Re: [OpenAFS] non-kerberos authentication mechanisms for afs?
Sounds like you want gssklog, where you can convert any GSS credential (i.e., X.509 and/or some new PGP-based GSS mech) to obtain AFS tokens. -derek Sergio Gelato <[EMAIL PROTECTED]> writes: > * Adam Megacz [2005-03-19 00:42:44 -0800]: >> My only gripe with Kerberos is that two non-admin users can't set up a >> trust/permissions relationship without involving their kerberos admins >> (ie adding principals), or having a kerberos server in the first >> place. Sometimes the former just isn't possible (paranoid sysadmins >> won't create principals because they think it's a "security risk"). > > I'd call it an "administrative burden" rather than a "security risk". > >> What I'd like to do is create some ugly hack that allows you to use an >> OpenPGP key fingerprint in an ACL. > > Let's generalise a little bit and talk about PKI-based authentication > (not necessarily PGP; other kinds of public keys will do just as well). > I'd want to use the full public key rather than the fingerprint. > >> The goal here is to have a single, worldwide namespace (openpgp >> fingerprints) for authentication the same way we have a single, >> worldwide namespace for file paths (/afs). > > Kerberos 5 already provides a single namespace for principals. The trouble > (from your point of view) is that trust is a matter of realm policy, with > the end user being constrained by administrative fiat. So you're proposing > a mechanism for users to (effectively) register their own principals. One > way to do it within a Kerberos framework would be to give each user his/her > own realm to administer and establish a trust relationship with it. (No, > I don't advocate actually doing this, at least not on a large scale; > I only mention it as a possibility.) > >> Clearly this would require a lot of changes on both the client and >> server side. > > Maybe not much more than what is already needed to support GSSAPI in > OpenAFS 2.0. > >> I'm wondering if it's easier to set up a "kerberos to >> pgp proxy" that will pretend to have an instance for any keyprint you >> choose, and will issue you a tgt if you can prove that you hold the >> private key. Then it would just be a matter of writing this "fake >> kerberos server". > > Hasn't Microsoft been working on something like this? (Not to forget the > proponents of tools like gssklog...) Anyway, I think it's clear that the > exact same problem would need to be addressed for, say, NFSv4, so it > deserves to be solved at the Kerberos/GSSAPI level rather than within > AFS itself. > ___ > OpenAFS-info mailing list > OpenAFS-info@openafs.org > https://lists.openafs.org/mailman/listinfo/openafs-info > > -- Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) URL: http://web.mit.edu/warlord/PP-ASEL-IA N1NWH [EMAIL PROTECTED]PGP key available ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] repeated failed volume move operation
Hi, Here's some more info from the logs. The command was run as [EMAIL PROTECTED] vos move sata.vol fs1 vicepc fs2 vicepc -local -verbose from the VolserLog on fs2(destination): Tue Mar 22 06:21:08 2005 trans 36 on volume 536870924 is older than 40560 seconds Tue Mar 22 06:21:20 2005 1 Volser: ReadVnodes: Restore aborted ...Many more Trans 37 on volume 536870924 is older than messages Tue Mar 22 06:49:09 2005 trans 37 on volume 536870924 is older than 1650 seconds Tue Mar 22 06:49:27 2005 1 Volser: Delete: volume 536870924 deleted from the VolserLog on fs1(source): Mon Mar 21 17:59:44 2005 1 Volser: Clone: Cloning volume 536870924 to new volume 536870954 ... Tue Mar 22 06:20:12 2005 1 Volser: DumpVolume: Rx call failed during dump, error 1492325122 Tue Mar 22 07:45:58 2005 1 Volser: Delete: volume 536870954 deleted Jeffrey Hutzelman wrote: Tue Mar 22 07:45:36 2005 trans 38 on volume 536870954 is older than 3420 seconds That's normal; it's just being chatty. Tue Mar 22 07:45:58 2005 1 Volser: Delete: volume 536870954 deleted Also normal; this is the move clone being deleted. VOLSER: Problems encountered in doing the dump ! This is src/volser/vsprocs.c:PrintError()'s rendition of VOLSERDUMPERROR. What it generally means is that the source volserver ran into an error writing into the network channel between the two servers. That is most likely the result of the call having been aborted on the destination server for some reason. Have you looked in the VolserLog on that server? -- Jeffrey T. Hutzelman (N3NHS) <[EMAIL PROTECTED]> Sr. Research Systems Programmer School of Computer Science - Research Computing Facility Carnegie Mellon University - Pittsburgh, PA ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Question about append-only directories and ownership of files
