Re: [OpenAFS] Changed behaviour (?) in client kernel module.

[Anders Magnusson]

Marc Dionne skrev den 2014-12-02 12:33:

On Mon, Dec 1, 2014 at 12:37 PM, Anders Magnusson  wrote:

Some years ago (around 2008) I did setup a SMB to AFS gateway like this (on
RedHat):

- samba configured to use Kerberos for client auth
- when user authenticated, use root preexec with kimpersonate to get an AFS
token
- The token was set to the uid, PAGs were not used.

This worked actually wery well.

Anyway, we have just tried to do the same again, but this time it do not
work at all.
Some debugging shows that a token is created to the uid, and su:ing to that
uid works, but smbd gets permission denied.

strace of smbd shows this:


setregid(4294967295, 513)   = 0

getegid()   = 513

setreuid(4294967295, 14431) = 0

That's the key line here, the real uid is left unchanged and the
effective uid is set.  But OpenAFS relies on the real uid to set and
retrieve tokens, so this won't work. On the OpenAFS side this was
inadvertently changed in 1.6.0 and 1.6.1 but restored in 1.6.2.  On
the samba side it looks like it should be setting both the effective
and real uids with setresuid() (some code there was added specifically
because of OpenAFS), but that code is conditional to some configure
tests, and there's a fallback to a setuid(-1, uid) that looks like the
one above, in case of error.  Do you see a failing setresuid() in the
trace before the setreuid call?

Interesting, this sounds like you found the cause!

Hm, no setresuid() call before.  Actually nothing related to setting uid.
But using setuid() would prevent samba from changing users in the same
connection, won't it?

-- Ragge
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] Changed behaviour (?) in client kernel module.

[Anders Magnusson]

D Brashear skrev den 2014-12-01 19:49:



On Mon, Dec 1, 2014 at 12:28 PM, Anders Magnusson <mailto:ra...@ltu.se>> wrote:


Jonathan Billings skrev den 2014-12-01 17:43:

On Mon, Dec 1, 2014 at 11:37 AM, Anders Magnusson mailto:ra...@ltu.se>> wrote:

chdir("/afs/ltu.se/staff/all/ragge
<http://ltu.se/staff/all/ragge>")  = -1 EACCES (Permission
denied)


SELinux?

Nope.

Do you see any AVC audit entries?

Not checked, but should they appear if not SELinux?

Do you have samba_share_nfs=1?

Nope, but I doubt it will solve anything.  AFS sharing works, but
not tokens for permissions.

-- Ragge


What smbd version (and what glibc version?)

% rpm -q samba glibc
samba-3.6.23-12.el6.x86_64
glibc-2.12-1.149.el6.x86_64
glibc-2.12-1.149.el6.i686

Re: [OpenAFS] Changed behaviour (?) in client kernel module.

[Anders Magnusson]

Jonathan Billings skrev den 2014-12-01 17:43:
On Mon, Dec 1, 2014 at 11:37 AM, Anders Magnusson <mailto:ra...@ltu.se>> wrote:


chdir("/afs/ltu.se/staff/all/ragge
<http://ltu.se/staff/all/ragge>")   = -1 EACCES (Permission denied)


SELinux?

Nope.

Do you see any AVC audit entries?

Not checked, but should they appear if not SELinux?

Do you have samba_share_nfs=1?
Nope, but I doubt it will solve anything.  AFS sharing works, but not 
tokens for permissions.


-- Ragge

[OpenAFS] Changed behaviour (?) in client kernel module.

[Anders Magnusson]

Some years ago (around 2008) I did setup a SMB to AFS gateway like this 
(on RedHat):


- samba configured to use Kerberos for client auth
- when user authenticated, use root preexec with kimpersonate to get an 
AFS token

- The token was set to the uid, PAGs were not used.

This worked actually wery well.

Anyway, we have just tried to do the same again, but this time it do not 
work at all.
Some debugging shows that a token is created to the uid, and su:ing to 
that uid works, but smbd gets permission denied.


strace of smbd shows this:


setregid(4294967295, 513)   = 0

getegid()   = 513

setreuid(4294967295, 14431) = 0

geteuid()   = 14431

chdir("/afs/ltu.se/staff/all/ragge")   = -1 EACCES (Permission denied)


which obviously tells that the access after setreuid() isn't allowed.

Any hint what may have changed or where to continue to search for this 
problem?


Versions:
OpenAFS 1.6.10
Samba 3.6.23-12
RedHat 6.6
Kernel 2.6.32-504.1.3.el6.x86_64

-- Ragge
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] Re: backup strategy

[Anders Magnusson]

Mattias Pantzare skrev den 2014-11-25 21:58:



On Tue, Nov 25, 2014 at 9:19 PM, Kristen J. Webb > wrote:


I also took a look at the tsmafs module and had a couple technical
questions about how it works.

1. What happens when you rename a directory (either a volume
name or within a volume)?  Does the entire directory need to get
backed up again?


The entire directory/volume will be backed up again. But you can 
change where the volume is mounted.
Hm,  the volume id is saved and used when checking if volume needs 
backup, so it will probably be simple to check if it needs renaming.

Just haven't thought of it :-)



2. While the use of hard links is limited in AFS, will tsmafs
preserve those links on restore?


No. We currently use the normal TSM commands to restore files and 
those knows nothing about AFS, so I don't think so. I have not checked 
if we store metadata to be able to do that if we write a dedicated 
client.
Everything else is stored except for the hard link info (which would be 
easy to add).  Hm, I think I just didn't think about that when I wrote 
tsmafs :-)


If you use tarestore you should get everything except hard links on restore.

-- Ragge

Re: [OpenAFS] backup strategy

[Anders Magnusson]

Mattias Pantzare skrev den 2014-11-12 19:49:
On Wed, Nov 12, 2014 at 11:49 AM, Harald Barth > wrote:



> and with NetWorker, it was (it probably still is) impossible to save
> from a pipe, requiring the use of temporary disk for the purpose.

TSM as shipped by IBM can't either, but there is a TSM API. Then
tsmpipe was written in Umeå. Thanks again!


And in Luleå we are using the TSM API to do backups at the file level. 
We detect if a volume has changed so it is very fast for static volumes.


I don't know if the code has been published but we can do that if 
anyone is interested.

% ls -l /afs/ltu.se/misc/tsmafs/tsmafs-0.2.tgz
-rw-r--r-- 1 14431 seblar-0 16787 Sep 13  2010 
/afs/ltu.se/misc/tsmafs/tsmafs-0.2.tgz


I think there may have been a bunch of the updates to the code since 2010.

-- Ragge

Re: [OpenAFS] Samba & aklog

[Anders Magnusson]

Craig Huckabee skrev 2014-08-06 17:45:


  I had a request from a small group locally that needs to access 
their AFS space(s) via a Windows file share - installing the AFS 
client on these systems is not an option.


  So I started looking into doing this via Samba, using a dedicated 
server (RHEL6).  I've got normal shares working, using Kerberos 
authentication to connect (works from OSX, Windows, etc).


  A little research turned up a suggestion of doing something like 
this in the smb.conf for AFS shares:


...
root preexec = /usr/bin/aklog -setpag -cell mycell.mil -keytab 
/usr/afs/etc/rxkad.keytab -principal %u

...

  This almost works but I think I'm running into either PAG issues or 
some other weirdness.  Testing the connection it appears that 
sometimes I get tokens, sometimes I don't.  Not sure if I need to 
force the smbd into a new PAG on startup.
I did setup a quite well functioning samba gateway for AFS some years 
ago.  If memory serves correct it worked like this:


- Kerberos auth to smbd (no NTLM auth at all).
- Did not use PAGs on the file server.
- root preexec and kimpersonate was used to get AFS tokens.

I also run into problems with setting the PAG, but since it do not 
matter to have it on the file server it could as well be skipped.


-- Ragge
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] openafs OSD

[Anders Magnusson]

On 05/29/2013 08:34 AM, Staffan Hämälä wrote:

On 2013-05-28 10:09, Harald Barth wrote:

I would _not_ involve the HSM module of TSM, as I think it introduces
an extra unnecesary level of complexity. It seems easier to use the
TSM API and its archive function to get tape storage functionality (as
done in dcache). I'm quite sure the folks from Ume' read this as well
and might want to comment.


Interesting. Are there any existing implementations of using the 
archive function in TSM for this? If not, how difficult would it be to 
implement this? I'm not familiar with the OSD code.
I had a brief mail change with Hartmut Reuter about this after the AFS 
conference in Pilsen; since we had a working backup client using the TSM 
APIs for this already.  He was interested in adding this functionality, 
but I haven't spoke to him about it since then.


-- Ragge
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] Re: tsmafs utility: rx_Read() returns 0?

[Anders Magnusson]

Hi,

On 04/17/2013 08:14 AM, Andrew Deason wrote:



I suppose my question is: is it normal/ok for rx_Read() to return 0,
or is this in itself indicative of a problem or bug somewhere?

If the call has an error, we return 0 (and a quick glance at the code,
I'm not sure I see any case where we return negative). 0 is also for eof
and maybe some other odd cases like Jeff mentions, but regardless, if
you know you're supposed to be getting more data (and for that code in
tsmafs, you do), a 0 is an error. OpenAFS code in general checks for
<= 0 for errors. I'm assuming you saw an actual error code printed out
when you modified the code as mentioned?

And giving a quick look to the tsmafs code around there, it seems to be
missing error checks on the first rx_Read32 calls, as well. If you want
to be like openafs code, check for <= 0 return, and look at rx_Error()
for the actual error code (which you do now). You can just print that
code directly, or use com_err functions to get an error message.
I got a question about this a while back (since I've written that code), 
but really haven't had time to handle it yet.


There are some fixes and updates made to tsmafs since the code that is 
available, but a check shows that nothing here is changed.


Andrew points out that some error checks are missing, which is true, 
they should be added.  The code has been in use at LTU for like 4 years 
now and since this hasn't been a problem nobody has fixed it.
When I wrote it I used the 1991 Transarc examples about how to do the 
calls, which seemed to work :-)


The code path does a RXAFS_FetchACL(), StartRXAFS_FetchData64(), two 
rx_Read32() and then checks that the file size from fetchacl and the two 
read32 are the same.  Then it assumes that it's just to read the whole 
file size.


I have no idea whether there should be a workaround added for the bug 
Jeff wrote about.


As I am not working at LTU any longer there is a difficulty in testing a 
fix for me.
I will though try to be helpful as much as I have time with for others 
that want to fix it.


-- Ragge
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] Questions regarding AFS ticket lifetime

[Anders Magnusson]

Thanks Jeffrey, now lot of things became clearer :-)

But to solve this incident; since automatic renew in NiM do not work
but kinit -R && aklog does work for the API cache, we are planning to
add this to the Task Scheduler.  Do you see any problem with doing it
like this?

-- Ragge


On 04/20/2012 03:40 PM, Jeffrey Altman wrote:

Anders:

If you configure the default credential cache to be MSLSA: then the LSA
credentials will be used.

The functionality (an explorer shell logon hook) that was used to copy
credentials at logon no longer exists on Vista and later versions of
the operating system.  Since the functionality does not exist, the
functions exported from kfwlogon.dll do not get executed and no
Kerberos tickets can be copied in to the API: credential cache.

I have plans to build a new in kernel credential cache mechanism using
the AFS Authentication Groups available in the 1.7.x series.  I have no
available resources at the moment to implement it and I can't make a
commitment as to when I will.

At the moment afslogon.dll will obtain a new AFS token at logon, but it
will not be renewable.

Jeffrey Altman


On Friday, April 20, 2012 9:25:13 AM, Anders Magnusson wrote:


Yes, I have seen that, but that do not explain the behaviour since I
have no wish to fetch thingd from MSLSA.
Integrated logon works, but fetching new krbtgt at unlock of the login
window does not.
And BTW, importing tickets from MSLSA to API seems to work (pressing
import button).

-- Ragge





___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] Questions regarding AFS ticket lifetime

[Anders Magnusson]

On 04/20/2012 01:30 PM, Lars Schimmer wrote:

On 20.04.2012 12:53, Anders Magnusson wrote:

On 04/20/2012 09:35 AM, Lars Schimmer wrote:

   From memory, during our Windows XP days (different OS, different
OpenAFS, different Network Identity Manager, different MIT Kerberos
for Windows), just locking and unlocking the computer refreshed the
AFS ticket.

How has this changed for Windows 7 and our current setup, as this
no longer seems to be working?

Remember the 2 different credential caches of windows - one of system
at login and one for NetworkID Manager.

On Login you get a ticket/token with the Windows Builtin credential
cache which CANNOT be accessed by Network ID Manager.
Only after you obtained a token manual in NetworkID manager it renews
the token automatic and you can set the token lifetime with Network ID
manager.

The problem is:
1) Automatic renewal of the tgt by NiM do not work on Windows 7.  It did
on XP.
2) Letting NiM fetch a new tgt when the user unlocks the screen do not
work.  It did on XP.

Windows 7 is not Windows XP, MS changed a lot based on security and user
management.
Read the OpenAFS release notes about obtaining tokens on login:
http://www.openafs.org/dl/openafs/1.7.10/winxp/ReleaseNotes/html/ch03s06.html

"Integrated Logon will not transfer Kerberos v5 tickets into the user's
logon session credential cache. This is no longer possible on Vista and
Windows 7."
Yes, I have seen that, but that do not explain the behaviour since I 
have no wish to fetch thingd from MSLSA.
Integrated logon works, but fetching new krbtgt at unlock of the login 
window does not.
And BTW, importing tickets from MSLSA to API seems to work (pressing 
import button).


-- Ragge


It gives a bad user experience to tell them that they need to fetch
stuff manually,
since they did not need to do so on XP but now on Windows 7.  Therefore
we need to
find out what is wrong since this was not a problem before (with XP).

It is a security precaution situation made by MS. Go and ask MS to
change it.


-- Ragge



MfG,
Lars Schimmer


___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] Questions regarding AFS ticket lifetime

[Anders Magnusson]

On 04/20/2012 09:35 AM, Lars Schimmer wrote:

 From memory, during our Windows XP days (different OS, different
OpenAFS, different Network Identity Manager, different MIT Kerberos
for Windows), just locking and unlocking the computer refreshed the
AFS ticket.

How has this changed for Windows 7 and our current setup, as this
no longer seems to be working?

Remember the 2 different credential caches of windows - one of system
at login and one for NetworkID Manager.

On Login you get a ticket/token with the Windows Builtin credential
cache which CANNOT be accessed by Network ID Manager.
Only after you obtained a token manual in NetworkID manager it renews
the token automatic and you can set the token lifetime with Network ID
manager.

