[OpenAFS] AFS & Kerberos Best Practices Workshop 2007: CFP Extended & Registration Available!
[Please forgive the cross-posting, and please feel free to pass this further along] Due to some difficulties, the AFS & Kerberos Best Practices Workshop is extending it's Call for Participation to April 6th, with notifications being made on or before April 9th. ** Registration is now available. ** Travel information, including accomodations, is also available. We are grateful to our host site, the Stanford Linear Accelerator Center, who has graciously offered space for this year's Workshop. Fees are low this year, due to restrictions by the DOE. Future AFS workshops will have an increased fare schedule; any profits will be placed in the OpenAFS fund. We hope to see you there! http://www.pmw.org/afsbpw07 ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] openafs w/ amd64 kernel and 32bit user space
On Tue, 27 Mar 2007, chas williams - CONTRACTOR wrote: > dont bother with lint. just collect the warnings. anything about > implicit is likely bad news on 64-bit. after than, any casting to/from > wrong size integers is possibly bad. afs has a habit of casting > int's to void * and back again which is safe. that was the bulk of > the work getting the ia64 client to run 64-bit. Lint is just too slow at this point. only 4353 warnings, and only 2095 of them are implicit.. :) that is down from xmas break. =-) -- Sean O'Malley, Information Technologist Michigan State University - ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] parsing vicepa names
On Tue, Mar 27, 2007 at 02:27:29PM -0400, Derrick J Brashear wrote: > On Fri, 23 Mar 2007, Ryan Underwood wrote: > > >Is there any way to look up a file in a namei vice partition, i.e. in a > >fileserver recovery situation, if I know the volume name and the path to > >the file inside the volume? > > /afs/andrew.cmu.edu/usr/shadow/volid.pl (from Warren Yenson) will compute > the path to the volume data; It could be extended such that when given a > vnode number it would print the whole path but no one has done so yet. > Oh, hell...I was working on one that did that, but I forgot about it: /afs/cs.stanford.edu/u/miles/src/afstools/volid/volid.pl -- // Miles Davis - [EMAIL PROTECTED] - http://www.cs.stanford.edu/~miles // Computer Science Department - Computer Facilities // Stanford University ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] About OpenAfs
colderthanice wrote: > WOOW. We can run Word from openafs. I mean Microsoft Word. Not word > document!! Microsoft Word is aproximately 30-40MB executable file. How long > time does it take run? How can we set c:\program files\office directory for > running. Does Openafs react as virtual hard drive to network? Typically what you do with Microsoft Office is that you perform a network install to AFS and then when the user executes it, the Office installer installs the required local pieces on the local machine and gets the rest from the network as needed. Jeffrey Altman Secure Endpoints Inc. smime.p7s Description: S/MIME Cryptographic Signature
Re: [OpenAFS] About OpenAfs
Am Donnerstag, 22. März 2007 schrieb colderthanice: > WOOW. We can run Word from openafs. I mean Microsoft Word. Not word > document!! Yes, I understood that. > Microsoft Word is aproximately 30-40MB executable file. So what? > How long time does it take run? I don't know. I don't use it. > How can we set c:\program files\office directory for > running. AFAIK, you can install it wherever you want. HTH... Dirk pgpCaKLMF9VW7.pgp Description: PGP signature
Re: [OpenAFS] parsing vicepa names
On Fri, 23 Mar 2007, Ryan Underwood wrote: Is there any way to look up a file in a namei vice partition, i.e. in a fileserver recovery situation, if I know the volume name and the path to the file inside the volume? /afs/andrew.cmu.edu/usr/shadow/volid.pl (from Warren Yenson) will compute the path to the volume data; It could be extended such that when given a vnode number it would print the whole path but no one has done so yet. Also, why does fs checks report "All servers are running" when the fileserver and db servers are clearly down? If the client hasn't talked to them yet they won't be in its server list to notice they're down. ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