On Tue, 22 Mar 2005, Bob Cook wrote: On Monday, March 21, 2005, Todd Lewis wrote: Not quite. The owner of a directory has implied administrator rights in that directory. On Tuesday March 22, 2005, Kim Kimball wrote: You're right of course about the directory ownership. Although it's getting a bit far afield from the original topic, I'd just like to point out that, although Todd is right about the behavior, Derrick Brashear acknowledged at last year's Best Practices workshop that the behavior is a bug. The intent was that the owner of the top directory in a volume have implicit admin rights in the volume, but not that the owner of each directory have such rights in "their" directories. (Derrick: Any guess as to when this will be fixed? It looks like people are getting used to it, which I would claim is a not-good thing!) IIRC it's been fixed in 1.3 for months. ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] repeated ailed volume move operation
On Tuesday, March 22, 2005 08:54:20 AM -0800 Gabe ListAccount <[EMAIL PROTECTED]> wrote: Tue Mar 22 07:45:36 2005 trans 38 on volume 536870954 is older than 3420 seconds That's normal; it's just being chatty. Tue Mar 22 07:45:58 2005 1 Volser: Delete: volume 536870954 deleted Also normal; this is the move clone being deleted. VOLSER: Problems encountered in doing the dump ! This is src/volser/vsprocs.c:PrintError()'s rendition of VOLSERDUMPERROR. What it generally means is that the source volserver ran into an error writing into the network channel between the two servers. That is most likely the result of the call having been aborted on the destination server for some reason. Have you looked in the VolserLog on that server? -- Jeffrey T. Hutzelman (N3NHS) <[EMAIL PROTECTED]> Sr. Research Systems Programmer School of Computer Science - Research Computing Facility Carnegie Mellon University - Pittsburgh, PA ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] 1.3.80 linux 2.6 build- & runtime problems
On Tuesday, March 22, 2005 04:54:52 PM +0100 Stephan Wiesand <[EMAIL PROTECTED]> wrote: On Tue, 22 Mar 2005, Derrick J Brashear wrote: On Tue, 22 Mar 2005, Stephan Wiesand wrote: On an EL4-respin, "configure; make dest_only_libafs" (and any other target involving building the kernel module, transarc paths or not, and also when specifying the sysname and path to kernel sources) grinds to a halt with something like make[4]: Entering directory `/tmp/openafs/openafs-1.3.80/src/libafs/MODLOAD-2.6.9-5.0.3.ELsmp-MP' Makefile.common:51: warning: overriding commands for target `.c.o' /tmp/openafs/openafs-1.3.80/src/config/Makefile.config:132: warning: ignoring old commands for target `.c.o' env EXTRA_CFLAGS="" ./make_kbuild_makefile.pl MODLOAD-2.6.9-5.0.3.ELsmp-MP libafs.ko /tmp/openafs/openafs-1.3.80/src/config/Makefile.config Makefile.afs Makefile.common env: ./make_kbuild_makefile.pl: No such file or directory I bet that was DELTA linux-libafs-makefileproto-call-kbuild-correctly-20050320 AUTHOR [EMAIL PROTECTED] FIXES 17972 call the script directly out of srcdir instead of looking elsewhere which I think means the script can end up being called from 2 different places. sigh. That's what I guessed, but simply backing out this one-liner won't help either. There's a correct fix, which I mentioned in a thread on openafs-devel. I'll get it in to -bugs later, if Derrick doesn't pluck it out of zephyr or off of the mailing list. -- Jeff ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Question about append-only directories and ownership of files
On Monday, March 21, 2005, Todd Lewis wrote: >> Not quite. The owner of a directory has implied administrator >> rights in that directory. On Tuesday March 22, 2005, Kim Kimball wrote: >You're right of course about the directory ownership. Although it's getting a bit far afield from the original topic, I'd just like to point out that, although Todd is right about the behavior, Derrick Brashear acknowledged at last year's Best Practices workshop that the behavior is a bug. The intent was that the owner of the top directory in a volume have implicit admin rights in the volume, but not that the owner of each directory have such rights in "their" directories. (Derrick: Any guess as to when this will be fixed? It looks like people are getting used to it, which I would claim is a not-good thing!) ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Problems with 1.3.80 on Windows - crash