The problem is:
1) Automatic renewal of the tgt by NiM do not work on Windows 7.  It did 
on XP.
2) Letting NiM fetch a new tgt when the user unlocks the screen do not 
work.  It did on XP.


It gives a bad user experience to tell them that they need to fetch 
stuff manually,
since they did not need to do so on XP but now on Windows 7.  Therefore 
we need to

find out what is wrong since this was not a problem before (with XP).

-- Ragge

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] Kerberos for Windows library krb5_32.dll is not available.

[Anders Magnusson]

Hum, it looks like this:

C:\Program Files\MIT\Kerberos\bin>dir krb5*.dll
 Volume in drive C is LTUWin7
 Volume Serial Number is B827-4DC5

 Directory of C:\Program Files\MIT\Kerberos\bin

2010-09-08  15:26   156 576 krb5cred.dll
2010-09-08  15:26   134 560 krb5cred_en_us.dll
2007-10-22  22:02 1 068 888 krb5_64.dll
   3 File(s)  1 360 024 bytes
   0 Dir(s)  86 545 391 616 bytes free


And it works with 1.7.1, same KfW.

-- Ragge


On 02/23/2012 12:50 PM, Michael Richter wrote:
On our 64-bit workstations (Windows 7 Business) it is there. If you 
expect a krb5_64.dll: It does not exist. Both, the KfW 32 and 64 bit 
version does have krb5_32.dll.


Mit freundlichen Grüßen
Michael Richter


Anders Magnusson  schrieb am Thu, 23.02.2012 um 12:40:

Well, it isn't there, and I assume it should not be there on 64-bit
Windows either :-)
The aklog following 1.7.1 works with the same KfW.

This is a problem on >376 machines where we recently upgraded.

-- Ragge

On 02/23/2012 11:54 AM, Michael Richter wrote:

krb5_32.dll should be found in "C:\Program Files\MIT\Kerberos\bin" and
your systems PATH variable should include this path. You could check
if this is correct.

Mit freundlichen Grüßen
Michael Richter


Anders Magnusson  schrieb am Thu, 23.02.2012 um 9:04:

Hi,


since 1.7.1 something has happened that causes aklog to complain.

Environment:

Windows 7 x64 Enterprise

OpenAFS 1.7.6

MIT Kerberos for Windows (64-bit) 3.2.2

C:\Users\kex>aklog

Kerberos for Windows library krb5_32.dll is not available.


It did work in 1.7.1.


Is this due to something we missed to fix or something else?

-- Ragge
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info








___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

[OpenAFS] Kerberos for Windows library krb5_32.dll is not available.

[Anders Magnusson]

Hi,


since 1.7.1 something has happened that causes aklog to complain.

Environment:

Windows 7 x64 Enterprise

OpenAFS 1.7.6

MIT Kerberos for Windows (64-bit) 3.2.2

C:\Users\kex>aklog

Kerberos for Windows library krb5_32.dll is not available.


It did work in  1.7.1.


Is this due to something we missed to fix or something else?

-- Ragge
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

[OpenAFS] Time Machine, Lion and AFS

[Anders Magnusson]

Hi,

just relaying a question here:  Anyone got Time Machine to work using 
Lion and OpenAFS?


-- Ragge
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] Windows file locking do not work on IFS client.

[Anders Magnusson]

On 09/28/2011 04:20 PM, Jeff Blaine wrote:

This would be a bug.  Please file bugs to openafs-info@openafs.org.


Or ideally openafs-b...@openafs.org


Hehe :-)

Done!

-- Ragge
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

[OpenAFS] Windows file locking do not work on IFS client.

[Anders Magnusson]

Environment:
Server:  OpenAFS 1.4.12.1, Redhat 5.3
Client: Windows 7, OpenAFS 1.7.1

It seems that file locking has stopped working in the new client, 
resulting in data corruption :-/


Simple test case:

- Have two Win7 clients
- Open a .xlsx document in Office 2010 on one of them.
- Open the same document on the second machine.  No complaints.
- Write something in the document on the first machine, save it and quit.
- Write something in the document on the second machine, save it and quit.

The first thing written is now gone.

Setting EnableServerLocks to 2 do not help.  The document just does not 
seem to be locked.


If a file is opened with an older SMB client then the IFS client 
understands it, and tells that

it is locked on the Win7 machine.

Any hints?  Something missed to be configured?

-- Ragge
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] Windows client network behaviour

[Anders Magnusson]

On 09/22/2011 03:00 PM, Jeffrey Altman wrote:

On 9/22/2011 5:08 AM, Anders Magnusson wrote:
   

What I meant here is that the gateway is a Centos 5 machine running
Samba and OpenAFS 1.4.10 and store data in AFS.  So, writing to the
same place in AFS via this machine is significantly faster than using
the IFS client. This is just to show that the performance problem isn't
there if using the Linux client.
 

If the behavior you are seeing is not a regression from the OpenAFS
Windows 1.6.0 client on your systems, then the performance limitation is
simply a design limitation of the current Windows cache manager
implementation.  The cache manager currently requires that all StoreData
operations be serialized which limits the number of simultaneous
StoreData RPCs on a file to 1.  Small chunksizes will result in poor
performance.   I use

   ChunkSize 23 (decimal)

which equates to 8MB per RPC.
   
I have tested with the 1.6.0 client, and get about double speed compared 
to the IFS client.


I also tried to increase the chunksize as suggested, but no difference 
in performance.


So, this is still a mystery for me :-/

-- Ragge
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] Windows client network behaviour

[Anders Magnusson]

On 09/21/2011 05:23 PM, Jeffrey Altman wrote:

On 9/21/2011 7:09 AM, Anders Magnusson wrote:
   

In the hunt for oddities regarding the new IFS Windows client I have
observed a problem causing bad performance, and hopefully someone has
some idea about what is going on.

Environment:
Server:  OpenAFS 1.4.12.1, CentOS 5.3
Client: Windows 7, OpenAFS 1.7.1

The test case is to write an ISO image (700MB) to afs from local disk.
 

What size is the cache?  Is the ISO larger than the cache?
   

Cache size 2Gbyte, so cache larger than file.


What is the chunksize?
   

Unchanged.

What is the blocksize?
   
Unchanged. Eh, how is this parameter changed???  Can't find it in the 
documentation.
   

If the switch port is set to 100Mbit I will get ~3Mbyte/s, but if it is
set to 1Gbit then I get ~10Mbyte/s.
Both these numbers are much lower than they should be, and more
precisely I cannot understand why the speed in 100Mbit configuration
becomes much lower than when using 1Gbit.
 

More than likely it is because the RPC round trip time is slower and
therefore the latency is longer.
   

rxstats says (after two writes of the iso, asking the client):

C:\Users\Administrator>rxdebug -rxstats 130.240.42.9 7001
Trying 130.240.42.9 (port 7001):
Free packets: 1276/2562, packet reclaims: 0, calls: 3318, used FDs: 0
not waiting for packets.
0 calls waiting for a thread
6 threads are idle
0 calls have waited for a thread
rx stats: free packets 1276, allocs 1170493, alloc-failures(rcv 0/0,send 
0/0,ack 0)
   greedy 0, bogusReads 0 (last from host 0), noPackets 0, noBuffers 0, 
selects 0, sendSelects 0
   packets read: data 52621 ack 536170 busy 0 abort 2 ackall 0 
challenge 111 response 0 debug 5 params 0 unused 0 unused 0 unused 0 
version 0

   other read counters: data 52621, ack 536139, dup 0 spurious 31 dally 0
   packets sent: data 1086992 ack 52651 busy 0 abort 0 ackall 0 
challenge 0 response 111 debug 0 params 0 unused 0 unused 0 unused 0 
version 0
   other send counters: ack 52651, data 1086973 (not resends), resends 
19, pushed 0, acked&ignored 56101

(these should be small) sendFailed 0, fatalErrors 0
   Average rtt is 0.001, with 1034074 samples
   Minimum rtt is 0.001, maximum is 0.125
   19 server connections, 0 client connections, 8 peer structs, 28 call 
structs, 28 free call structs

   0 clock updates
Done.

I think the rtt seems quite low...?

Before someone asks; there are no network limits here and both client
and server are on the same subnet.

I have run tcpdump on both client and server and seen this traffic
"pattern":

For 100Mbit:
- A data packet is sent out periodically at an almost exact rate of one
1472 byte
   per 420 microseconds, which gives something close to 3Mbyte/s

For 1Gbit:
- The same as for 100Mbit except for that the packet rate is one packet
per 91 microseconds.

The ack packet from the file server is sent back 12 microseconds after
each second data packet.
 

How long does it take for each each StoreData RPC to complete?
   

Is there any good way to dig that out?
Anyway, here's a snippet from tcpdump output on the windows machine; 
130.240.42.9 is the client, 130.240.42.222 is the server.

The packet ack comes back in some microseconds.

09:40:52.626621 IP (tos 0x0, ttl 128, id 24472, offset 0, flags [DF], 
proto: UDP (17), length: 1472, bad cksum 0 (->3acd)!) 130.240.42.9.7001 
> 130.240.42.222.7000:  rx data seq 8 ser 216 (1444)
09:40:52.626711 IP (tos 0x0, ttl 128, id 24473, offset 0, flags [DF], 
proto: UDP (17), length: 1472, bad cksum 0 (->3acc)!) 130.240.42.9.7001 
> 130.240.42.222.7000:  rx data seq 9 ser 217 (1444)
09:40:52.626774 IP (tos 0x0, ttl  64, id 60100, offset 0, flags [none], 
proto: UDP (17), length: 93) 130.240.42.222.7000 > 130.240.42.9.7001:  
rx ack seq 0 ser 112 first 8 serial 215 reason idle (65)
09:40:52.626803 IP (tos 0x0, ttl 128, id 24474, offset 0, flags [DF], 
proto: UDP (17), length: 1472, bad cksum 0 (->3acb)!) 130.240.42.9.7001 
> 130.240.42.222.7000:  rx data seq 10 ser 218 (1444)
09:40:52.626897 IP (tos 0x0, ttl 128, id 24475, offset 0, flags [DF], 
proto: UDP (17), length: 1472, bad cksum 0 (->3aca)!) 130.240.42.9.7001 
> 130.240.42.222.7000:  rx data seq 11 ser 219 (1444)
09:40:52.626963 IP (tos 0x0, ttl  64, id 60101, offset 0, flags [none], 
proto: UDP (17), length: 93) 130.240.42.222.7000 > 130.240.42.9.7001:  
rx ack seq 0 ser 113 first 10 serial 217 reason idle (65)
09:40:52.626990 IP (tos 0x0, ttl 128, id 24476, offset 0, flags [DF], 
proto: UDP (17), length: 1472, bad cksum 0 (->3ac9)!) 130.240.42.9.7001 
> 130.240.42.222.7000:  rx data seq 12 ser 220 (1444)
09:40:52.627081 IP (tos 0x0, ttl 128, id 24477, offset 0, flags [DF], 
proto: UDP (17), length: 1472, bad cksum 0 (->3ac8)!) 130.240.42.9.7001 
> 130.240.42.222.7000:  rx data seq 13 ser 221 (1444)
09:40:52.627145 IP (tos 0x0, ttl  64, id 60102, offset 0, flags [none], 
proto: UDP (17), length

Re: [OpenAFS] Windows client network behaviour

[Anders Magnusson]

On 09/21/2011 02:56 PM, Lars Schimmer wrote:

On 2011-09-21 13:09, Anders Magnusson wrote:


In the hunt for oddities regarding the new IFS Windows client I have
observed a problem causing bad performance, and hopefully someone has
some idea about what is going on.

Environment:
Server: OpenAFS 1.4.12.1, CentOS 5.3
Client: Windows 7, OpenAFS 1.7.1



Any hints anyone? I think this smells as traffic shaping due to the
quite exact transmit rate but
since the QoS module is uninstalled and the behaviour is seen on the
windows network interface
I have no clue where it may be.



Not really a idea or anything, but:
- encryption enabled or disabled on client?

Disabled.


- local cache on client on slow harddrive?
No, state-of-the-art HP workstation.  Note that this is more-or-less the 
behaviour
of all our Win7 machines with the IFS client, all of them are really new 
hardware.


Our current setup does show 20-40 MB/sec with OpenAFS 1.7.1 on 64bit 
system, depending on the server.

Yes, and that is what we expect also, therefore I am investigating this.

-- Ragge




A side note: Going via a SMB-AFS gateway on the same network gives
significantly better
performance.

-- Ragge



MfG,
Lars Schimmer


___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

[OpenAFS] Windows client network behaviour

[Anders Magnusson]

In the hunt for oddities regarding the new IFS Windows client I have 
observed a problem causing bad performance, and hopefully someone has 
some idea about what is going on.


Environment:
Server:  OpenAFS 1.4.12.1, CentOS 5.3
Client: Windows 7, OpenAFS 1.7.1

The test case is to write an ISO image (700MB) to afs from local disk.

If the switch port is set to 100Mbit I will get ~3Mbyte/s, but if it is 
set to 1Gbit then I get ~10Mbyte/s.
Both these numbers are much lower than they should be, and more 
precisely I cannot understand why the speed in 100Mbit configuration 
becomes much lower than when using 1Gbit.


Before someone asks; there are no network limits here and both client 
and server are on the same subnet.


I have run tcpdump on both client and server and seen this traffic 
"pattern":


For 100Mbit:
- A data packet is sent out periodically at an almost exact rate of one 
1472 byte

  per 420 microseconds, which gives something close to 3Mbyte/s

For 1Gbit:
- The same as for 100Mbit except for that the packet rate is one packet 
per 91 microseconds.


The ack packet from the file server is sent back 12 microseconds after 
each second data packet.


I have uninstalled the QoS module on the Windows interface.

Any hints anyone? I think this smells as traffic shaping due to the 
quite exact transmit rate but
since the QoS module is uninstalled and the behaviour is seen on the 
windows network interface

I have no clue where it may be.

A side note: Going via a SMB-AFS gateway on the same network gives 
significantly better

performance.

-- Ragge
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] Re: AFS version of sudo for admin ?

[Anders Magnusson]

Andrew Deason wrote:

On Fri, 17 Dec 2010 15:59:31 +0100
Anders Magnusson  wrote:

  

John Tang Boyland wrote:


Does anyone know of a "sudo" like command for AFS admin commands?
admindo vos release pkg.foo
It would be nice, but not essential to have the token stick around
for 5 minutes in case you need to do another admindo soon afterwards.
  

Make a simple script (heimdal):



This doesn't require you to enter a password for a release, though,
which I assumed John wanted (it might help to say which specific aspects
of 'sudo' you're looking for). That is, you can still 'kinit foo/admin'
and walk away and someone else can vos whatever.
  

Eh, how?  You loses your pag when kinit exits, so no credentials left...?

-- Ragge
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] AFS version of sudo for admin ?