[OpenAFS] parsing vicepa names
Is there any way to look up a file in a namei vice partition, i.e. in a fileserver recovery situation, if I know the volume name and the path to the file inside the volume? Also, why does fs checks report "All servers are running" when the fileserver and db servers are clearly down? ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] About OpenAfs
WOOW. We can run Word from openafs. I mean Microsoft Word. Not word document!! Microsoft Word is aproximately 30-40MB executable file. How long time does it take run? How can we set c:\program files\office directory for running. Does Openafs react as virtual hard drive to network? Dirk Heinrichs-2 wrote: > > Am Donnerstag, 22. März 2007 schrieb colderthanice: > >> I am new in this group and new about Openafs. I want to ask somethings >> about system.I think we use openafs system as a network mapping drive. >> Beside this. > >> 1- Can we install openafs server to winxp? > > See thread from two hours ago. > >> 2- Is it hard to manage settings? > > No. > >> 3- Is it working as if apache or not? > > ??? Apache is a web server, AFS is a filesystem. > >> 4- What are the differences between vnc? > > ??? VNC is a remote desktop solution, AFS is... see above. > >> 5- Can we run for example word from openafs installed server? > > AFAIK, yes. > > Bye... > > Dirk > > > -- View this message in context: http://www.nabble.com/About-OpenAfs-tf3447964.html#a9618048 Sent from the OpenAFS - General mailing list archive at Nabble.com. ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Initial server setup
ted wrote: Go with the config.sh I sent, it has namei on do a make ;make install look at the contents of /usr/vice and usr/afs before and after the make install cd /usr/vice;mkdir cache;cd etc;ls insmod libafs-2.6.18.2-34-default-ted.ko #if it doesn't complain, the kernel module compiled OK If it does complain, probably the kernel you built the .ko for is not the one your running... reboot into the correct kernel or fix the compile - cp libafs-2.6.18.2-34-default-ted.ko /lib/modules/2.6.18.2-34-default-ted/kernel/fs/afs/libafs.ko #put the .ko in the library tree +;cd /lib/modules/2.6.18.2-34-default-ted/kernel;depmod;- modprobe libafs #should automatically insmod the libafs.ko Ok, after copy of libafs-2.6-xxx to /lib/modules/2.6-xx/../afs/libafs.ko and running "depmod" I can use "modprobe" to install "libafs" without trouble. The "sunrpc" modules gets pulled in automatically. So far so good! #I think that the client can be tested against any cell in the standard CellServDB off the openafs website - it will obviously show only unauthenticated files - play around dyno:/usr/vice/etc # ls /afs .:mount .grand.central.org .home.ted-doris.fam grand.central.org home.ted-doris.fam I copied the "afs-client" script to /etc/init.d/ and created an /etc/sysconfig/afs-client from the listing you provided. I also made the aliases for starting and stopping the client and server. I have tried setting the variables for a couple of the cells from the standard CellServDB and it seems to work fine, only a bit slow when doing a 'ls'. I can copy files from the mounted afs dirs and only the first time the copy takes time. After that it seems to be cached and then it's a fast copy. I can't reach (or even nslookup) your nome.home.ted-doris.fam, but , since the other cells seems to work with my client I guess I got the client working correctly. So thanks a lot so far :) I suppose I am ready for the Kerberos and server setup! Will try to read a little bit about Kerberos until I hear from you again! -Martin Lütken My /usr/vice/etc looks like this: CellServDB ThisCell cacheinfo libafs-2.6.18.2-34-default-ted.ko cacheinfo is set up initially by /etc/sysconfig/afs-client but it can be set manually: /afs:/usr/vice/cache:80 CellServDB: #Cell name, generated from /etc/sysconfig/afs-client 10.1.1.193 #nome.home.ted-doris.fam grand.central.org # Grand Central Communications 18.7.14.88 #grand-opening.mit.edu 128.2.191.224 #penn.central.org #nome.home.ted-doris.fam must be resolvable either in /etc/hosts or via DNS ThisCell: home.ted-doris.fam #note my domain is ted-doris.fam - this is covered in the krb5.conf file put the following in your .bashrc and