On Tue, 2005-03-22 at 15:29 -0500, Jeffrey Altman wrote: > Lars Delhage wrote: > > > Well... it works, but with integrated login I still get an error > > message: "Integrated login failed: Unknown code è7294". It does work > > despite this message, I get a token and everything is fine, but it's a > > bit annoying. Any suggestions? > > Can you turn on logging for the integrated login and provide information > on what is failing on your system? > > > Regkey: > [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] > > Value : TraceOption > Type : DWORD {0, 1, 2, 3} > Default : 0 > >Enables logging of debug output to the Windows Event Log. >Bit 0 enables logging of "Logon Events" processed by the Network Provider >and Winlogon Event Notification Handler. >Bit 1 enables logging of events captured by the AFS Client Service. OK, here it is, in reverse chronological order. The first (actually last) entry is from TransarcAFSDaemon, the rest from AFS Logon: ID Log message 0-A -M -N -Q 0 Exit 1008Integrated login failed: Unknown code è7295 0 while loop exited 0 KFW_AFS_get_cred [EMAIL PROTECTED] smbname=[admin\lasse] cell=[] code=[-1] 0 KFW_AFS_get_cred [EMAIL PROTECTED] smbname=[admin\lasse] cell=[MZ] code=[-1] 0 KFW_AFS_get_cred uname=[lasse] smbname=[admin\lasse] cell=[int.nohup.se] code=[0] 0 while(TRUE) LogonOption[1], Service AutoStart[1] 0 Cell is int.nohup.se 0 About to call cm_GetRootCellName() 0 LogonOption[1], Service AutoStart[1] 0 Got logon script: (null) 0 Looking up TheseCells 0 Looking up logon script 0 PLSD username[lasse] domain[ADMIN] 0 opt->sleepInterval being set to default 0 opt->retryInterval being set to default 0 dwDummy being set to default 0 opt->LogonOption found in hkNp with type [4] 0 Not opening domain key for [LOCALHOST] 0 GetDomainLogonOptions: Can't open Domains key [2] 0 In GetDomainLogonOptions for user [lasse] in domain [ADMIN] Despite the 1008 message the integrated logon actually works, that's the strange thing... Cheers, Lars -- Lars Delhage, Nohup AB tel: +46-8-458 78 15, mob: +46-70-781 60 69 http://www.nohup.se GnuPG fingerprint: 4E08 4F49 213A 0B38 95AF 0F65 B77B B16B 5694 92FE signature.asc Description: This is a digitally signed message part
Re: [OpenAFS] Heartbeat + DRBD + OpenAFS, any suggestions?
On Tuesday, March 22, 2005 04:05:31 PM -0500 Kyle Moffett <[EMAIL PROTECTED]> wrote: On Mar 22, 2005, at 15:37, Jeffrey Hutzelman wrote: The bosserver will look for a file named SALVAGE.xxx in AFSDIR_LOCAL_DIR, where xxx is the name of the fileserver bnode. If this file exists, the salvager will be run before the fileserver is started for the first time. I don't suppose there is a way to force a salvage of _only_ one partition before restarting the fileserver, so that the users whose homedirs were on /vicepa won't have any loss of service while the server salvages /vicepb? Well, in theory, you could run the salvager by hand on that partition. I'd be a little concerned about something happening that would cause the fileserver or volserver to start doing things to that partition, like a fileserver restart or someone trying to create a volume there. In the course of a conversation last night, I think we came to the conclusion that it would be fairly easy to add enough locking to make this safe. So, who's up to writing a journaled OpenAFS backend for version 1.6? :-D A fine idea. Let us know when you've found a sucker^H^H^H^H^H^Hvolunteer. -- Jeff ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Oracle Databases...
On Mar 22, 2005, at 9:24 AM, Dexter 'Kim' Kimball wrote: The backend storage for an Oracle database is highly specialized, performance-critical, and cannot be shared among multiple servers. Thus, it is not a good candidate for storage in _any_ remote or distributed filesystem, including AFS. Now that's a definitive response. But wrong: clustered Oracle 9i and 10g (aka RAC) *require* filesystems shared between multiple servers. The solutions support by Oracle are SAN based clustered filesystems (like. Veritas Cluster Filesystem on Solaris, or Oracle's own OCFS on Linux) or clustered NFS servers (NetApp or EMC Celerra filers). The backend storage for Oracle databases is not highly specialized - general purpose SAN or NAS devices are all that is needed (although high performance databases need high-end devices and tightly controlled and optimized volume layouts). Scotty -- Scotty Logan <[EMAIL PROTECTED]> Information Technology Systems and Services, Stanford University ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Heartbeat + DRBD + OpenAFS, any suggestions?