[Anders Magnusson]

John Tang Boyland wrote:

Does anyone know of a "sudo" like command for AFS admin commands?
admindo vos release pkg.foo
It would be nice, but not essential to have the token stick around
for 5 minutes in case you need to do another admindo soon afterwards.
  

Make a simple script (heimdal):

#!/bin/sh
kinit $USER/admin $*

If you want the ccache to stay around for a while then do something more 
clever like:


#!/bin/sh
export KRB5CCNAME=/tmp/aksu.$USER
if klist -t ; then
   /usr/bin/pagsh -c "aklog; $*"
else
   kinit -l 300 $USER/admin $*
fi

-- Ragge

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] add partitions witout restarting afs fileserver

[Anders Magnusson]

There is another way; have a number of unused /vicepx available and have 
an AlwaysAttach
in them.  When you want to add more disk you just mount it on one of the 
unused /vicepx :-)


-- Ragge

Assarsson, Emil wrote:

Thank you for your fast response :-)
I use lvm2 for the file systems and I were able to resize it without restarting 
the service.

--
Emil

-Original Message-
From: Harald Barth [mailto:h...@kth.se] 
Sent: måndag den 8 november 2010 14:14

To: Assarsson, Emil
Cc: openafs-info@openafs.org
Subject: Re: [OpenAFS] add partitions witout restarting afs fileserver


  

I'm trying to find out if it's possible to add partitions without
restarting afs fileserver. Is it? And how can I do it? Or is a
simple restart not considered to be downtime?



My guess is that you are using 1.4.x and that the answer is no. The
only way to do this wholly transparent for the user with zero downtime
is by juggling over all volumes to another server and then add vicep,
upgrade OS and AFS (you probably should that anyway).

The 1.5 or 1.6 series will have the demand attach fileserver which
will give you fast restart (so fast that your clients will not
time out and then it would not be considered downtime).

Harald.

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

  


___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] bos killed fileserver before it was shut down cleanly.

[Anders Magnusson]

I was probably a little bit too tired yesterday when I couldn't see the 
difference

between 9 and 11, as other pointed out :-(

Anyway, the annoying thing with fileserver getting terminated hard while 
still
offlining volumes is a problem.  A simple way to fix it would be to have 
a pipe

between bos and whatever daemon it has and send keepalives to see that it
hasn't hung, but I don't know what other implications that might have.

Should I write something like this or just leave it?

-- ragge

On 10/10/2010 10:27 AM, Derrick Brashear wrote:

I'll echo the call for the backtrace, which is the potentially RT-Bug-worthy 
thing here.

Derrick


On Oct 9, 2010, at 10:38 AM, Anders Magnusson  wrote:

   

I noticed an annoying thing yesterday;  if fileserver takes more than 30*60 
seconds to
shutdown, it is killed by bos, even though it is still offlining volumes.  
(more annoying;
fileserver fails to handle SIGKILL correctly and segfaults as a side effect).

This is for 1.4.12.1, I haven't looked at 1.5, but I do not think it ever 
should force fileserver
to die while it's doing it's work.  No idea how to implement this though 
without a major rewrite.

Should I send a RT bug report on it?

-- Ragge


___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
 

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

   


___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

[OpenAFS] bos killed fileserver before it was shut down cleanly.

[Anders Magnusson]

I noticed an annoying thing yesterday;  if fileserver takes more than 
30*60 seconds to
shutdown, it is killed by bos, even though it is still offlining 
volumes.  (more annoying;
fileserver fails to handle SIGKILL correctly and segfaults as a side 
effect).


This is for 1.4.12.1, I haven't looked at 1.5, but I do not think it 
ever should force fileserver
to die while it's doing it's work.  No idea how to implement this though 
without a major rewrite.


Should I send a RT bug report on it?

-- Ragge


___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] Windows client complaints.

[Anders Magnusson]

Hi Jeffrey,

Jeffrey Altman wrote:

On 10/7/2010 5:20 AM, Anders Magnusson wrote:
  

We have a few (sometimes heavy loaded) WTS machines that have started to
get annoying
warnings in the application log after we upgraded client from 1.5.64 to
1.5.77.

Each 5 seconds it gets lines like this in the application log:

Server 130.240.42.222 reported volume 538176929 as temporarily
unaccessible.
All servers are offline when accessing cell ltu.se volume 538176929.

It always complain about a specific volume, but after some time it may
start complaining
about another volume instead.  Despite this, the volume is accessible
even though there are
delays when walking around in the volume.

We haven't seen this on any other machines, but on three WTS servers.
The WTS machines are running 2003R2 64-bit with the SMB AFS client.
No complains at all on the file servers.  Tested with complaining volumes
on both 1.4.11 and 1.4.12.1 file servers.

Any hints?  Because this only occurs if there is quite some load on the
terminal
servers it's not easy to debug (and unpopular :-)

-- Ragge



The errors were most likely present in the past.  There simply were no
log messages for them before 1.5.75.  That warning message indicates
that the file server returned a VIO error for the object being accessed.
 If source is a read/write volume, there will be no other replicas and
so all servers will be offline for that object.

You will need to examine the file server logs to identify the reason the
VIO error is being returned.
  
There is nothing in the fileserver log concerning this volume at all.  
Even more notable
is that, for example, I got the app log messages at :40, :45 and :50, 
but nothing in the

fileserver log (turned up with one -TSTP) until :52, where it said

Thu Oct  7 14:01:52 2010 SRXAFS_FetchData, Fid = 538176929.7617.23824

This specific fileserver runs 1.4.12.1.

...and everything works without log messages from machines that are less 
loaded.


-- Ragge
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

[OpenAFS] Windows client complaints.

[Anders Magnusson]

We have a few (sometimes heavy loaded) WTS machines that have started to 
get annoying
warnings in the application log after we upgraded client from 1.5.64 to 
1.5.77.


Each 5 seconds it gets lines like this in the application log:

Server 130.240.42.222 reported volume 538176929 as temporarily unaccessible.
All servers are offline when accessing cell ltu.se volume 538176929.

It always complain about a specific volume, but after some time it may 
start complaining
about another volume instead.  Despite this, the volume is accessible 
even though there are

delays when walking around in the volume.

We haven't seen this on any other machines, but on three WTS servers.
The WTS machines are running 2003R2 64-bit with the SMB AFS client.
No complains at all on the file servers.  Tested with complaining volumes
on both 1.4.11 and 1.4.12.1 file servers.

Any hints?  Because this only occurs if there is quite some load on the 
terminal

servers it's not easy to debug (and unpopular :-)

-- Ragge
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] Testing OpenAFS with Windows XP Roaming Profiles....

[Anders Magnusson]

On 09/17/2010 05:06 PM, Claudio Prono wrote:



Now, the question is: how i can make Windows first write the updated
profile, then drop tickets?

The ACL system:anyuser all for the profile folder is not a good solution...

Any hint?
 


The afslogon.dll has special code in it that has to detect that the
profile is redirected into AFS.   This is based on the assumption that a
domain is in use.   The additional case for a non-domain profile in AFS
would have to be added.

Jeffrey Altman

   
Just an idea... why don't put an option inside the AFS control panel 
to override the domain detection ? Not all the users using a roaming 
profile use a Domain Something like "roaming profile active" in 
the AFS control panel


There is a registry entry that says that the credentials should not be 
destroyed on

logout, have you tried to set that reg entry?

-- Ragge

Anyway, now how i can override that detection of the afslogon.dll ? 
Any trick to cheat the afslogon.dll auto detection?


Cordially,

Claudio Prono.




!DSPAM:1,4c937b03144183967797667!


--

Claudio Prono OPST
System Developer
   Gsm: +39-349-54.33.258
@PSS Srl  Tel: +39-011-32.72.100
Via San Bernardino, 17Fax: +39-011-32.46.497
10141 Torino - ITALYhttp://atpss.net/disclaimer

PGP Key -http://keys.atpss.net/c_prono.asc



   

Re: [OpenAFS] Windows client: "Mount points must be created within the AFS file system".

[Anders Magnusson]

On behalf of Anders Hannus;

yes, it makes a difference, but not a good one.  It neither complains 
nor creates a mountpoint:


H:\>.\fs.exe -version
OpenAFS_1.5.5900

H:\>.\fs.exe  mkm \\afs\ltu.se\staff\r\ragge\ staff.ragge

H:\>fs rmm \\afs\ltu.se\staff\r\ragge\
fs: File '\\afs\ltu.se\staff\r\ragge\' doesn't exist

H:\>"c:\Program Files\OpenAFS\Client\Program\fs.exe"  mkm 
\\afs\ltu.se\staff\r\ragge\ staff.ragge

fs: mount points must be created within the AFS file system

H:\>"c:\Program Files\OpenAFS\Client\Program\fs.exe"  -version
OpenAFS_1.5.7400

-- Ragge

Jeffrey Altman wrote:

Try the version of fs.exe that works for you on the system that fails.
Does that make a difference?

On 6/29/2010 10:01 AM, Anders Hannus wrote:
  

And for the question:

C:\Documents and Settings\anha-rsa>fs getfid \\afs\ltu.se\staff\a\anha
Directory \\afs\ltu.se\staff\a\anha (536870933.1.1) contained in cell ltu.se

/anders

-Original Message-
From: openafs-info-ad...@openafs.org [mailto:openafs-info-ad...@openafs.org] On 
Behalf Of Jeffrey Altman
Sent: den 29 juni 2010 15:18
To: openafs-info@openafs.org
Subject: Re: [OpenAFS] Windows client: "Mount points must be created within the AFS 
file system".

Anders:

Unfortunately this doesn't help because as you have shown it works with
1.5.73 and there were no changes between 1.5.73 and 1.5.74 which affect
the traversed source code paths.  The pioctl debugging indicates that a
file not found error is being returned from the cache manager.

What is the output of

  fs getfid \\afs\ltu.se\staff\a\anha

on the machine experiencing the problem?

Jeffrey Altman

On 6/29/2010 3:48 AM, Anders Hannus wrote:


This is with 1.5.73 on Windows 7.

H:\>fs whereis \\afs\ltu.se\staff\a\anha
Directory \\afs\ltu.se\staff\a\anha is on host adam.its.ltu.se

H:\>fs whereis h:\
Directory h:\ is on host adam.its.ltu.se


With 1.5.74 on Windows 2003 Server

C:\Documents and Settings\anha-rsa>fs whereis \\afs\ltu.se\staff\a\anha
Directory \\afs\ltu.se\staff\a\anha is on host adam.its.ltu.se

And the command that fails:

C:\Documents and Settings\anha-rsa>fs mkmount -dir \\afs\ltu.se\staff\a\anha\tes
t -vol staff.anha.backup
pioctl temp != 0: 0x66543205
fs: mount points must be created within the AFS file system


Hope that this helps.

/anders hannus


-Original Message-
From: openafs-info-ad...@openafs.org [mailto:openafs-info-ad...@openafs.org] On 
Behalf Of Jeffrey Altman
Sent: den 28 juni 2010 23:00
To: openafs-info@openafs.org
Subject: Re: [OpenAFS] Windows client: "Mount points must be created within the AFS 
file system".

Anders, Ragge:

This is not a known issue and I can't reproduce it on any of my XP,
2003, 2008 or Win7 systems which makes it difficult to identify.

From the H: drive, what is the output of

  fs whereis \\afs\ltu.se\staff\r\ragge

If that fails, please turn on the pioctl debugging registry key
as described in the release notes troubleshooting section and file
a bug report to openafs-b...@openafs.org with the command line output
that is generated from "fs whereis" when the registry key is active.

Jeffrey Altman

On 6/28/2010 12:27 PM, Anders Hannus wrote:
  

I'll be happy to provide more details if you can be more specific about what is 
needed or if we just need to file a bug report.

On a Windows 2003 server I know that 1.5.59 is working and 1.5.74 is not. I 
don't know exactly when it stopped working as I found out about this as I have 
some powershell scripts that stopped working when upgrading from .59 to .74. 
It's thus quite annoying as I have to run these scripts on a server we still 
have not upgraded.

As far as I know the problem is present om Windws Server 2003, Windows XP and 
Windows 7. Both with the command and from the explorer GUI. It works if afs is 
mounted as a letter within windows but not with unc paths. I got one powershell 
script working then using the set-location command to change she execution 
location to the unc path. Somehow that didn't solve the problem in another 
script.

/anders hannus

-Original Message-
From: openafs-info-ad...@openafs.org [mailto:openafs-info-ad...@openafs.org] On 
Behalf Of Anders Magnusson
Sent: den 18 juni 2010 13:13
To: jalt...@secure-endpoints.com
Cc: openafs-info@openafs.org
Subject: Re: [OpenAFS] Windows client: "Mount points must be created within the AFS 
file system".

Jeffrey Altman wrote:


On 6/18/2010 4:26 AM, Anders Magnusson wrote:
  
  

Hi,

we'we discovered a small bug related to mount points which has 
appeared in some recent windows client.  Testing with 1.5.74;  mount 
points cannot be created neither from the explorer shell nor from the 
command prompt if referring to an UNC path.  This worked with older 
clients (like 1.5.59).


Mapping the afs path to a drive letter and then make a mount

Re: [OpenAFS] Windows client: "Mount points must be created within the AFS file system".

[Anders Magnusson]

Jeffrey Altman wrote:

On 6/18/2010 4:26 AM, Anders Magnusson wrote:
  

Hi,

we'we discovered a small bug related to mount points which has appeared
in some recent windows client.  Testing with 1.5.74;  mount points
cannot be created
neither from the explorer shell nor from the command prompt if referring to
an UNC path.  This worked with older clients (like 1.5.59).

Mapping the afs path to a drive letter and then make a mount point works.
It's the UNC path that makes it fail.

Is this a known bug or should we file a bug report?

-- Ragge



I just tried:

[C:\src\openafs\stresstest]fs mkm \\afs\yfs\user\jaltman\dementia
root.cell -cell dementia.org

[C:\src\openafs\stresstest]fs lsm \\afs\yfs\user\jaltman\dementia
'\\afs\yfs\user\jaltman\dementia' is a mount point for volume
'#dementia.org:root.cell'

Can you be more specific about the problem you are experiencing?
  

No problem; H: is my home directory:

H:\>fs mkm  staff.ragge

H:\>fs rmm 

H:\>fs mkm \\afs\ltu.se\staff\r\ragge\ staff.ragge
fs: mount points must be created within the AFS file system

H:\>fs --version
OpenAFS_1.5.7400

-- Ragge


___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

[OpenAFS] Windows client: "Mount points must be created within the AFS file system".

[Anders Magnusson]

Hi,

we'we discovered a small bug related to mount points which has appeared
in some recent windows client.  Testing with 1.5.74;  mount points 
cannot be created

neither from the explorer shell nor from the command prompt if referring to
an UNC path.  This worked with older clients (like 1.5.59).