restart your xterm: alias starts='/etc/init.d/afs-server start' alias startc='/etc/init.d/afs-client start' alias stopc='/etc/init.d/afs-client stop' alias stops='/etc/init.d/afs-server stop' alias startkdc='/etc/init.d/krb5kdc start;/etc/init.d/krb524d start;/etc/init.d/kadmind start' alias stopkdc='/etc/init.d/krb5kdc stop;/etc/init.d/krb524d stop;/etc/init.d/kadmind stop' past the following into /etc/sysconfig/afs-client: # ## Path:Network/File systems/AFS client ## Description: AFS client configuration ## Type:yesno ## Default: no # # Set to "yes" if you want to generate CellServDB and ThisCell files # from THIS_CELL and THIS_CELL_SERVER variables. # If you want more complicated setting, set REGENERATE_CELL_INFO to "no" # and edit the files manually. # REGENERATE_CELL_INFO="no" ###initially yes ## Type:string ## Default: "" # # This cell name # THIS_CELL="home.ted-doris.fam" ## Type:string ## Default: "" # # IP address of afs server for this cell # THIS_CELL_SERVER="10.1.1.193" ## Type:string ## Default: "" # # DNS name of afs server for this cell # THIS_CELL_SERVER_NAME="nome.home.ted-doris.fam" ## Type:yesno ## Default: yes # # Set to "yes" if you want to use data encription (secure, slower) # DATA_ENCRYPTION="no" ## Type:yesno ## Default: yes # # Set to "yes" if you want to generate cacheinfo file # REGENERATE_CACHE_INFO="no" ###initially yes ## Type:string ## Default: "" # # AFS client configuration options # XXLARGE="-stat 4000 -dcache 4000 -daemons 6 -volumes 256 -files 5" XLARGE="-stat 3600 -dcache 3600 -daemons 5 -volumes 196 -files 5" LARGE="-stat 2800 -dcache 2400 -daemons 5 -volumes 128" MEDIUM="-stat 2000 -dcache 800 -daemons 3 -volumes 70" SMALL="-stat 300 -dcache 100 -daemons 2 -volumes 50" ## Type:yesno ## Default: yes # # Instead of mounting the home cell's root.afs volume at the AFS mount # point (typically /afs) a fake root is constructed from information # available in the client's CellServDB. # With this option enabled openafs can start up even on net
Re: [OpenAFS] mixed success with (latest) OpenAFS on Windows
Lars Schimmer wrote: > Hi! > > I just want to write some experiences I got last weeks. > First: The PC last mentioned was totaly upset, not AFS fault. Set it up > completly new. > Now OpenAFS and MIT krb5 3.1 for windows seems to work. > For bad sake, users don´t obtain tokens automaticly. I setup krb.ini as > on other PCs, I setup our cgv.tugraz.at cell as default, all I get is a > "access error XXX" while trying to logging in (local users). I assume you mean "krb5.ini" instead of "krb.ini". In order for a local user account to be used to obtain AFS tokens using Kerberos v5 during OpenAFS integrated logon: * krb5.ini default realm must be the realm the user's principal is located within * the case of the user's name as entered must match the case of the name in the user's principal within the Kerberos database * the password used to login locally to the machine must be the same as the password used to login to the Kerberos realm for that principal * there must be a Kerberos service ticket of the form [EMAIL PROTECTED] or afs/[EMAIL PROTECTED] If any of these requirements are not true you will get an error. If you get an error, turn on integrated logon debugging and examine the errors that are logged to the Windows Application Event Log. Sending a request for help here without any details as to why things are failing makes it impossible for anyone to help you. > After I logged in, sometimes the "get AFS tokens" screen appears, > sometimes not. If not, I need to start Authentication from start menu to > grab a token. I don´t know where to step in for better experience on > that PC. You have KFW 3.1 installed. Please configure the Network Identity Manager for use in obtaining Kerberos v5 credentials and AFS tokens. It provides a much better experience to end users and better debugging tools for Help Desks. NIM is installed with KFW 3.1 and the AFS support for NIM is installed with OpenAFS 1.5. > After I/the users got the token, everything works fine so far, even > Office 2007, no problem. > Once I had the problem with OpenAFS authentication screen didn´t > appeared, but I installed some software before and didn´t restarted windows. > > On my vista laptop I´m nearly