On Monday, March 21, 2005 07:17:41 PM -0500 Kyle Moffett <[EMAIL PROTECTED]> wrote: - The bosserver can tell when the fileserver has not shut down cleanly, and will force a full salvage of all partitions in that case. However, it cannot tell when a particular partition was last used on a fileserver that was shut down uncleanly. So, if you want the salvage to happen, you will need to trigger it manually. Note that a full-partition salvage will normally require shutting down the fileserver. Ok, this I can handle. However, I have one more question. Since DRBD already does my unclean-shutdown detection for me, I don't want the fileserver to force a salvage in the following circumstance: Server A Server B [Running] [Running] [Dies] [Takes over /vicepa] [Salvages /vicepa] [Started] [Takes over /vicepa] [Salvages everything] <== This is a duplicate Is there any file I can delete before starting the bosserver to indicate that all filesystems it finds are already clean? The bosserver will look for a file named SALVAGE.xxx in AFSDIR_LOCAL_DIR, where xxx is the name of the fileserver bnode. If this file exists, the salvager will be run before the fileserver is started for the first time. The file is created automatically (by the bosserver) when the fileserver is started, and removed when it exists cleanly. The salvager also runs any time the fileserver exits with an error. If you followed the standard configuration, xxx is 'fs'. If you used --enable-transarc-paths, AFSDIR_LOCAL_DIR is /usr/afs/local; otherwise it is normally ${localstatedir}/openafs. Be careful not to introduce a race condition where the salvage does not occur if A comes back to life before B finishes taking over, or if both servers die and reboot. -- Jeff ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Problems with 1.3.80 on Windows - crash
Lars Delhage wrote: Well... it works, but with integrated login I still get an error message: "Integrated login failed: Unknown code è7294". It does work despite this message, I get a token and everything is fine, but it's a bit annoying. Any suggestions? Can you turn on logging for the integrated login and provide information on what is failing on your system? Regkey: [HKLM\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters] Value : TraceOption Type : DWORD {0, 1, 2, 3} Default : 0 Enables logging of debug output to the Windows Event Log. Bit 0 enables logging of "Logon Events" processed by the Network Provider and Winlogon Event Notification Handler. Bit 1 enables logging of events captured by the AFS Client Service. smime.p7s Description: S/MIME Cryptographic Signature
Re: [OpenAFS] error on installing windows exe (8800)
You are running the OpenAFS Server on Windows? This functionality is not tested and is considered by me to be experimental. I would recommend returning to the version which worked for you if this one does not. Jeffrey Altman Jordi Haarman wrote: I am probably doing something very wrong but I keep getting the following error when the installation tries to restart the db: 14:39:01 03/22/05: Error 0x9a01 has occurred: no such entity. which appears in the output of the install log somewhere: 14:38:59 03/22/05: Updating the client's CellServDB. 14:38:59 03/22/05: Update of the CellServDB file on host willywortel.angelite succeeded. 14:38:59 03/22/05: Update of the CellServDB file on host angeliteExampleSite succeeded. 14:38:59 03/22/05: Update of the CellServDB file on host willywortel succeeded. 14:38:59 03/22/05: Starting the following servers: Protection Volume Location Backup Authentication 14:38:59 03/22/05: Restarting all DB servers. 14:39:01 03/22/05: Error 0x9a01 has occurred: no such entity. 14:39:05 03/22/05: Closing the connection to this server. 14:39:05 03/22/05: Configuration has failed. 14:40:01 03/22/05: User has chosen to cancel the program. 14:40:01 03/22/05: Closing log file. somebody has a clue? thx Jordi ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info smime.p7s Description: S/MIME Cryptographic Signature
RE: [OpenAFS] Question about append-only directories and ownership of files
You're right of course about the directory ownership. Kim > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Todd M. Lewis > Sent: Monday, March 21, 2005 11:26 AM > To: openafs-info@openafs.org > Cc: 'Thomas M. Payerle' > Subject: Re: [OpenAFS] Question about append-only directories > and ownership of files > > > > > Dexter 'Kim' Kimball wrote: > > > > In general AFS doesn't care about ownership/mode bits -- > ignores them > > entirely on directories, > > Not quite. The owner of a directory has implied administrator > rights in that > directory. That may be relevant here. Or not. Whatever. > -- > +--+ >/ [EMAIL PROTECTED] 919-962-5273 http://www.unc.edu/~utoddl / > / Bakers trade bread recipes on a knead to know basis. / > +--+ > ___ > OpenAFS-info mailing list > OpenAFS-info@openafs.org > https://lists.openafs.org/mailman/listinfo/openafs-info > ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
RE: [OpenAFS] Oracle Databases...