Mapping the afs path to a drive letter and then make a mount point works.
It's the UNC path that makes it fail.

Is this a known bug or should we file a bug report?

-- Ragge

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

[OpenAFS] Expanding/shrinking vice partitions

[Anders Magnusson]

Hi,

I'm wondering if it may have any negative side effects if I change the 
size of a vice partition
while the file server is running?  For example when adding a new disk 
and then just expand

a vice partition via lvm.

Also, I noticed that if I move away all volumes from a partition, then 
it works to just umount
that partition and mount something else and then start moving volumes 
there; the AFSIDat and
other stiff seems to just be recreated without restarting fileserver.  
Is this something that is

"safe" to do?

-- Ragge
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] Re: Cron Jobs for "Regular" Users

[Anders Magnusson]

Andrew Deason wrote:
> could protect the directory where the keytabs are under an IP ACL, but
> IP ACLs don't always work so well, and you'd open up access to anyone
>   
When do IP ACLs not work so well?

-- Ragge
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] New Cell setup - ideas?

[Anders Magnusson]

Lars Schimmer wrote:

Right now I see the limit of 20 groups per ACL in a directory as a
problem - but thats a point we could work araound, somehow.
  

You should use as few ACL entries as possible and instead put users/groups
in groups on the directories.  IMHO something is setup wrong if you have
more than ~5 ACLs on a directory.

-- Ragge
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

[OpenAFS] Strange windows client error

[Anders Magnusson]

We have gotten a really strange problem on a bunch of our WinXP 
computers, and I really

cannot find out what the problem is.

When an user logs in, after ~10 seconds after pressing enter in the 
login window, a popup
window says "Integrated login failed: Authentication Server was 
unavailable"  and nothing
related to AFS file system works (like Desktop redirection).  BUT:  only 
a few seconds later,
when the user is logged in, the identity manager has gotten tokens and 
AFS works.


Tested with the latest client and all hotfixes.  No firewalls involved.

Any hints?  The above error message is for me something that does not 
make sense.


-- Ragge
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] Current OpenAFS Backup Recommendations

[Anders Magnusson]

Harald Barth wrote:

What open source & commercial backup solutions are

a) aware of OpenAFS
b) can handle autoloaders well




I don't think that solution exists out of the box.

The only commercial product I know of is from teradactyl and that fell
for our needs because of prize and tape library support (I don't know
if they can share IBM tape libraries with TSM nowadays, their
"supported libraries" web page is thin). So we did our own script
thingie based on that all the gory details of tapes are handled by TSM
and then we only use an own client to archive volume dumps into TSM
(vos dump ... | tsmpipe ...). At least 5 cells around here use this
approach.

Btw, there are folks working on per file backup into TSM as well (as
IBM dropped oficial support of that years ago - and you needed an AIX
client).
  

We have been using the TSM client for 6 months now, and it tends to
work quite well.  There are a few annoying things still there, but I 
hope to have
time to fix them early next year. 


-- Ragge


Harald.
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
  


___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] Windows client error.

[Anders Magnusson]

Thanks,

no network stuff causing problem, but another unexpected problem that
might be good
to know:  The ZoneAlarm firewall was installed but disabled;
nevertheless it caused this
problem.  Uninstalling ZoneAlarm made openafs work again.  This is
indeed good to know.

-- Ragge


Jeffrey Altman wrote:
> 19270401 = Packet too short for security challenge
>
> by any chance is there a firewall or router in the path that blocks udp
> fragments?
>
> Anders Magnusson wrote:
>   
>> Time is correct (always checked first :-)
>> The log output doesn't tell me anything, but maybe someone
>> else: /afs/ltu.se/tests/error091202/afsd.log
>>
>> -- Ragge
>>
>>
>> Jeffrey Altman wrote:
>> 
>>> check the clock of the machine.  there may be a clock skew error.
>>> To find out the real rx level error, use "fs trace".
>>>
>>> * fs trace -on -reset
>>> * dir \\afs\ltu.se
>>> * fs trace -dump -off
>>> * examine contents of %windir%\temp\afsd.log
>>>
>>> Jeffrey Altman
>>>
>>> Anders Magnusson wrote:
>>>  
>>>   
>>>> We have one XP SP3 machine that has a really strange problem.
>>>> Tickets and tokens are no problem, but trying to access \\afs\ltu.se in
>>>> the explorer
>>>> shell says permission denied.  Doing it from the cmd prompt says:
>>>>
>>>> C:\Documents and Settings\johanc>dir \\afs\ltu.se
>>>> SEC_E_NO_KERB_KEY
>>>>
>>>> C:\Documents and Settings\johanc>
>>>>
>>>> Note that output from "tokens" command is correct.
>>>>
>>>> I have never seen this error before and googling results in nearly nil.
>>>> Any hints?
>>>>
>>>> -- Ragge
>>>>
>>>>
>>>> ___
>>>> OpenAFS-info mailing list
>>>> OpenAFS-info@openafs.org
>>>> https://lists.openafs.org/mailman/listinfo/openafs-info
>>>>
>>>> 
>>>> 

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] Windows client error.

[Anders Magnusson]

Time is correct (always checked first :-)
The log output doesn't tell me anything, but maybe someone
else: /afs/ltu.se/tests/error091202/afsd.log

-- Ragge


Jeffrey Altman wrote:

check the clock of the machine.  there may be a clock skew error.
To find out the real rx level error, use "fs trace".

* fs trace -on -reset
* dir \\afs\ltu.se
* fs trace -dump -off
* examine contents of %windir%\temp\afsd.log

Jeffrey Altman

Anders Magnusson wrote:
  

We have one XP SP3 machine that has a really strange problem.
Tickets and tokens are no problem, but trying to access \\afs\ltu.se in
the explorer
shell says permission denied.  Doing it from the cmd prompt says:

C:\Documents and Settings\johanc>dir \\afs\ltu.se
SEC_E_NO_KERB_KEY

C:\Documents and Settings\johanc>

Note that output from "tokens" command is correct.

I have never seen this error before and googling results in nearly nil.
Any hints?

-- Ragge


___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info




___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

[OpenAFS] Windows client error.

[Anders Magnusson]

We have one XP SP3 machine that has a really strange problem.
Tickets and tokens are no problem, but trying to access \\afs\ltu.se in 
the explorer

shell says permission denied.  Doing it from the cmd prompt says:

C:\Documents and Settings\johanc>dir \\afs\ltu.se
SEC_E_NO_KERB_KEY

C:\Documents and Settings\johanc>

Note that output from "tokens" command is correct.

I have never seen this error before and googling results in nearly nil.
Any hints?

-- Ragge


___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] Windows client cannot delete file.

[Anders Magnusson]

Jeffrey Altman wrote:

Anders Magnusson wrote:
  

Hi,

one of our users encountered a really strange problem: a specific file
could not be deleted
from windows.  No problem to copy or move the file, but delete or
writing to the file do not work.
Note that copies of the file can be deleted, but not the file itself. 
Also, no problem to do

anything with other files in the same directory.

From Unix there are no problems at all to deal with the file, including
to make more copies of
it that cannot be deleted from windows :-)

Servers are 1.4.11, Windows client is 1.5.66 but the behavior is the
same on older clients.

Any hints?  The file can be provided on request (contains private data).

-- Ragge



What is the Unix mode on the file?   The file may be marked as readonly.
  The Windows readonly attribute is stored on the file as Unix mode 222.
 In Windows, a readonly file cannot be deleted until the readonly
attribute is cleared.
  
Thanks, this was the problem, except from that the read-only attribute 
in properties

were not shown as set.  If the file mode is:
-r--rwx---
then the file cannot be deleted but the read-only attribute is not shown 
as set either.


-- Ragge
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

[OpenAFS] Windows client cannot delete file.

[Anders Magnusson]

Hi,

one of our users encountered a really strange problem: a specific file 
could not be deleted
from windows.  No problem to copy or move the file, but delete or 
writing to the file do not work.
Note that copies of the file can be deleted, but not the file itself.  
Also, no problem to do

anything with other files in the same directory.

From Unix there are no problems at all to deal with the file, including 
to make more copies of

it that cannot be deleted from windows :-)

Servers are 1.4.11, Windows client is 1.5.66 but the behavior is the 
same on older clients.


Any hints?  The file can be provided on request (contains private data).

-- Ragge
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] Windows 1.5.66 and CellServDB issue.

[Anders Magnusson]

We've seen this also; and since ltu.se is not in CellServDB the 1.5.66
client do not work (1.5.65 does).
Can it have something to do with this change?

 * Promote DNS SRV records as superior to DNS AFSDB
   records.  Support arbitrary port numbers for vldb
   servers.


We do not have any SRV records for AFS , only AFSDB.

-- Ragge

Richard Brittain wrote:
> Hi,
>  just updated to 1.5.66 on Windows XP (32-bit) (which would have been
> less confusing if I'd caught up on the mailing list first).
>
> It seems that I can't connect to any file servers for cells not in the
> CellServDB file.  I know that DNS lookups are working, because I can
> authenticate and do things like checkservers and getserverprefs, but
> attempts to browse into the cell gets a failure message.  'fs
> getserverprefs' only showed db servers, no file servers.
>
> I usually run windows clients with an empty CellServDB file since my
> users rarely need to get off campus, and DNS lookups avoid a file that
> might go stale.  When I put the full public CellServDB back in place,
> everything worked again.
>
> BTW, I like the reduction in functionality of afscreds - it seems more
> natural this way, even on versions of Windows that didn't care about
> mixing admin and non-admin functions in one tool.
>
>
> Richard

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

[OpenAFS] Explorer display in windows client

[Anders Magnusson]

Just a question;

in the explorer window, if an AFS path is mapped as a letter, the "Total 
Size" and "Free Space"
information is something completely different from the underlying volume 
sizes.  Are there any

special reasons for this or is it just not implemented?

-- Ragge
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] Limit of clones

[Anders Magnusson]

Steve Simmons wrote:
>
> On Oct 31, 2009, at 3:42 PM, Derrick Brashear wrote:
>
>> On Sat, Oct 31, 2009 at 11:08 AM, Anders Magnusson  wrote:
>>> The manpage for vos clone says there are a maximum of 7 clones using
>>> the
>>> namei fileserver.
>>> What is the reason for this limitation?
>>
>> The implementation uses only 3 bits (1 + 2 + 4 = 7)
>>
>> Given that in a classic fileserver, RW, RO, BK, temporary clone = 4,
>> this wasn't really a problem.
>
> We've experimentally verified that you can manually create another
> three clones and all AFS operations continue to work fine.
Thanks. 

I have an interest in creating arbitrary numbers of clones, therefore
the question.

-- Ragge

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] Strange kernel messages from yesterday...

[Anders Magnusson]

Anders Magnusson wrote:

Harald Barth wrote:

Ext3 works too
(server or client), but slower.
  

Hm, is ext3 slower if used on server? In that case, anyone checked why?

Compared to ext2 I mean.  Or var your mail just difficult to parse? :-)

-- Ragge
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] Strange kernel messages from yesterday...

[Anders Magnusson]

Harald Barth wrote:

Ext3 works too
(server or client), but slower.
  

Hm, is ext3 slower if used on server? In that case, anyone checked why?

-- Ragge
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

[OpenAFS] Limit of clones

[Anders Magnusson]

The manpage for vos clone says there are a maximum of 7 clones using the
namei fileserver.
What is the reason for this limitation?

-- Ragge
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] The removal of afscreds.exe and afs_config.exe on Windows Vista and Windows 7: Seeking Opinions

[Anders Magnusson]

Wow, great!  Good job, wonderful!
Now it will be really usable as a first step when giving support.

Great work! Really!

-- Ragge

Jeffrey Altman wrote:


Asanka Herath has implemented the desired functionality for the OpenAFS
Network Identity Manager credential provider.  Starting with the next
release, in addition to the NIM notification icon the AFS notification
icon will also be generated and will provide feedback for four states:

- No tokens: indicated by a padlock with a bright red 'X' beside
  it.

- At least one valid token: indicated by a normal padlock.

- Service is not running: indicated by a grayed out padlock with
  a black square beside it.

- Service error: indicated by a padlock broken in half.

The 'Service error' state means that the OpenAFS client service
is technically running (as reported by Windows), but is not
responding to requests.

In addition to the icon, hovering the mouse cursor over the icon
will show details about the current state (such as the list of
cells for which valid tokens exist) and the version of OpenAFS
running on the machine.

Jeffrey Altman
  


___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] Crash in volserver when restoring volume from backup.

[Anders Magnusson]

Derrick Brashear wrote:

looks like you already lost by the time it crashes.
  

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x4aafd940 (LWP 30735)]
0x003c13078d60 in strlen () from /lib64/libc.so.6
(gdb) bt
#0  0x003c13078d60 in strlen () from /lib64/libc.so.6
#1  0x00430092 in afs_vsnprintf (p=0x4aafc3ba "4BF+0", avail=999,
  fmt=, ap=0x4aafc7c0) at ../util/snprintf.c:395
#2  0x00416a60 in vFSLog (
  format=0x467838 "1 Volser: ReadVnodes: IH_CREATE: %s - restore aborted\n",

Just for the record, the original cause of this was due to a bug in 
TSM.  IBM is currently working on it.


-- Ragge
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] The removal of afscreds.exe and afs_config.exe on Windows Vista and Windows 7: Seeking Opinions

[Anders Magnusson]

Jeffrey Altman wrote:

Anders Magnusson wrote:
  

Jeffrey Altman wrote:


For Ragge I'm wondering if the benefit he is seeking is that of the AFS
centric identity or the fact that the lock is easier to describe than
the NetIdMgr cube which either contains an identity, an expired
identity, or none at all.
  
  

Exactly.  It's much easier to ask whether people see a padlock without a
red cross
than asking them to open the NetIdMgr and look for AFS credentials.



This confirms the idea that the NetIdMgr OpenAFS provider requires a
notification icon of its own.
  

Yes, that would be really good.


This is a minor issue, and I assume that we could write a small app that
just checks
if afs is alive and running on the machine.



It worries me that checking whether or not afsd_service.exe is running
is one of the goals.  It implies that you have a high enough incident
rate where it is not that we have a problem to address that I may not
be aware of.
  
It's not because of (unknown) problems with the AFS client, it has more 
to do with problems in
our environment.  For example, the client is distributed via SCCM, but 
on some machines
software distributions may fail.  Or people may have trouble with 
installing the client on
their private machines, due to bad firewall configs, failure to set 
large cache sizes etc.