depressed. Not that I believe it is related but be aware that KFW is not supported on Vista yet. There are a variety of problems that will be addressed in the next release. > I don´t activated "get token at login" and the authentication screen > appears every time I login and I´m able to grab a token. > But after the sleep mode sometimes OpenAFS break down and won´t come > back. Even stopping and starting the openafs service doesn´t do > anything. Only reboot resolves that problem. File a bug report at [EMAIL PROTECTED] Again, you will need to include useful data in your report as described in the OpenAFS release notes. For starters, you need to include the afsd_init.log file and if you are able to replicate the problem on a regular basis, you should turn on trace logging "fs trace -on", suspend the laptop, resume the laptop, and if you experienced the problem, "fs trace -dump" and send the afsd.log file as well. > Maybe the wlan drivers are not well enough (sometimes vista doesn´t find > the net although just 1m away from router), maybe switching wlans in > sleep mode isn´t best for OpenAFS. OpenAFS should not care about your wlans. OpenAFS installs the loopback adapter and binds to the loopback adapter. Only if the loopback adapter does not exist or does not restart after sleep would I expect there to be a problem. Jeffrey Altman smime.p7s Description: S/MIME Cryptographic Signature
Re: [OpenAFS] openafs w/ amd64 kernel and 32bit user space
In message <[EMAIL PROTECTED]>,"Sean O'Malley" writes: >I ran into the same problem =) I started hacking AFS to get userland stuff >working, but put a dent in my head banging off the wall. I did manage to >get it to compile, and started in with lint but that was about as far as I >got. :) dont bother with lint. just collect the warnings. anything about implicit is likely bad news on 64-bit. after than, any casting to/from wrong size integers is possibly bad. afs has a habit of casting int's to void * and back again which is safe. that was the bulk of the work getting the ia64 client to run 64-bit. ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
[OpenAFS] mixed success with (latest) OpenAFS on Windows
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi! I just want to write some experiences I got last weeks. First: The PC last mentioned was totaly upset, not AFS fault. Set it up completly new. Now OpenAFS and MIT krb5 3.1 for windows seems to work. For bad sake, users don´t obtain tokens automaticly. I setup krb.ini as on other PCs, I setup our cgv.tugraz.at cell as default, all I get is a "access error XXX" while trying to logging in (local users). After I logged in, sometimes the "get AFS tokens" screen appears, sometimes not. If not, I need to start Authentication from start menu to grab a token. I don´t know where to step in for better experience on that PC. After I/the users got the token, everything works fine so far, even Office 2007, no problem. Once I had the problem with OpenAFS authentication screen didn´t appeared, but I installed some software before and didn´t restarted windows. On my vista laptop I´m nearly depressed. I don´t activated "get token at login" and the authentication screen appears every time I login and I´m able to grab a token. But after the sleep mode sometimes OpenAFS break down and won´t come back. Even stopping and starting the openafs service doesn´t do anything. Only reboot resolves that problem. Maybe the wlan drivers are not well enough (sometimes vista doesn´t find the net although just 1m away from router), maybe switching wlans in sleep mode isn´t best for OpenAFS. On the other side, Debian 1.4.2-6 packages are working fine as server and client and no problem on that side. Although with etch the pam configuration is tricky. In a etch-only enviroment the ticket forwarding works perfectly, but from sarge to etch, its tricky. MfG, Lars Schimmer - -- - - TU Graz, Institut für ComputerGraphik & WissensVisualisierung Tel: +43 316 873-5405 E-Mail: [EMAIL PROTECTED] Fax: +43 316 873-5402 PGP-Key-ID: 0x4A9B1723 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGCNmWmWhuE0qbFyMRApqGAJ9BGctLdi+K0wiyFdrwM4b8FBPWQACgljt+ iKVPhtBQXEq/ky/5A6kmXUw= =v7wE -END PGP SIGNATURE- ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info