> Byte-range locking is really not the core issue here. > > The backend storage for an Oracle database is highly specialized, > performance-critical, and cannot be shared among multiple > servers. Thus, > it is not a good candidate for storage in _any_ remote or distributed > filesystem, including AFS. > Now that's a definitive response. Thanks. Kim > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Jeffrey Hutzelman > Sent: Monday, March 21, 2005 3:15 PM > To: [EMAIL PROTECTED]; 'Craig Cook'; openafs-info@openafs.org > Subject: RE: [OpenAFS] Oracle Databases... > > > > > On Monday, March 21, 2005 09:53:07 AM -0700 Dexter 'Kim' Kimball > <[EMAIL PROTECTED]> wrote: > > >> Is OpenAFS a good filesystem to run an Oracle database on? > > > > Lousy, actually. No byte range locking, to begin with. > Other performance > > overhead. > > Byte-range locking is really not the core issue here. > > The backend storage for an Oracle database is highly specialized, > performance-critical, and cannot be shared among multiple > servers. Thus, > it is not a good candidate for storage in _any_ remote or distributed > filesystem, including AFS. > > -- Jeffrey T. Hutzelman (N3NHS) <[EMAIL PROTECTED]> >Sr. Research Systems Programmer >School of Computer Science - Research Computing Facility >Carnegie Mellon University - Pittsburgh, PA > > ___ > OpenAFS-info mailing list > OpenAFS-info@openafs.org > https://lists.openafs.org/mailman/listinfo/openafs-info > ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
[OpenAFS] repeated ailed volume move operation
I looked through some of the old emails, and have seen this before. I couldn't find a solution The operation is started from fs2. I watch it, and it transfers a large amount of data. This volume is ~400GB . While checking up on it, it transferred at least 200GB. It has done this 3 times. The only thing I get in the Volserlog is : Tue Mar 22 07:45:36 2005 trans 38 on volume 536870954 is older than 3420 seconds Tue Mar 22 07:45:58 2005 1 Volser: Delete: volume 536870954 deleted There are many older than X seconds messages. I thought that was just because it was a large volume, and would thus take a long time. Is there some sort of timeout I need to bump up. vos move sata.vol fs1 vicepc fs2 vicepc -local -verbose Starting transaction on source volume 536870924 ... done Cloning source volume 536870924 ... done Ending the transaction on the source volume 536870924 ... done Starting transaction on the cloned volume 536870954 ... done Creating the destination volume 536870924 ... done Dumping from clone 536870954 on source to volume 536870924 on destination ...Failed to move data for the volume 536870924 VOLSER: Problems encountered in doing the dump ! vos move: operation interrupted, cleanup in progress... clear transaction contexts access VLDB move incomplete - attempt cleanup of target partition - no guarantee cleanup complete - user verify desired result Thanks, Gabe __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] 1.3.80 linux 2.6 build- & runtime problems
On Tue, 22 Mar 2005, Derrick J Brashear wrote: On Tue, 22 Mar 2005, Stephan Wiesand wrote: On an EL4-respin, "configure; make dest_only_libafs" (and any other target involving building the kernel module, transarc paths or not, and also when specifying the sysname and path to kernel sources) grinds to a halt with something like make[4]: Entering directory `/tmp/openafs/openafs-1.3.80/src/libafs/MODLOAD-2.6.9-5.0.3.ELsmp-MP' Makefile.common:51: warning: overriding commands for target `.c.o' /tmp/openafs/openafs-1.3.80/src/config/Makefile.config:132: warning: ignoring old commands for target `.c.o' env EXTRA_CFLAGS="" ./make_kbuild_makefile.pl MODLOAD-2.6.9-5.0.3.ELsmp-MP libafs.ko /tmp/openafs/openafs-1.3.80/src/config/Makefile.config Makefile.afs Makefile.common env: ./make_kbuild_makefile.pl: No such file or directory I bet that was DELTA linux-libafs-makefileproto-call-kbuild-correctly-20050320 AUTHOR [EMAIL PROTECTED] FIXES 17972 call the script directly out of srcdir instead of looking elsewhere which I think means the script can end up being called from 2 different places. sigh. That's what I guessed, but simply backing out this one-liner won't help either. -- | Stephan Wiesand || | || | DESY - DV - | phone +49 33762 7 7370| | Platanenallee 6 | fax+49 33762 7 7216| | 15738 Zeuthen|| | Germany || ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Problems with 1.3.80 on Windows - crash