-- Ragge
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] The removal of afscreds.exe and afs_config.exe on Windows Vista and Windows 7: Seeking Opinions

[Anders Magnusson]

Jeffrey Altman wrote:

For Ragge I'm wondering if the benefit he is seeking is that of the AFS
centric identity or the fact that the lock is easier to describe than
the NetIdMgr cube which either contains an identity, an expired
identity, or none at all.
  
Exactly.  It's much easier to ask whether people see a padlock without a 
red cross

than asking them to open the NetIdMgr and look for AFS credentials.

This is a minor issue, and I assume that we could write a small app that 
just checks

if afs is alive and running on the machine.

-- Ragge
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] The removal of afscreds.exe and afs_config.exe on Windows Vista and Windows 7: Seeking Opinions

[Anders Magnusson]

No opinions about the stuff below, but from a support perspective it is 
really nice
with the padlock down right.  When people have trouble with file 
accesses the two

questions:

- Do you have a padlock down right?
- Is there a red cross over the padlock?

are quite valuable.

-- Ragge

Jeffrey Altman wrote:

Ever since the release of Windows Vista I have been worried about the
continued shipment of afscred.exe (AFS Authentication Tool) and
afs_config.exe (AFS Client Manager Configuration Tool) in the OpenAFS
installers.

The Problem:

Beginning with Windows Vista, Microsoft implemented a security barrier
referred to as User Account Control which tightens the noose on normal
user accounts and prevents them from being used to perform a variety of
operations such as starting and stopping services or writing to the
local machine registry hive which they were able to do in previous
Windows releases.   In addition, user accounts that are members of the
"Administrators" group always log on to the machine as normal users.  In
order for a process to be started with the extra special Administrators
bits and explicit click through approval is required by the user.  A
process that is started as an Administrative process shares the desktop
but is effectively in a separate logon session.

afscreds.exe and afs_config.exe perform some functionality that must be
executed in the standard logon session and other functions that must be
performed as an administrative process.  A process cannot be both.  As a
result, depending on the user account type used and the mode the process
is started with different function sets will misbehave.  If the process
is started with Administrative bits, the process is unable to:

 * access the MIT Kerberos v5 credential caches to obtain tokens

 * create drive mappings

If the process is started without the Administrative bits, the process:

 * silently discards configuration changes that are saved in the registry

 * is unable to start or stop the afsd service

Based upon feedback received at the European AFS Workshop the shipment
and installation of these tools are creating a significant support burden. 



The Proposal:

I propose that beginning with 1.5.66 (whenever that is) that the
afscreds.exe and afs_config.exe tools not be installed at all on any
Windows version Vista or beyond and that on 2000, XP and 2003 that these
tools not be installed as part of the default configuration.


The Impact:

The afscreds tool provides three sets of functionality:

 * token acquisition (and renewal if MIT KFW is present)

 * drive mapping

 * start/stop the afsd service

Network Identity Manager has long been available as a replacement for
the token acquisition functionality and it is available on any system on
which MIT KFW is present.  The only systems that wouldn't have it are
clients of cells that are still using kaserver.  


The drive mapping functionality has been documented as deprecated since
the addition of the loopback installation permitted the use of a
standard \\AFS UNC server name.  The recommended method for a user to
create a drive mapping is the Windows Drive Mapping user interface
provided as part of "[My] Computer" and the Explorer Shell.

Starting and stopping the afsd service is an administration function
that can be performed using the Windows Service MMC.

The afs_config.exe tool provides:

 * configuration management including cell name, server preferences,
cellservdb editing,
   cache size, and advanced tuning parameters

 * start/stop functionality

 * drive mapping

While it is not ready for general purpose use, Brant Gurganus has made
significant progress on his OpenAFS Cache Manager MMC snap-in.  This
tool has the potential to perform the first two functions in a more
complete manner than the afs_config tool ever did.  As for the drive
mapping, the Explorer Shell interface can be used.  As soon as this tool
is deemed ready for incorporation in the distribution it will be added.


Please Provide Feedback:

If you are a Windows user or a system administrator that has a large
number of Windows users, please comment on whether or not you agree with
the proposed action.

Thank you.

Jeffrey Altman

  


___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] Windows client spraying file server.

[Anders Magnusson]

Jeffrey Altman wrote:
> This was fixed in 1.5.63:
>
>  * When given a choice between an error from rx_Write()
>or RXAFS_EndStoreData(), use the rx_Write() error.
>This ensures that over quota and access denied errors
>are acted upon.
>   
Thanks, it was not in the release notes so I didn't see it :-) 
Obviously there are
many paths where over quota checks are needen.

-- Ragge


> Jeffrey Altman
>
>
> Anders Magnusson wrote:
>   
>> We just noticed a quite disturbing event on some windows clients; they
>> are sending packets continuously to
>> a fileserver, causing the fileserver process to take 100% CPU.  And more
>> annoying, noone is
>> logged in to the machines when they do so.  afsd_service works, but
>> cannot be restarted and have to be
>> killed hard.  Despite this, afs works when logging in to the machine but
>> it continue to spray packets.
>>
>> Fileserver runs 1.4.11, client 1.5.62.  I didn't notice anything in the
>> changelog that says that this bug
>> is fixed in a later version.
>>
>> A quick fs trace -on + fs trace -dump gives entries like the below over
>> and over again.  Any hints?
>>
>> -- Ragge
>>
>>
>> time 0.866130, tid 3756 rx_Write succeeded bp 0x05365C14, 4096
>> time 0.866260, tid 3756 rx_Write succeeded bp 0x05365CA4, 4096
>> time 0.884850, tid 3756 rx_Write failed bp 0x05365D34, 0 != 4096
>> time 0.884870, tid 3756 cm_Analyze connp 0x293BC060, code 0x
>> time 0.884870, tid 3756 cm_Analyze: Rx Call Dead addr[130.240.42.225]
>> forcedNew[no]
>> time 0.884870, tid 3756 CALL StoreData FAILURE scp 0x03D89798, code
>> 0x66543202
>> time 0.884930, tid 3756 cm_ConnByServer returning conn 0x293BC060
>> time 0.884960, tid 3756 CALL StartRXAFS_StoreData64 scp 0x03D89798,
>> offset 0x0:00025000, length 0x15000
>> time 0.885400, tid 3756 rx_Write succeeded bp 0x05365284, 4096
>> time 0.885470, tid 3756 rx_Write succeeded bp 0x05365314, 4096
>> time 0.885530, tid 3756 rx_Write succeeded bp 0x053653A4, 4096
>> time 0.885570, tid 3756 rx_Write succeeded bp 0x05365434, 4096
>> time 0.885610, tid 3756 rx_Write succeeded bp 0x053654C4, 4096
>> time 0.885650, tid 3756 rx_Write succeeded bp 0x05365554, 4096
>> time 0.885700, tid 3756 rx_Write succeeded bp 0x053655E4, 4096
>> time 0.885740, tid 3756 rx_Write succeeded bp 0x05365674, 4096
>> time 0.885780, tid 3756 rx_Write succeeded bp 0x05365704, 4096
>> time 0.886720, tid 3856 SRXAFSCB_TellMeAboutYourself from host
>> 0x82f02ae1 port 7000
>> time 0.888370, tid 3756 rx_Write succeeded bp 0x05365794, 4096
>> time 0.888430, tid 3756 rx_Write succeeded bp 0x05365824, 4096
>> time 0.888490, tid 3756 rx_Write succeeded bp 0x053658B4, 4096
>> time 0.888570, tid 3756 rx_Write succeeded bp 0x05365944, 4096
>> time 0.888630, tid 3756 rx_Write succeeded bp 0x053659D4, 4096
>> time 0.888690, tid 3756 rx_Write succeeded bp 0x05365A64, 4096
>> time 0.888790, tid 3756 rx_Write succeeded bp 0x05365AF4, 4096
>> time 0.50, tid 3756 rx_Write succeeded bp 0x05365B84, 4096
>> time 0.888910, tid 3756 rx_Write succeeded bp 0x05365C14, 4096
>> time 0.889000, tid 3756 rx_Write succeeded bp 0x05365CA4, 4096
>> time 0.919260, tid 3756 rx_Write failed bp 0x05365D34, 0 != 4096
>> time 0.919270, tid 3756 cm_Analyze connp 0x293BC060, code 0x
>> time 0.919270, tid 3756 cm_Analyze: Rx Call Dead addr[130.240.42.225]
>> forcedNew[no]
>> time 0.919270, tid 3756 CALL StoreData FAILURE scp 0x03D89798, code
>> 0x66543202
>> time 0.919310, tid 3756 cm_ConnByServer returning conn 0x293BC060
>> time 0.919340, tid 3756 CALL StartRXAFS_StoreData64 scp 0x03D89798,
>> offset 0x0:00025000, length 0x15000
>> time 0.919780, tid 3756 rx_Write succeeded bp 0x05365284, 4096
>> time 0.919850, tid 3756 rx_Write succeeded bp 0x05365314, 4096
>> time 0.919910, tid 3756 rx_Write succeeded bp 0x053653A4, 4096
>> time 0.919950, tid 3756 rx_Write succeeded bp 0x05365434, 4096
>> time 0.919990, tid 3756 rx_Write succeeded bp 0x053654C4, 4096
>> time 0.920030, tid 3756 rx_Write succeeded bp 0x05365554, 4096
>> time 0.920080, tid 3756 rx_Write succeeded bp 0x053655E4, 4096
>> time 0.920120, tid 3756 rx_Write succeeded bp 0x05365674, 4096
>> ___
>> OpenAFS-info mailing list
>> OpenAFS-info@openafs.org
>> https://lists.openafs.org/mailman/listinfo/openafs-info
>>
>> 

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

[OpenAFS] Windows client spraying file server.

[Anders Magnusson]

We just noticed a quite disturbing event on some windows clients; they 
are sending packets continuously to
a fileserver, causing the fileserver process to take 100% CPU.  And more 
annoying, noone is
logged in to the machines when they do so.  afsd_service works, but 
cannot be restarted and have to be
killed hard.  Despite this, afs works when logging in to the machine but 
it continue to spray packets.


Fileserver runs 1.4.11, client 1.5.62.  I didn't notice anything in the 
changelog that says that this bug

is fixed in a later version.

A quick fs trace -on + fs trace -dump gives entries like the below over 
and over again.  Any hints?


-- Ragge


time 0.866130, tid 3756 rx_Write succeeded bp 0x05365C14, 4096
time 0.866260, tid 3756 rx_Write succeeded bp 0x05365CA4, 4096
time 0.884850, tid 3756 rx_Write failed bp 0x05365D34, 0 != 4096
time 0.884870, tid 3756 cm_Analyze connp 0x293BC060, code 0x
time 0.884870, tid 3756 cm_Analyze: Rx Call Dead addr[130.240.42.225] 
forcedNew[no]
time 0.884870, tid 3756 CALL StoreData FAILURE scp 0x03D89798, code 
0x66543202

time 0.884930, tid 3756 cm_ConnByServer returning conn 0x293BC060
time 0.884960, tid 3756 CALL StartRXAFS_StoreData64 scp 0x03D89798, 
offset 0x0:00025000, length 0x15000

time 0.885400, tid 3756 rx_Write succeeded bp 0x05365284, 4096
time 0.885470, tid 3756 rx_Write succeeded bp 0x05365314, 4096
time 0.885530, tid 3756 rx_Write succeeded bp 0x053653A4, 4096
time 0.885570, tid 3756 rx_Write succeeded bp 0x05365434, 4096
time 0.885610, tid 3756 rx_Write succeeded bp 0x053654C4, 4096
time 0.885650, tid 3756 rx_Write succeeded bp 0x05365554, 4096
time 0.885700, tid 3756 rx_Write succeeded bp 0x053655E4, 4096
time 0.885740, tid 3756 rx_Write succeeded bp 0x05365674, 4096
time 0.885780, tid 3756 rx_Write succeeded bp 0x05365704, 4096
time 0.886720, tid 3856 SRXAFSCB_TellMeAboutYourself from host 
0x82f02ae1 port 7000

time 0.888370, tid 3756 rx_Write succeeded bp 0x05365794, 4096
time 0.888430, tid 3756 rx_Write succeeded bp 0x05365824, 4096
time 0.888490, tid 3756 rx_Write succeeded bp 0x053658B4, 4096
time 0.888570, tid 3756 rx_Write succeeded bp 0x05365944, 4096
time 0.888630, tid 3756 rx_Write succeeded bp 0x053659D4, 4096
time 0.888690, tid 3756 rx_Write succeeded bp 0x05365A64, 4096
time 0.888790, tid 3756 rx_Write succeeded bp 0x05365AF4, 4096
time 0.50, tid 3756 rx_Write succeeded bp 0x05365B84, 4096
time 0.888910, tid 3756 rx_Write succeeded bp 0x05365C14, 4096
time 0.889000, tid 3756 rx_Write succeeded bp 0x05365CA4, 4096
time 0.919260, tid 3756 rx_Write failed bp 0x05365D34, 0 != 4096
time 0.919270, tid 3756 cm_Analyze connp 0x293BC060, code 0x
time 0.919270, tid 3756 cm_Analyze: Rx Call Dead addr[130.240.42.225] 
forcedNew[no]
time 0.919270, tid 3756 CALL StoreData FAILURE scp 0x03D89798, code 
0x66543202

time 0.919310, tid 3756 cm_ConnByServer returning conn 0x293BC060
time 0.919340, tid 3756 CALL StartRXAFS_StoreData64 scp 0x03D89798, 
offset 0x0:00025000, length 0x15000

time 0.919780, tid 3756 rx_Write succeeded bp 0x05365284, 4096
time 0.919850, tid 3756 rx_Write succeeded bp 0x05365314, 4096
time 0.919910, tid 3756 rx_Write succeeded bp 0x053653A4, 4096
time 0.919950, tid 3756 rx_Write succeeded bp 0x05365434, 4096
time 0.919990, tid 3756 rx_Write succeeded bp 0x053654C4, 4096
time 0.920030, tid 3756 rx_Write succeeded bp 0x05365554, 4096
time 0.920080, tid 3756 rx_Write succeeded bp 0x053655E4, 4096
time 0.920120, tid 3756 rx_Write succeeded bp 0x05365674, 4096
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] Crash in volserver when restoring volume from backup.

