr.sbin/mountd/mountd.c.orig	2011-09-23 01:51:37.0 +0100
+++ usr.sbin/mountd/mountd.c	2012-07-03 14:51:12.0 +0100
@@ -1334,6 +1334,7 @@
 	struct xucred anon;
 	char *cp, *endcp, *dirp, *hst, *usr, *dom, savedc;
 	int len, has_host, exflags, got_nondir, dirplen, netgrp;
+	int xx_numsecflavors, xx_secflavors[MAXSECFLAVORS];
 
 	v4root_phase = 0;
 	dirhead = (struct dirlist *)NULL;
@@ -1355,6 +1356,7 @@
 		opt_flags = 0;
 		ep = (struct exportlist *)NULL;
 		dirp = NULL;
+		xx_numsecflavors = 0;
 
 		/*
 		 * Handle the V4 root dir.
@@ -1463,10 +1465,15 @@
 		  "making new ep fs=0x%x,0x%x",
 		  fsb.f_fsid.val[0],
 		  fsb.f_fsid.val[1]);
-	} else if (debug)
+	} else {
+   	if (debug)
 	warnx("found ep fs=0x%x,0x%x",
 		fsb.f_fsid.val[0],
 		fsb.f_fsid.val[1]);
+	xx_numsecflavors = ep->ex_numsecflavors;
+bcopy(ep->ex_secflavors, &xx_secflavors, sizeof(int)*xx_numsecflavors);
+	}
+
 }
 
 /*
@@ -1593,6 +1600,17 @@
 		}
 
 		/*
+		 * Merge security flavours
+		 */
+		int ci, cj;
+		for(ci=0; ciex_numsecflavors && xx_secflavors[ci]!=ep->ex_secflavors[cj];cj++);
+			if (cj==ep->ex_numsecflavors) {
+ep->ex_secflavors[ep->ex_numsecflavors++] = xx_secflavors[ci];
+			}
+		}
+
+		/*
 		 * Success. Update the data structures.
 		 */
 		if (has_host) {
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Who is responsible for Heimdal/Kerberos in FreeBSD

2012-08-02 Thread Attila Bogár 

Hello,

I'm repeating my last month request.

Who is responsible for Heimdal/Kerberos or GSSAPI/NFS in FreeBSD?

I got a working NFSv3/Kerberos over UDP for EL6 nfs clients, but 
suddenly I'm experiencing NFS I/O errors on high load/small files, which 
I think are due to the buggy/old heimdal in FreeBSD.


NFS+Kerberos with EL6 over TCP is broken anyway.

Attila
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: new Heimdal version, was NFSv3 + krb5 mysteries - need help tracking down

2012-07-04 Thread Attila Bogár 

Hi Rick,

On 30/06/12 00:48, Rick Macklem wrote:

Maybe the person working on the newer Heimdal can comment?
(I've changed the subject line so they might notice.)

Can you give me a contact?
He/she might not have noticed your subject change.

Thanks,
Attila

___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

NFSv3 + krb5 mysteries - need help tracking down

2012-06-29 Thread Attila Bogár 

Hi,

I have a FreeBSD 9-STABLE acting as a kerberized NFSv3 server.

server# ktutil list
FILE:/etc/krb5.keytab:

Vno  Type Principal
  5  aes256-cts-hmac-sha1-96 nfs/server.linguamatics@linguamatics.com
  5  des3-cbc-sha1 nfs/server.linguamatics@linguamatics.com
  5  arcfour-hmac-md5 nfs/server.linguamatics@linguamatics.com

ntp in sync everywhere

The network is a lagg device composed of two bce interfaces (an add-in 
card).


-- 8< [nfstest.sh] --
#!/bin/bash

i=0
fail=0
while [ $i -lt 100 ]
do
  i=$[i+1]
  echo "RUN: $i"
  umount -f /mnt
  sleep 1
  mount -v -o sec=krb5i,vers=3,proto=tcp server:/export/share /mnt || fail
=$[fail+1]
done
echo "$fail times failed"
-- 8< --

centos62# ./nfstest.sh
54 times failed

ubuntu1204# ./nfstest.sh
98 times failed

ubuntu1104# ./nfstest.sh
0 times failed

centos58# ./nfstest.sh
0 times failed

I started rpc.gssd -v on all linux clients.

The clients which did not fail are using gssapi v1 with DES.
Jun 29 18:17:41 centos58 rpc.gssd[1452]: prepare_krb5_rfc1964_buffer: 
serializing keys with enctype 4 and length 8
Jun 29 18:04:36 ubuntu1104 rpc.gssd[911]: prepare_krb5_rfc1964_buffer: 
serializing keys with enctype 4 and length 8

The failing clients are using the newer gssapi v2 with AES256.
Jun 29 17:59:37 ubuntu1204 rpc.gssd[756]: prepare_krb5_rfc4121_buffer: 
serializing key with enctype 18 and size 32
Jun 29 17:55:48 centos62 rpc.gssd[1183]: prepare_krb5_rfc4121_buffer: 
serializing key with enctype 18 and size 32


Note the different RFC being used.  This is just a suspicion, this may 
not be realted to the problem.

The cipher being used is different too.

Then I changed my script to proto=udp.
from ubuntu1104 fails 0 times.
from centos62 fails 0 times.

On centos58 and ubuntu1204 mount locks up all the time.

Then I added to krb5.conf [libdefaults]
default_tgs_enctypes = dec-cbc-crc and rebooted both centos58 and 
ubuntu1204.


After rebooting centos56 and ubuntu1204:

nfstest fails 0 times on centos58 with udp
I get very long response times for ubuntu1204 mounts and always a 
permission denied.


This is a mystery.

I have not tested NFSv4 yet.

I need some help to track down this problem.

Attila

PS: This may be the same problem as this thread:
http://lists.freebsd.org/pipermail/freebsd-stable/2012-June/068619.html

___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: How to set tape parameters on freebsd?

2011-03-25 Thread Attila Bogár 

Hi Trond,

On 25/03/11 15:28, Trond Endrestøl wrote:

Have you tried using /dev/sa0.ctl? E.g.: mt -f /dev/sa0.ctl comp off

Thanks for your answer!
I can confirm, that mt -f /dev/sa0.ctl comp off just works without the 
tape cartdridge loaded.


I'm currently using the same approach that you use (mt before amdump), 
though setting it up only once at boot looks me a cleaner solution 
(unless the drive resets for some reason (electrocity or sas cable) stuff).


Thanks,
  Attila

___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

How to set tape parameters on freebsd?

2011-03-25 Thread Attila Bogár 

Dear FreeBSD list,

I'm currently using FreeBSD on my backup server (w/ Amanda).

I'm wondering if exists out there a utility for setting tape parameters 
(during boot).


Linux had /sbin/stinit and /etc/stinit.def.
Is there something similar for FreeBSD?

Another problem I'm experiencing is:
During power cycling, the controller resets the tape drives the drives 
eject the tape.
If I use 'mt -f /dev/nsa0 comp off' in a boot script it fails with an 
error tape drive not configured.
Is there a pretty solution for this or you just put mt into a loop until 
it succeeds?


Is there a way pushing compression and block size parameters to the sa 
driver?
I've already RTFM sa(8) and checked sysctl settings and I couldn't find 
the answer.


Thanks for your constructive comments in advance,

   Attila

___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"