On Tue, 2005-03-22 at 15:33 +0100, Lars Delhage wrote: > On Tue, 2005-03-22 at 09:26 -0500, Derrick J Brashear wrote: > > > Now I tried to get tokens and browse our cell. > > > I got tokens without a flaw, but while accessing the cell (e.g. listing > > > the > > > mounted directory), the afsd crashed. > > > > Get 1.3.80a. I suspect it fixes this issue. > > > > Had the same problem. Just installed 1-3-8001 (1.3.80a) and can confirm > that it fixed it. > Well... it works, but with integrated login I still get an error message: "Integrated login failed: Unknown code è7294". It does work despite this message, I get a token and everything is fine, but it's a bit annoying. Any suggestions? Cheers, Lars -- Lars Delhage, Nohup AB tel: +46-8-458 78 15, mob: +46-70-781 60 69 http://www.nohup.se GnuPG fingerprint: 4E08 4F49 213A 0B38 95AF 0F65 B77B B16B 5694 92FE signature.asc Description: This is a digitally signed message part
Re: [OpenAFS] 1.3.80 linux 2.6 build- & runtime problems
On Tue, 22 Mar 2005, Stephan Wiesand wrote: On an EL4-respin, "configure; make dest_only_libafs" (and any other target involving building the kernel module, transarc paths or not, and also when specifying the sysname and path to kernel sources) grinds to a halt with something like make[4]: Entering directory `/tmp/openafs/openafs-1.3.80/src/libafs/MODLOAD-2.6.9-5.0.3.ELsmp-MP' Makefile.common:51: warning: overriding commands for target `.c.o' /tmp/openafs/openafs-1.3.80/src/config/Makefile.config:132: warning: ignoring old commands for target `.c.o' env EXTRA_CFLAGS="" ./make_kbuild_makefile.pl MODLOAD-2.6.9-5.0.3.ELsmp-MP libafs.ko /tmp/openafs/openafs-1.3.80/src/config/Makefile.config Makefile.afs Makefile.common env: ./make_kbuild_makefile.pl: No such file or directory I bet that was DELTA linux-libafs-makefileproto-call-kbuild-correctly-20050320 AUTHOR [EMAIL PROTECTED] FIXES 17972 call the script directly out of srcdir instead of looking elsewhere which I think means the script can end up being called from 2 different places. sigh. ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
[OpenAFS] 1.3.80 linux 2.6 build- & runtime problems
On an EL4-respin, "configure; make dest_only_libafs" (and any other target involving building the kernel module, transarc paths or not, and also when specifying the sysname and path to kernel sources) grinds to a halt with something like make[4]: Entering directory `/tmp/openafs/openafs-1.3.80/src/libafs/MODLOAD-2.6.9-5.0.3.ELsmp-MP' Makefile.common:51: warning: overriding commands for target `.c.o' /tmp/openafs/openafs-1.3.80/src/config/Makefile.config:132: warning: ignoring old commands for target `.c.o' env EXTRA_CFLAGS="" ./make_kbuild_makefile.pl MODLOAD-2.6.9-5.0.3.ELsmp-MP libafs.ko /tmp/openafs/openafs-1.3.80/src/config/Makefile.config Makefile.afs Makefile.common env: ./make_kbuild_makefile.pl: No such file or directory The make_kbuild_makefile.pl is in the parent directory, and doing this ln -s ../make_kbuild_makefile.pl src/libafs/MODLOAD-* make dest_only_libafs gets the modules built, but I hope someone has a better fix ;-) Once installed, it seems to work, but I still observe the problem with the first write operation under a 32bit UP kernel getting stuck (attaching and detaching with gdb again helps), just like 1.3.79 did. 32bit SMP is ok for me, as is 64bit UP/SMP on very similar hardware (both are P4 3.2 GHz, 925X Chipset, HT enabled). The kernel is again 2.6.9-5.0.3.EL[smp]. Regards, -- | Stephan Wiesand || | || | DESY - DV - | phone +49 33762 7 7370| | Platanenallee 6 | fax+49 33762 7 7216| | 15738 Zeuthen|| | Germany || ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Problems with 1.3.80 on Windows - crash
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Derrick J Brashear schrieb: |> Now I tried to get tokens and browse our cell. |> I got tokens without a flaw, but while accessing the cell (e.g. |> listing the |> mounted directory), the afsd crashed. | | | Get 1.3.80a. I suspect it fixes this issue. *fixed* Thx, cya Lars - -- - - Technische Universität Braunschweig, Institut für Computergraphik Tel.: +49 531 391-2109E-Mail: [EMAIL PROTECTED] PGP-Key-ID: 0xB87A0E03 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCQC77VguzrLh6DgMRAvkxAJ4z7duL64PjfdH3V/knhcBLLKR8dgCdHhWr hmbSWx9mfeJd1hcF4NeYP5E= =FX/U -END PGP SIGNATURE- ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Problems with 1.3.80 on Windows - crash
On Tue, 2005-03-22 at 09:26 -0500, Derrick J Brashear wrote: > > Now I tried to get tokens and browse our cell. > > I got tokens without a flaw, but while accessing the cell (e.g. listing the > > mounted directory), the afsd crashed. > > Get 1.3.80a. I suspect it fixes this issue. > Had the same problem. Just installed 1-3-8001 (1.3.80a) and can confirm that it fixed it. Cheers, Lars -- Lars Delhage, Nohup AB tel: +46-8-458 78 15, mob: +46-70-781 60 69 http://www.nohup.se GnuPG fingerprint: 4E08 4F49 213A 0B38 95AF 0F65 B77B B16B 5694 92FE signature.asc Description: This is a digitally signed message part