[Anders Magnusson]

Derrick Brashear wrote:
> looks like you already lost by the time it crashes.
>
>
>   
>> Program received signal SIGSEGV, Segmentation fault.
>> [Switching to Thread 0x4aafd940 (LWP 30735)]
>> 0x003c13078d60 in strlen () from /lib64/libc.so.6
>> (gdb) bt
>> #0  0x003c13078d60 in strlen () from /lib64/libc.so.6
>> #1  0x00430092 in afs_vsnprintf (p=0x4aafc3ba "4BF+0", avail=999,
>>   fmt=, ap=0x4aafc7c0) at ../util/snprintf.c:395
>> #2  0x00416a60 in vFSLog (
>>   format=0x467838 "1 Volser: ReadVnodes: IH_CREATE: %s - restore aborted\n",
>>   args=0x4) at ../util/serverLog.c:135
>> #3  0x0042550e in Log (
>>   format=0x1311e7ec ) at
>> ../vol/common.c:41
>> 
>
> []
>
>   
>> (gdb)
>> 
> up
> up
> up
> up
> print errno.
>   
(gdb) up
#1  0x00430092 in afs_vsnprintf (p=0x4489c3ba "4BF+0", avail=999,
fmt=, ap=0x4489c7c0) at ../util/snprintf.c:395
395 ../util/snprintf.c: No such file or directory.
in ../util/snprintf.c
(gdb) up
#2  0x00416a60 in vFSLog (
format=0x467838 "1 Volser: ReadVnodes: IH_CREATE: %s - restore
aborted\n",
args=0x4) at ../util/serverLog.c:135
135 ../util/serverLog.c: No such file or directory.
in ../util/serverLog.c
(gdb) up
#3  0x0042550e in Log (
format=0x1311e7ec ) at
../vol/common.c:41
41  ../vol/common.c: No such file or directory.
in ../vol/common.c
(gdb) up
#4  0x0040e60c in RestoreVolume (call=,
avp=0x169410f0, incremental=,
cookie=) at ../volser/dumpstuff.c:1214
1214../volser/dumpstuff.c: No such file or directory.
in ../volser/dumpstuff.c
(gdb) print errno
$1 = 22

Is this the system errno? RHEL 5.3, 22 = EINVAL, doesn't sound so good.

> Now, why
> Log("1 Volser: ReadVnodes: IH_CREATE: %s - restore aborted\n",
> afs_error_message(errno));
> is SEGVing is a different question.
>   
Yes... :-)

Hartmud asked about vnode:

(gdb) print *vnode
No symbol "vnode" in current context.
(gdb) print vnodeNumber
$3 = 613646341
(gdb)

Unfortunately it doesn't tell me much...

-- Ragge

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] Crash in volserver when restoring volume from backup.

[Anders Magnusson]

Hartmut Reuter wrote:

Anders Magnusson wrote:
  

Hi,

I have a problem that I need some advice on how to go on with.

I have a volume dump file, but when trying to read it back volserver
crashes.

The dump was generated under 1.4.8, and the volserver segv appears with
both 1.4.8 and 1.4.11.

VolserLog.old says:
Wed Aug 26 14:56:34 2009 Starting AFS Volserver 2.0
(/usr/afs/bin/volserver -p 16)
Wed Aug 26 15:00:12 2009 1 Volser: CreateVolume: volume 537998421
(students.waqazi-4) created

BosLog says:
Wed Aug 26 15:00:14 2009: fs:vol exited on signal 11

Any hints where to go from here?  I can provide the dump file on
request, but since it's a
student home directory I don't want it to be public.

-- Ragge



Attach the volserver with gdb before running the command. Then you may
be able to see where it crashes and why.

  

Done:
# gdb /usr/afs/bin/volserver
GNU gdb Fedora (6.8-27.el5)
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later 
<http://gnu.org/licenses/gpl.html>

This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu"...
(gdb) symb
Discard symbol table from `/usr/afs/bin/volserver'? (y or n) y
No symbol file now.
(gdb) help file
Use FILE as program to be debugged.
It is read for its symbols, for getting the contents of pure memory,
and it is the program executed when you use the `run' command.
If FILE cannot be found as specified, your execution directory path
($PATH) is searched for a command of that name.
No arg means to have no executable file and no symbols.
(gdb) help symb
Load symbol table from executable file FILE.
The `file' command can also load symbol tables, as well as setting the file
to execute.
(gdb) symb volserver.debug
Reading symbols from /usr/afs/bin/volserver.debug...done.
(gdb) attach 30720
Attaching to program: /usr/afs/bin/volserver, process 30720
Reading symbols from /lib64/libpthread.so.0...done.
[Thread debugging using libthread_db enabled]
[New Thread 0x2ab6a9d3be90 (LWP 30720)]
[New Thread 0x4dd02940 (LWP 30740)]
[New Thread 0x4d301940 (LWP 30739)]
[New Thread 0x4c900940 (LWP 30738)]
[New Thread 0x4beff940 (LWP 30737)]
[New Thread 0x4b4fe940 (LWP 30736)]
[New Thread 0x4aafd940 (LWP 30735)]
[New Thread 0x4a0fc940 (LWP 30734)]
[New Thread 0x496fb940 (LWP 30733)]
[New Thread 0x48cfa940 (LWP 30732)]
[New Thread 0x482f9940 (LWP 30731)]
[New Thread 0x478f8940 (LWP 30730)]
[New Thread 0x46ef7940 (LWP 30729)]
[New Thread 0x464f6940 (LWP 30728)]
[New Thread 0x45af5940 (LWP 30727)]
[New Thread 0x450f4940 (LWP 30726)]
[New Thread 0x446f3940 (LWP 30725)]
[New Thread 0x43cf2940 (LWP 30724)]
[New Thread 0x432f1940 (LWP 30723)]
[New Thread 0x428f0940 (LWP 30722)]
[New Thread 0x41eef940 (LWP 30721)]
Loaded symbols for /lib64/libpthread.so.0
Reading symbols from /lib64/libresolv.so.2...done.
Loaded symbols for /lib64/libresolv.so.2
Reading symbols from /lib64/libc.so.6...done.
Loaded symbols for /lib64/libc.so.6
Reading symbols from /lib64/ld-linux-x86-64.so.2...done.
Loaded symbols for /lib64/ld-linux-x86-64.so.2
0x003c13c0a899 in pthread_cond_wait@@GLIBC_2.3.2 ()
  from /lib64/libpthread.so.0
(gdb) c
Continuing.
[New Thread 0x4e703940 (LWP 30748)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x4aafd940 (LWP 30735)]
0x003c13078d60 in strlen () from /lib64/libc.so.6
(gdb) bt
#0  0x003c13078d60 in strlen () from /lib64/libc.so.6
#1  0x00430092 in afs_vsnprintf (p=0x4aafc3ba "4BF+0", avail=999,
   fmt=, ap=0x4aafc7c0) at ../util/snprintf.c:395
#2  0x00416a60 in vFSLog (
   format=0x467838 "1 Volser: ReadVnodes: IH_CREATE: %s - restore 
aborted\n",

   args=0x4) at ../util/serverLog.c:135
#3  0x0042550e in Log (
   format=0x1311e7ec ) at 
../vol/common.c:41

#4  0x0040e60c in RestoreVolume (call=,
   avp=0x2c03e780, incremental=,
   cookie=) at ../volser/dumpstuff.c:1214
#5  0x004067f4 in VolRestore (acid=0x41ff510,
   atrans=, aflags=1, cookie=0x4aafd000)
   at ../volser/volprocs.c:1406
#6  0x00406850 in SAFSVolRestore (acid=0x1311e7ec, atrans=999,
   aflags=319940588, cookie=0x4) at ../volser/volprocs.c:1378
#7  0x00413822 in AFSVolExecuteRequest (z_call=0x41ff510)
   at ../volser/volint.ss.c:104
#8  0x0044d0de in rxi_ServerProc (threadID=5, newcall=0x3e7,
   socketp=0x4aafd10c) at ../rx/rx.c:1445
#9  0x0042afe4 in rx_ServerProc (dummy=)
   at ../rx/rx_pthread.c:303
#10 0x0042a6a8 in server_entry (argp=0x1311e7ec)
   at ../rx/rx_pthread.c:101
#11 0x003c13c06367 in start_thread () from /lib64/libpthread.so.0
#12 0x003c130d30ad in clone () from /lib64/libc.so.6
(gdb)



You also could try to analyze the dump file with dumptool which is built
under sudirectory s

[OpenAFS] Crash in volserver when restoring volume from backup.

[Anders Magnusson]

Hi,

I have a problem that I need some advice on how to go on with.

I have a volume dump file, but when trying to read it back volserver 
crashes.


The dump was generated under 1.4.8, and the volserver segv appears with 
both 1.4.8 and 1.4.11.


VolserLog.old says:
Wed Aug 26 14:56:34 2009 Starting AFS Volserver 2.0 
(/usr/afs/bin/volserver -p 16)
Wed Aug 26 15:00:12 2009 1 Volser: CreateVolume: volume 537998421 
(students.waqazi-4) created


BosLog says:
Wed Aug 26 15:00:14 2009: fs:vol exited on signal 11

Any hints where to go from here?  I can provide the dump file on 
request, but since it's a

student home directory I don't want it to be public.

-- Ragge


___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] Windows MMC testers wanted

[Anders Magnusson]

Good morning,

I just tried it on W2k3 SP2 (32-bit) /w OpenAFS client 1.5.61.  Some
directly noticed things:

- When I click at "General/Manage AFS Client administrators group"
nothing happens
- Under the "CIFS" submenu all fields are empty, are they supposed to?
- Under Performance also all fields are empty.
- Under "Servers" as well nothing is shown.
- When clicking on the close mmc window button MMC got an error in the
plugin
  and showed a big red X.
- When uninstalling from add/remove programs I got a complain window:
"There is a problem with this Windows Installer Package".
"A program needed for this install to complete could not"
"be run. Contact your support personnel or package"
"vendor."

-- Ragge


Brant Gurganus wrote:
> I am specifically looking for someone running an operating system
> between Windows XP and Windows Vista. Please try the installer at
> http://code.google.com/p/openafsclientmmc/downloads/list
>
> Please do this:
> 1. Install
> 2. Run mmc.exe.
> 3. Add the OpenAFS snap-in.
>
> If I authored the installer correctly so far, you should encounter no
> issues doing this. Please report any errors you encountered.
>
> Brant Gurganus
> http://gurganus.name/brant
> ___
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
>   

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

[OpenAFS] Strange problem with Windows client.

[Anders Magnusson]

Hi,

we have encountered a really strange problem when creating images for
reinstallation
of our Windows XP machines in out computer labs. All machines has
mandatory profiles
located on AFS. 

The problem is that when logging in to a newly installed machine it will
try to fetch the
profile and redirect Desktop and My Documents before the user has got a
token,
therefore loading profile and redirecting will fail.  But when the user
is logged in,
a token exists and AFS works as expected. Setting access to the profile to
system:anyuser will allow the profile to be loaded.

This fails with clients 1.5.{59,60,61), but works with last years client
1.5.36.

More on, after trying to track the bug down, we found that if any of
these three
registry entries is set loading the mandatory profile will fail, but it
works as
it should if none of them are present:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\LOCALHOST]

"FailLoginsSilently"=dword:0001

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\NetworkProvider\Domain\LTU.SE]

"LoginRetryInterval"=dword:001e

"LoginSleepInterval"=dword:0005



The machines tested all runs Windows XP SP3 with all the recommended
hotfixes.

Any ideas?  We are running out of them...

-- Ragge
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] Tokens and screen under linux

[Anders Magnusson]

Lars Schimmer wrote:
> Hi!
>
> One of our users try to run a job longer than usual tokens runtime.
> Keeping a ssh open for that long time is not wanted.
> We use a Win 2003 AD server as a krb5 KDC and krenew just hits
> "krenew: error renewing credentials: KDC can't fulfill requested option".
> And if I login as user, hit a screen command, the screen process has
> ticket/tokens like login user. I can detach and reattach screen like
> usual. But if I detach screen and logoff, ticket/tokens for the running
> screen are lost.
>
> How can I run a long time job on linux in screen without tokens get lost?
I would do something like

% kinit -t /path/to/my/secret/keytab tcsh

This depends on Heimdal kinit, but it will keep your tickets and tokens
up-to-date as long as you are not exiting the started tcsh.  It also gives
you a new credential cache and a new PAG, so it will work even if the
parent PAG or credential cache gets destroyed.

-- Ragge



> Debian amd64 system
> OpenAFS 1.4.10+dfsg1-1~bpo50+1
> libkrb53 1.6.dfsg.4~beta1-5lenny1
>
>
> MfG,
> Lars Schimmer
> --
> -
> TU Graz, Institut für ComputerGraphik & WissensVisualisierung
> Tel: +43 316 873-5405   E-Mail: l.schim...@cgv.tugraz.at
> Fax: +43 316 873-5402   PGP-Key-ID: 0x4A9B1723
> ___
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
>

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

[OpenAFS] TSM backup client

[Anders Magnusson]

So, at last the TSM client I have written is available.  It can be fetched
from /afs/ltu.se/misc/tsmafs/tsmafs-0.1.tgz for anyone that is interested.

Simple overview:
The backup client works by talking directly to the file server(s) and 
fetch files
out of afs, and then put them into tsm as separate objects (as other tsm 
backup
clients do).  In this way it works with the usual policies setup for tsm 
regarding

storage time, object counts etc.
Backups are done volume-wise.  Mountpoints and ACLs are stored as they
should be.  Volumes are checked if changed before traversing them, which
speed up the process significantly.

The restore client works but should need a facelift.  Currently it just 
restores

files and directories without possibility to change time or so.  Do do more
advanced restore stuff, use dsmc, it can restore files backed up from afs
(but no acls or so then).

The only "flaw" is that the TSM API cannot handle names with ? or * in it,
so I do a little name mangling here: \ -> \\, * -> \# and ? -? \!.  This 
could

easily be converted back via the restore client, but not yet added.

Comments/ideas/fixes?

-- Ragge


___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] Volume replication

[Anders Magnusson]

Jean Praloran wrote:

I performed an fs examine, because fs lq is for quota.


Here is the output :


root.cell :

afs-2 /afs/epitech.net  # fs examine
File . (536870916.1.1) contained in volume 536870916
Volume status for vid = 536870916 named root.cell.readonly
Current disk quota is unlimited
Current blocks used are 18882
The partition has 813060455 blocks available out of 863664762



volume also replicated :
afs-2 /afs/epitech.net/site  # fs examine
File . (536895547.1.1) contained in volume 536895547
Volume status for vid = 536895547 named site
Current disk quota is unlimited
Current blocks used are 417442
The partition has 800307515 blocks available out of 863664762


citron:/afs/epitech.net/site >fs exam
File . (536895548.1.1) contained in volume 536895548
Volume status for vid = 536895548 named site.readonly
Current disk quota is unlimited
Current blocks used are 417442
The partition has 781905331 blocks available out of 863664762

...which is as it should look like I assume.  Have you issued "fs 
checkvolumes" on the

machine where there you only get rw volumes?