Re: [OpenAFS] Problems with 1.3.80 on Windows - crash
Same here. As soon as I try to access my AFS home, the services crashes and logs an Event ID: 1001 in Source: AFS Client in my Windows XP application event log. -- Michael Niksch /Zurich/IBM @ IBMCH IBM Zurich Research Laboratory [EMAIL PROTECTED] Saeumerstrasse 4 http://www.zurich.ibm.com/~nik/ CH-8803 Rueschlikon / Switzerland P: +41-44-724-8913 F: +41-44-724-8080 ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Problems with 1.3.80 on Windows - crash
Now I tried to get tokens and browse our cell. I got tokens without a flaw, but while accessing the cell (e.g. listing the mounted directory), the afsd crashed. Get 1.3.80a. I suspect it fixes this issue. ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
[OpenAFS] Problems with 1.3.80 on Windows - crash
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi! I got the 1.3.80 release from website today and installed it over a 1.3.70 and over 2 1.3.79 releases. Now I tried to get tokens and browse our cell. I got tokens without a flaw, but while accessing the cell (e.g. listing the mounted directory), the afsd crashed. On Windows 2000 SP4 it gave a "memory can't be read", on Windows XP SP2 it gave just a error message and "error report to be sent". Any one experienced the same? Before 1.3.80 it worked. Cya Lars - -- - - Technische Universität Braunschweig, Institut für Computergraphik Tel.: +49 531 391-2109E-Mail: [EMAIL PROTECTED] PGP-Key-ID: 0xB87A0E03 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCQClPVguzrLh6DgMRAuIlAKC0jpbtFowtLNNxyyCoQ9DSNXWrxwCfTEDz pxkb0p6uaxlero/ILHf5eM4= =yPsr -END PGP SIGNATURE- ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
[OpenAFS] error on installing windows exe (8800)
I am probably doing something very wrong but I keep getting the following error when the installation tries to restart the db: 14:39:01 03/22/05: Error 0x9a01 has occurred: no such entity. which appears in the output of the install log somewhere: 14:38:59 03/22/05: Updating the client's CellServDB. 14:38:59 03/22/05: Update of the CellServDB file on host willywortel.angelite succeeded. 14:38:59 03/22/05: Update of the CellServDB file on host angeliteExampleSite succeeded. 14:38:59 03/22/05: Update of the CellServDB file on host willywortel succeeded. 14:38:59 03/22/05: Starting the following servers: Protection Volume Location Backup Authentication 14:38:59 03/22/05: Restarting all DB servers. 14:39:01 03/22/05: Error 0x9a01 has occurred: no such entity. 14:39:05 03/22/05: Closing the connection to this server. 14:39:05 03/22/05: Configuration has failed. 14:40:01 03/22/05: User has chosen to cancel the program. 14:40:01 03/22/05: Closing log file. somebody has a clue? thx Jordi ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] ports used by OpenAFS?
[EMAIL PROTECTED] wrote: Hello everybody, I'm setting up an OpenAFS-cell, now I want to configure my firewall but don't know wich ports are used by OpenAFS. Can someone help me? You didn't indicate what type of firewall you are configuring. However, here are the relevant lines from my /etc/sysconfig/iptables file on a RedHat 9 AFS client-only system. Perhaps this will at least give you some hints: :KERBEROS-INPUT - [0:0] :AFS-INPUT - [0:0] -A INPUT -j KERBEROS-INPUT -A INPUT -j AFS-INPUT -A AFS-INPUT -p udp -m udp --dport 7001 --sport 7000 -j ACCEPT -A AFS-INPUT -p udp -m state --state ESTABLISHED \ -m udp --sport 7002:7009 --dport 1025: -j ACCEPT -A KERBEROS-INPUT -p udp -m state --state ESTABLISHED \ -m udp --sport kerberos --dport 1025: -j ACCEPT -A KERBEROS-INPUT -p udp -m state --state ESTABLISHED \ -m udp --sport kerberos4 --dport 1025: -j ACCEPT -A KERBEROS-INPUT -p udp -m state --state ESTABLISHED \ -m udp --sport krb524 --dport 1025: -j ACCEPT And is it possible to specify the processes that use these ports? Not that I'm aware of, but that would depend on your firewall. Thanx! Greetz Loretto -- +--+ / [EMAIL PROTECTED] 919-962-5273 http://www.unc.edu/~utoddl / +--+ ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] AFS in a solaris 10 zone? How about Linux/Xen VM?
> > In theory the AFS servers ought to work in a solaris 10 zone. I really > hope that part works at least, as I would like to do so myself. (I have > a 6-cpu E3000 sitting here doing very little, and I'd like to put an AFS > fileserver on it in a zone) Namei fileserver should work, about inode fileserver I don't know. Pavel Semerad > > > - Ben > ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] AFS in a solaris 10 zone? How about Linux/Xen VM?
> Hi all - > > I'm looking at various server virtualization techniques > and two options that look very interesting are the "zones" > in solaris 10, and Linux/Xen. Direct competitor to solaris zones in linux is http://linux-vserver.org/ . I am using this and it works. AFS client is running in global vserver and is "mount -o bind" mounted to other vservers. > > Anyone know if I can get at the AFS filesystem in either > of these? I think that on solaris it is possible to do the same way. Run afs client in global zone and loopmount it to other zones. If you need afs only in one zone, you can mount it to /xx.../zone1/afs insted of /afs also. I will try this in near feature, bacause I am reinstaling my solaris machines to solaris10. > > I don't really know anything about the solaris zones so i am > not sure what would be required. > > From what I understand of Linux & Xen i'd think it *ought* > to work but what i can imagine all sorts of pitfalls... If afs kernel module is not doing bad (from xens perspective) things, it should work. I haven't try this yet, but i will in longer future too :-) Pavel Semerad > > thanks > > danno ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Heartbeat + DRBD + OpenAFS, any suggestions?
On Mon, Mar 21, 2005 at 05:36:24PM -0500, Jeffrey Hutzelman wrote: > > > On Saturday, March 19, 2005 11:22:44 PM -0500 Kyle Moffett > <[EMAIL PROTECTED]> wrote: > > >We're currently deploying a highly-available pair of servers for users in > >one of our labs. The servers use Heartbeat to automatically fail > >services over from one server to the other when one dies. All of the > >Kerberos and OpenLDAP services are properly configured and working to > >automatically promote one server from a read-only slave to a read-write > >master if the other goes down. We also have a working tested system to > >hard-reboot the other box when it crashes or goes down improperly, so it > >does not make changes while "down". We have two DRBD volumes (RAID 1 > >between 2 computers) configured between the two computers. By default > >one volume is mounted on the first server "king" on /vicepa, and volume > >2 is mounted on "emperor" on /vicepb. If either server goes down, the > >volume will be automatically mounted on the other server. I believe > >OpenAFS can handle adding and removing the volumes from each server > >dynamically like that, even in the event of a server crash, but I am > >unsure if I need to prod the voldb to get it to acknowledge the movement > >from one server to the other. The volumes will _never_ be mounted on > >both servers at once, drbd and heartbeat make sure of that. > > > >So, what should I have heartbeat run when it remounts a volume from one > >server to the other? Also, I can tell when a server goes down hard or > >softly. Should I mark the volumes dirty somehow, or does OpenAFS do that > >for me? > > There are a number of potential problems here... > > - You will need to restart the fileserver in order to get it to notice > a vice partition that was not there when it started. > > - You will need to resync the VLDB against the "new" partition in order > to get it to notice that the volumes have moved. Use a command like > # vos syncvldb -server emperor -partition /vicepa I am doing it that way, that only one computer is running AFS server. After crash, AFS server is started on second server on the same IP address (heartbeat does this). This works. Pavel Semerad ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] ptserver attempts free(NULL) with 1.3.79
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Adam Megacz schrieb: | Hey, I know it's a strictly "unstable" release, but I'm trying to get | 1.3.79 working because I need kernel 2.6. | | Anyways, everything's working fine except for ptserver, which crashes | repeatedly after trying to free(NULL) (and probably other things as | well). Any ideas? Is there a quasi-stable version in the 1.3.x | sieres I could roll back to? | | Thanks! | | free(): invalid pointer 0xb7c7f010! | free(): invalid pointer 0xb7c4e010! | free(): invalid pointer 0xb7c1d010! | free(): invalid pointer 0xb7bec010! | free(): invalid pointer 0xb7bbb010! | free(): invalid pointer 0xb7b8a010! | free(): invalid pointer 0xb7b59010! | free(): invalid pointer 0xb7b28010! | free(): invalid pointer 0xb7af7010! | free(): invalid pointer 0xb7ac6010! | free(): invalid pointer 0xb7a95010! Also got that after change of keyfiles or anything else. Be sure to own the rigt keyfile (watch the logs) and reboot your PC. These messages were gone after a reboot at my servers. Cya Lars - -- - - Technische Universität Braunschweig, Institut für Computergraphik Tel.: +49 531 391-2109E-Mail: [EMAIL PROTECTED] PGP-Key-ID: 0xB87A0E03 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCP/ITVguzrLh6DgMRAqzMAJ4/73pL2w2iDaie6iSl1N4kFIqH0QCggpnC N7owSRzWkn8pA44XqTKfV60= =UmKq -END PGP SIGNATURE- ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Fwd: [OpenAFS] ports used by OpenAFS?
Hello, Before setting up my AFS-cell, I set up a CODA-cell. This cell automatically supported disconnected operation. Because this is a very good feature, I want to know if it's also integrated in OpenAFS of if it's possible to integrate it? Then I have another question, what is the best way to create a secure environment. With this I mean an environment where a server outage doesn't have any effect on any of the clients writing or reading files from this server. THX ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
[OpenAFS] ports used by OpenAFS?
Hello everybody, I'm setting up an OpenAFS-cell, now I want to configure my firewall but don't know wich ports are used by OpenAFS. Can someone help me? And is it possible to specify the processes that use these ports? Thanx! Greetz Loretto ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info