-- Ragge





The root.cell give me the ro Volume while the other one give me the RW 
volume


On Thu, May 7, 2009 at 10:53 AM, Felix Frank > wrote:


On Thu, 7 May 2009, Jean Praloran wrote:

Hi,

I have a volume which is replicated on several servers. I have
run some
tests (basically tcpdump) and noticed that my client where
asking only the
RW volume and never the RO, so my replication is kind of
useless. For others
volumes such as root.cell there is no problem, does anybody
have and idea of
what could happend ?


Hello,

make sure that the volume that contains the mountpoint of the
volume in question here is not mounted RW (and that it is, in
fact, replicated).
A broken read-only-path is likely the issue here.

Use fs lq to quickly find out just which volume (RO or RW) is
accessed at any point in your AFS tree.

HTH
 - Felix




--
Praloran Jean


___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] Strange behavior with Windows client.

[Anders Magnusson]

Quick answer, great, thanks!

Is there a FAQ somewhere with all these types of answers collected?  I
haven't been able to find one.

-- Ragge

Jeffrey Altman wrote:
> See http://support.microsoft.com/default.aspx/kb/916204
>
> Anders Magnusson wrote:
>   
>> Environment:
>> - Laptop, Windows XP SP3 32-bit, domain member.
>> - OpenAFS client 1.5.59
>> - Heimdal Kerberos server with trust to the AD domain.
>>
>>
>> If I connect the computer to a network somewhere, and logs in with
>> cached credentials, there
>> is no way to talk to the AFS client; it just gives a strange error
>> message, see below.
>> Note that the identity manager fetches kerberos tickets without problem.
>>
>>
>> C:\Documents and Settings\anha>dir \\afs\all 
>> The system detected a possible attempt to compromise security. Please
>> ensure that you can contact the server that authenticated you.
>> C:\Documents and Settings\anha>aklog
>> aklog: Couldn't determine realm of user: -1765328189
>>
>> Logging in as a local user and get tickets and tokens works just fine,
>> it's when logging
>> in with cached credentials things don't work. If the machine is plugged
>> in to a network that can reach the domain controller
>> (while still logged in with cached credentials, no reboots) the AFS
>> client starts responding.
>>
>> The afsd_init.log don't say anything strange; and after all, the client
>> seems to work when
>> logging in as a local user.
>>
>> Any hints?
>>
>> -- Ragge
>>
>>
>> ___
>> OpenAFS-info mailing list
>> OpenAFS-info@openafs.org
>> https://lists.openafs.org/mailman/listinfo/openafs-info
>>
>> 

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

[OpenAFS] Strange behavior with Windows client.

[Anders Magnusson]

Environment:
- Laptop, Windows XP SP3 32-bit, domain member.
- OpenAFS client 1.5.59
- Heimdal Kerberos server with trust to the AD domain.


If I connect the computer to a network somewhere, and logs in with 
cached credentials, there
is no way to talk to the AFS client; it just gives a strange error 
message, see below.

Note that the identity manager fetches kerberos tickets without problem.


C:\Documents and Settings\anha>dir \\afs\all 
The system detected a possible attempt to compromise security. Please 
ensure that you can contact the server that authenticated you.

C:\Documents and Settings\anha>aklog
aklog: Couldn't determine realm of user: -1765328189

Logging in as a local user and get tickets and tokens works just fine, 
it's when logging
in with cached credentials things don't work. 
If the machine is plugged in to a network that can reach the domain 
controller
(while still logged in with cached credentials, no reboots) the AFS 
client starts responding.


The afsd_init.log don't say anything strange; and after all, the client 
seems to work when

logging in as a local user.

Any hints?

-- Ragge


___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] TSM client for OpenAFS

[Anders Magnusson]

Kristen J. Webb wrote:
>
>
> Mattias Pantzare wrote:
> Of course, but it will still take up much more space. If we do
> full dump
> once a week
> and incs each night there will be many duplicates of files changed
> early
> after the full dump :-)
 Do I correctly infer that you don't need a full backup as in
 "ability to
 restore data from arbitrary points in time"?
>>> Well, TSM only store one copy of a specific object, while if you do
>>> full
>>> dumps + incs
>>> there will be multiple copies.
>>
>> Just to be clear, TSM stores one copy per version of a specific object.
> I believe that the path name to the object is part of it's uniqueness.
> It is my understanding that if you rename a directory, that all of the
> files and directories below it will need to be backed up again
> even if they have not changed.
That is depending on the backup client.  The API supports renaming an
element
in the stored path.  It's up to the backup client to detect the change.

>>
>> If we do full dumps + incs we have to have at least two full dumps in
>> the backup system at a given time.
>> If we do it the TSM way only one copy have to be in the backup system
>> if the file is static.
>>
>> We do need ability to restore data from arbitrary points in time. (I
>> work at the same place as Anders)
> With TSM file mode, you can only restore to points in time
> based on the number of file copies you maintain (e.g. 10).
> So if a single file changes in a volume every day, you can
> only do a complete restore up to 10 days back.  Volume mode
> dumps allow you to do complete restores going back
> further based on the retention policies for your various
> backup levels.
It's possible to specify a time a file should be stored based on policies.
For example, you can store all files at least 31 days or no less than 20
copies,
or whatever values selected.

-- Ragge


>> ___
>> OpenAFS-info mailing list
>> OpenAFS-info@openafs.org
>> https://lists.openafs.org/mailman/listinfo/openafs-info
>>
>>
>

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] TSM client for OpenAFS

[Anders Magnusson]

James E. Blair wrote:

Anders Magnusson  writes:

  

Hi,

we are currently deploying OpenAFS here at the university and also
are stuck with TSM for backups.  Currently there doesn't seems to
exist any good AFS backup client for TSM, and just storing volume
dumps is not too appealing, both due to backup storage space and
simpleness in restoring single files.

So I have written a client that uses the TSM API for backup.  It
reads the data directly out of a volume and store all files in TSM
as objects, while preserving ACLs, mountpoints etc.  Doing it this
way will let AFS backups use the policies for objects, and also
restores can be performed via dsmc if necessary.



We're in a similar situation here, and considered writing the program
that you did, though instead we went a slightly different route.  Our
service is in a pilot phase, so we have some flexibility for
experimentation.

We wrote a script that sets up a TSM environment and calls dsmc to
perform the backups.  The script takes care of looking for mountpoints
to both record them for future restores, and add them to an exclude
list to prevent unwanted recursion.  It also writes directory ACLs to
a metadata file.

We backup each volume to a filespace, and the metadata (ACLs, mounts)
of each volume to another.  When we dump the metadata, we check the
hash of the file against the last time we generated it, and skip
backing it up if it hasn't changed.

We actually backup the .backup volumes (ie, snapshots), so that the
data are consistent during the backup.  That way an errant recursive
mountpoint can't sneak in and ruin our day.

We have about 400 volumes with 1.5 terabytes, and it takes us about
2.5 hours to work through that.  It's not relevant to AFS, but just in
terms of how TSM scales, our email system has 10 filespaces with 1TB
and 20 million objects each, with each backup taking about 10 hours on
average.
  
I assume that how many files in a filespace that may make TSM slower may 
depend
on many things, like directory structures etc.  We just noticed this on 
an old

NFS fileserver.

Also, our AFS space seems to be different from yours, we will have ~70k
volumes with not too many 100M of files.


There are a few nits, though, that I haven't found a good way to
handle.  Any suggestions
are welcome :-)

First is the storage of AFS data inside of TSM.  TSM has three
identifiers for an object:
- filespace (typically mount point)
- High-level name (path inside mount point)
- Low-level name (filename)
Ideally the filespace should be the volume name, but TSM gets _really_
slow if there are
too many (a few hundred) filespaces.  Currently I just give it the
cellname, and stores
the volume name in the HL name (like /volume/path-in-volume).  Other ideas?



That's interesting, is that limit per-node, or per-TSM-server?
  

Per node.  Different nodes do not seem to interfere with each other.


So, if someone beside us need to use TSM for AFS and are interested
in using this client, feel free to give
comments/ideas/whatever... :-)



This is very interesting.  Our script is doing well for the moment,
but a solid API client may be preferable in the long run.

I thought I remembered something in the API docs indicating that you
may not be able to use dsmc to restore something that was stored using
the API, but you mention that you could use dsmc for restores if
necessary.  Have you tried that, and were there any issues?
  
The API docs says how to use dsmc to be able to extract files stored 
from the API.
Actually, I have almost only used dsmc so far, the restore client is not 
ready
yet and I haven't really decided how it shall work.  Currently I just 
restore data

without any AFS magic, it just writes to the filesystem.

-- Ragge


Thanks,

James E. Blair
UC Berkeley - IST
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
  


___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] TSM client for OpenAFS

[Anders Magnusson]

Felix Frank wrote:

On Thu, 2 Apr 2009, Anders Magnusson wrote:


Harald Barth wrote:


Why is the space bigger? Don't you do incremental dumps?



Of course, but it will still take up much more space. If we do full dump
once a week
and incs each night there will be many duplicates of files changed early
after the full dump :-)


Do I correctly infer that you don't need a full backup as in "ability to
restore data from arbitrary points in time"?
Well, TSM only store one copy of a specific object, while if you do full 
dumps + incs
there will be multiple copies. 


For simply keeping a safety copy of your data, you should consider
OpenAFS+OSD (http://www.rzg.mpg.de/~hwr/Graz.pdf).
It interfaces with TSM HSM. ACLs are not archived, but there are other
ways to go about them.

The OSD way to get HSM is likely the way we will go in about one-two years
from now when we are changing our storage systems.  We have had that
in mind when we now goes from NFS/SMB to OpenAFS.

-- Ragge


The code is not in CVS yet, but until that's all done, we would
be pleased to already welcome more users of these features.

Sincerely
 - Felix


___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] TSM client for OpenAFS

[Anders Magnusson]

Mattias Amnefelt wrote:
>>
>>> So I have written a client that uses the TSM API for backup.  
>>
>> I suspected some ongoing work for AFS backups (considering your
>> earlier questions).
>>
>>   
> I've been thinking about how to do this myself. My latest idea was to
> modify the arla client and have it write data to TSM using the API. It
> hasn't progressed much further than an initial idea though.
I looked at arla-cli but it was the cache manager involved in it, and I
just wanted to stream data.
I used the raw calls following the examples in the (quite outdated :-)
AFS FS programming
manual.

>>> First is the storage of AFS data inside of TSM.  TSM has three
>>> identifiers for an object:
>>> - filespace (typically mount point)
>>> - High-level name (path inside mount point)
>>> - Low-level name (filename)
>>> Ideally the filespace should be the volume name, but TSM gets
>>> _really_ slow if there are
>>> too many (a few hundred) filespaces.  Currently I just give it the
>>> cellname, and stores
>>> the volume name in the HL name (like /volume/path-in-volume).  Other
>>> ideas?
>>> 
>> There are a few nits, though, that I haven't found a good way to
>> handle. Any suggestions
>
> My idea was to use the single filespace and have
> HL=/volume/path-in-volume too. I'm almost certain administrators who
> do QUERY FILESPACE don't want several 100k filespaces listed.
:-) Yes, it looked "funny" :-)

>>> Second is the storage of attributes and ACLs.  There is a 255-byte
>>> space available for
>>> storing object attributes connected to each object.  This is not
>>> enough to store the ACLs
>>> as clear-text, so I have to do pts lookups to translate them to
>>> their internal numbers
>>> and store as such in the attribute block.  Any better ideas of how
>>> to do this?
>>> 
>>
>>   
> The volume dumps which we store contain ACLs in their binary formats
> and also requires pts to be useful, so you wouldn't be much worse of
> than we are :)
The RXAFS_FetchACL() call returns them as a text string, so I must add
pts talk code
to do the translation.  I had hoped to avoid that :-)

> Note however, that an AFS acl can be as large as 1024 bytes so you
> cannot be certain to store it in a 255 bytes space.
>
> The idea I had was to store one file in the root of the volume for the
> volume metadata and one per directory for the file metadata. I'm not
> sure whether to use a binary format or a text format (XML?) though.
>
I thought about something similar; to have an internal-only file with
the necessary things. Haven't
decided yet, but it is a reasonable way of doing it.  Maybe in next
version :-)

-- Ragge
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] TSM client for OpenAFS

[Anders Magnusson]

Harald Barth wrote:
>> we are currently deploying OpenAFS here at the university and also are stuck 
>> with TSM
>> for backups.
>> 
>
> There could be worse things. PDC uses TSM and we use homwgrown logic
> to do full and incremental dumps. These then are piped into a program
> that uses the API. The only problem is that we do not have a tool for
> the users to request restores. But this has not been a too pressing
> burden yet.
>   
We currently use a similar approach (the hpc2n stuff) but want to get back
to the TSM object-handling way.

>> Currently there doesn't seems to exist any good AFS backup client for TSM,
>> 
>
> The company with the dinasaur? name (teradactyl.com) makes one, but
> last when I applied their pricing to my department size it was not so
> attractive any more. I addition we need TSM anyway and for TiBS I
> would have needed a seperate infrastructure in front of the tape
> library.
>   
Teradactyl would probably have been the choice for us unless we had used
TSM for other things (oracle, exchange, ...).

>> and just storing volume dumps is not too appealing, both due to backup 
>> storage space and
>> simpleness in restoring single files.
>> 
>
> Why is the space bigger? Don't you do incremental dumps?
>
>   
Of course, but it will still take up much more space. If we do full dump
once a week
and incs each night there will be many duplicates of files changed early
after the full dump :-)

>> So I have written a client that uses the TSM API for backup.  
>> 
>
> I suspected some ongoing work for AFS backups (considering your
> earlier questions).
>   
I haven't got any answer, so I think my assumptions were correct :-)

>> It reads the data directly out
>> of a volume and store all files in TSM as objects, while preserving ACLs, 
>> mountpoints etc.
>> Doing it this way will let AFS backups use the policies for objects, and 
>> also restores can
>> be performed via dsmc if necessary.
>> 
>
> Nice.
>
>   
>> There are a few nits, though, that I haven't found a good way to handle.  
>> Any suggestions
>> are welcome :-)
>>
>> First is the storage of AFS data inside of TSM.  TSM has three identifiers 
>> for an object:
>> - filespace (typically mount point)
>> - High-level name (path inside mount point)
>> - Low-level name (filename)
>> Ideally the filespace should be the volume name, but TSM gets _really_ slow 
>> if there are
>> too many (a few hundred) filespaces.  Currently I just give it the cellname, 
>> and stores
>> the volume name in the HL name (like /volume/path-in-volume).  Other ideas?
>> 
>
> Good that you have tested the filespace == volume thing. But the
> question "what happens when you have some hundred filespaces" could be
> a relevant one to the TSM 6 devel team. (TSM 6 is a major redesign I
> was told).
>   
We will probably test that in a not too distant future ourselves, even
if we won't
change version soon.  TSM 6 uses DB2 I think for keeping track of the
objects.

> Another numbers question: We have currently at least 98434720 files in
> our cell. I don't know how TSM would react with that in one filespace
> either.
>   
I know: It dislikes it :-) We have tested that too.  Around 2.5 million
files in one
filespace seems reasonable, more than that will get a little bit slower.
Therefore I added the ability to have more filespaces that can be easily
handled.  For example, the volumes "user.[a-e]*" can be put in a filespace
called /ltu.se/user.a-e.  We ran into this problem ourselves.

>> Second is the storage of attributes and ACLs.  There is a 255-byte space 
>> available for
>> storing object attributes connected to each object.  This is not enough to 
>> store the ACLs
>> as clear-text, so I have to do pts lookups to translate them to their 
>> internal numbers
>> and store as such in the attribute block.  Any better ideas of how to do 
>> this?
>> 
>
> Another question is when to backup the contents of a directory and
> what to store along with the directory and what along with the file.
> Plan for future file ACLs?
>   
Directory contents are given by the TSM design.  But for the attributes
I just store
the basic stuff and keep a version number, that can be incremented later.

-- Ragge

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

[OpenAFS] TSM client for OpenAFS

[Anders Magnusson]

Hi,

we are currently deploying OpenAFS here at the university and also are 
stuck with TSM
for backups.  Currently there doesn't seems to exist any good AFS backup 
client for TSM,
and just storing volume dumps is not too appealing, both due to backup 
storage space and

simpleness in restoring single files.

So I have written a client that uses the TSM API for backup.  It reads 
the data directly out
of a volume and store all files in TSM as objects, while preserving 
ACLs, mountpoints etc.
Doing it this way will let AFS backups use the policies for objects, and 
also restores can

be performed via dsmc if necessary.

There are a few nits, though, that I haven't found a good way to 
handle.  Any suggestions

are welcome :-)

First is the storage of AFS data inside of TSM.  TSM has three 
identifiers for an object:

- filespace (typically mount point)
- High-level name (path inside mount point)
- Low-level name (filename)
Ideally the filespace should be the volume name, but TSM gets _really_ 
slow if there are
too many (a few hundred) filespaces.  Currently I just give it the 
cellname, and stores

the volume name in the HL name (like /volume/path-in-volume).  Other ideas?

Second is the storage of attributes and ACLs.  There is a 255-byte space 
available for
storing object attributes connected to each object.  This is not enough 
to store the ACLs
as clear-text, so I have to do pts lookups to translate them to their 
internal numbers
and store as such in the attribute block.  Any better ideas of how to do 
this?


So, if someone beside us need to use TSM for AFS and are interested in 
using this

client, feel free to give comments/ideas/whatever... :-)

-- ragge
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] "afs: failed to store file (5)"

[Anders Magnusson]

Harald Barth wrote:
>> "afs: failed to store file (5)" now and then.
>> 
>
> This patch is currently the best guess:
>
> # cat STABLE14-rx-idledead-only-ignore-keepalives-20081222.patch
> --- src/rx/rx.c.orig2008-09-25 19:26:47.0 +0200
> +++ src/rx/rx.c 2009-03-12 18:01:22.0 +0100
> @@ -5380,7 +5380,7 @@
>   * idle connections) */
>  conn->lastSendTime = call->lastSendTime = clock_Sec();
>  /* Don't count keepalives here, so idleness can be tracked. */
> -if (p->header.type != RX_PACKET_TYPE_ACK)
> +if ((p->header.type != RX_PACKET_TYPE_ACK) || (((struct rx_ackPacket 
> *)rx_DataOf(p))->reason != RX_ACK_PING))
> call->lastSendData = call->lastSendTime;
>  }
>
>   
Hm, so this would mean that the error is just because of some time
counter do not get updated?
I'll see if I can apply it and test.  Thanks!

-- Ragge


>> There are lots of file accesses to the machine so I have no idea what
>> causing this.
>> 
>
> I'll leave that ...
>
>   
>> Anyone have an idea?  Is the message above fatal or will it try again to
>> save the file?
>> 
>
> The error is returned to the user.
>
> Harald.
>   

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

[OpenAFS] "afs: failed to store file (5)"

[Anders Magnusson]

Hi,

on one of our machines we tend to get the message "afs: failed to store
file (5)" now and then.
It sounds a little worrying :-/  The machines runs RHEL4.7 and OpenAFS
1.4.8.

If "5" in the error message is errno then it means EIO.

There are lots of file accesses to the machine so I have no idea what
causing this.

Anyone have an idea?  Is the message above fatal or will it try again to
save the file?

-- Ragge
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

[OpenAFS] Implementation questions.

[Anders Magnusson]

Hi,

I have some questions about how a few internal things in afs works.
I think I have found out how it works, just want to sanitycheck :-)

I want to check if a file has changed.  The elements to check are:
   Vnode and Unique in AFSFid
   DataVersion and dataVersionHigh in AFSFetchStatus
If one of these values has changed the file has changed, correct?

If I want to do backup of a file, the elements I want to save are,
besides the file data; Owner, Group, UnixModeBits, and ClientModTime
from AFSFetchStatus, OK?  And if it is a directory then the additional
ACL info must be saved.  Anything more that might be relevant?

-- Ragge

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] fileserver goes down overnight

[Anders Magnusson]

david l goodrich wrote:
> On Tue, Mar 24, 2009 at 02:27:35PM -0400, Steven Jenkins wrote:
>   
>> On Tue, Mar 24, 2009 at 2:13 PM, david l goodrich  wrote:
>> ...
>> 
> sprawl# ps auxw | grep /openafs/
> root ? 376 ?0.0 ?0.0 2316 ? ? 4 ? ? ? ? DW ? ?5:33PM 0:00.83 
> /usr/pkg/libexec/openafs/volserver
> root ? 727 ?0.0 ?0.0 8664 ?2384 ? ? ? ? IW /usr/pkg/libexec/openafs/fileserver
>
>   
>> ...
>>
>> Can you get a pstack and lsof of the volserver process?  (You may not
>> be able to even get that much info..).
>> 
> lsof, yes[1].  pstack, no, it's a NetBSD box and I can't find
> pstack for it.
>   
Please run ps axl  and ktrace -p 376 to see what you get.  It migth be a
xen bug.

-- Ragge
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] fileserver goes down overnight

[Anders Magnusson]

david l goodrich wrote:
> On Tue, Mar 24, 2009 at 10:39:24AM -0700, Russ Allbery wrote:
>   
>> david l goodrich  writes:
>>
>> 
>>> The past two nights, I've had one of my AFS fileserver go "down"
>>>
>>> I say "down" and not down because it's not totally nonfunctional.
>>>
>>> It thinks it's running fine:
>>>
>>> sprawl# bos status localhost -localauth
>>> Instance fs, currently running normally.
>>> Auxiliary status is: file server running.
>>>   
>> bos status -long is generally more useful.  However:
>> 
> Can do:
> sprawl# bos status localhost -localauth -long
> Instance fs, (type is fs) currently running normally.
> Auxiliary status is: file server running.
> Process last started at Mon Mar 23 17:33:57 2009 (3 proc
> starts)
> Last exit at Mon Mar 23 17:33:57 2009
> Command 1 is '/usr/pkg/libexec/openafs/fileserver'
> Command 2 is '/usr/pkg/libexec/openafs/volserver'
> Command 3 is '/usr/pkg/libexec/openafs/salvager'
>
> sprawl# ps auxw | grep /openafs/
> root   376  0.0  0.0 2316 4 ?   DW5:33PM 0:00.83 
> /usr/pkg/libexec/openafs/volserver
> root   727  0.0  0.0 8664  2384 ?   IW /usr/pkg/libexec/openafs/fileserver
>   
If the D flag in the ps line means the same on your system as on mine
you might
have problem.  D usually stands for a process waiting for I/O, and if it
don't leave
that state it means that it never completes.  The W flag normally stands
fro swapped out, and
you also seems to have nothing of the process resident.

You don't have any hardware complaints in messages?

-- Ragge
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] Re: "smbclient" for AFS?

[Anders Magnusson]

Andrew Deason wrote:

On Sat, 28 Feb 2009 17:44:12 +0100
Anders Magnusson  wrote:

  

Hi,

quick question before I go deeper into it:  Does it exist something
similar to "smbclient" for AFS?
For those who don't know; it's like an ftp client but for smb.  I want
something that do not need
the kernel stuff to access AFS space.



In addition to what Harald mentioned:

There's a program in /src/tests/ called `afscp` that can be built if
you download the openafs source, configure, make, then
`cd src/tests ; make afscp`. Unauthenticated access only, though, and
doesn't cache anything.
  

Great, this is close to what I want.  Thanks!
...I need it for backup purposes to get files directly out of afs space, 
so it's actually

the C code I was looking for :-)

I looked at arla-cli also but it is a complete afs client (with cache) 
so it's a little bit

too much stuff for my needs.

-- Ragge
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

[OpenAFS] "smbclient" for AFS?

[Anders Magnusson]

Hi,

quick question before I go deeper into it:  Does it exist something
similar to "smbclient" for AFS?
For those who don't know; it's like an ftp client but for smb.  I want
something that do not need
the kernel stuff to access AFS space.

-- Ragge
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] Windows client stop working after changing network adapters.

[Anders Magnusson]

Ok, thanks.  Hm, this was on a Dell Inspiron 8600. 

So the AFS problem is that Windows is resetting its network adapters
each 6 second,
and each time afsd needs to rebind to the MLA?  Ok, strange in that case.

It's also interesting that everything works fine until the first
disconnect (like changing from
wireless to cable), then it starts bailing out.

But OK,  we have some more things to go on now.  Thanks!

(will try Lenovo tomorrow, we usually buy those machines now...)

-- Ragge

Jeffrey Altman wrote:
> As a follow up to my own post.  The problem is not that this sequence of
> events is occurring.  It is supposed to.  The problem is that it is
> occurring as frequently as it is when there is no apparent reason for
> the network stack to be resetting its IP address.
>
> On one of the Lenovo laptops the Intel drivers for the wired adapter
> attempts to hide the status of the network from Windows in order to
> prevent XP from displaying the "not connected balloon" from the
> notification area.  The side effect of this is that the connection
> management software sees both the wireless and wired connections, turns
> off the wireless, then realizes the wired doesn't really exist, turns
> back on the wireless, thinks the wired is there, and repeats ...
>
> >From the user perspective the network performance sucks because there
> are a huge number of retries due to packet loss on the wireless
> interface.  From the perspective of afsd_service, the IP address list is
> constantly changing.
>
> The fix for this machine was to disable the wired adapter entirely
> because it was never being used.
>
> Jeffrey Altman
>
>
> Jeffrey Altman wrote:
>   
>> Anders:
>>
>> The NRC_BRIDGE error means that the IP address the netbios name "AFS" is
>> bound to is no longer available.  The afsd_service smb_Listener thread
>> therefore attempts to rebind the name to the existing adapter.  The
>> NRC_WILD error is a failure to be able to perform the re-bind.  It
>> therefore resets the adapter at the Netbios layer which breaks all
>> communication across the adapter and then rebinds.
>>
>> The smb_LanAdapterChange log message indicates that Windows has reported
>> a change in the IP address list (either an addition or removal of an IP
>> address) via the NotifyAddrChange() API.
>>
>> So the question you need to answer is "why is Windows modifying the IP
>> address list so frequently?"
>>
>> Jeffrey Altman
>>
>>
>> Anders Magnusson wrote:
>> 
>>> Hi,
>>>
>>> I got a report of this strange problem with the Windows client on a
>>> laptop. Client is 1.5.57, laptop is XP SP2:
>>>
>>> Logging in via VPN to the wireless network -> AFS works fine.
>>> Disconnect VPN, use wireless network directly (AFS is allowed) -> AFS
>>> stop working.
>>> Reconnecting via VPN does not help.
>>>
>>> Writing tokens says:
>>>
>>> C:\>tokens
>>> Tokens held by the Cache Manager:
>>> AFS device may not have started
>>>
>>> To me it sounds like the SMB gateway or AFS interface stop working, but
>>> looking at the
>>> configuration of the interface it seems OK.
>>>
>>> Note that this might happen after any change of network interfaces (like
>>> up/down), not
>>> necessarily an IP number change.  Also, it is not dependent of any VPN
>>> client to encounter
>>> the problem, using just plain wireless (or connecting/disconnecting
>>> cable) gives this result.
>>>
>>> Any hints?  I'll add the afsd_init.log below.
>>>
>>> The entries:
>>> 2009-02-25 09:57:10: smb_LanAdapterChange
>>> 2009-02-25 09:57:10: NCBLISTEN lana=10 failed with NRC_BRIDGE, retrying ...
>>> 2009-02-25 09:57:10: NCBLISTEN lana=10 failed with NRC_NOWILD, retrying ...
>>> always shows up when it stops talking.
>>>
>>> What can we do to debug this?
>>>
>>> -- Ragge
>>>
>>> 09:53:40: Create log file
>>> 09:53:40: Created log file
>>> PATH=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program
>>> Files\ATI Technologies\ATI Control
>>> Panel;C:\WINDOWS\system32\WindowsPowerShell\v1.0;C:\Program
>>> Files\MIT\Kerberos\bin;C:\Program Files\OpenAFS\Common;C:\Program
>>> Files\OpenAFS\Client\Program
>>> 2009-02-25 09:53:41: OEM Code Page = 850
>>> 2009-02-25 09:53:41: locale =  C
>>> 2009-02-25 09:53:41: running on 2000+ - using RegisterServiceCtrlHandlerEx
>>> 2009-02-25 09:53:41: C:\P

[OpenAFS] Windows client stop working after changing network adapters.

[Anders Magnusson]

Hi,

I got a report of this strange problem with the Windows client on a 
laptop. 
Client is 1.5.57, laptop is XP SP2:


Logging in via VPN to the wireless network -> AFS works fine.
Disconnect VPN, use wireless network directly (AFS is allowed) -> AFS 
stop working.

Reconnecting via VPN does not help.

Writing tokens says:

C:\>tokens
Tokens held by the Cache Manager:
AFS device may not have started

To me it sounds like the SMB gateway or AFS interface stop working, but 
looking at the

configuration of the interface it seems OK.

Note that this might happen after any change of network interfaces (like 
up/down), not
necessarily an IP number change.  Also, it is not dependent of any VPN 
client to encounter
the problem, using just plain wireless (or connecting/disconnecting 
cable) gives this result.


Any hints?  I'll add the afsd_init.log below.

The entries:
2009-02-25 09:57:10: smb_LanAdapterChange
2009-02-25 09:57:10: NCBLISTEN lana=10 failed with NRC_BRIDGE, retrying ...
2009-02-25 09:57:10: NCBLISTEN lana=10 failed with NRC_NOWILD, retrying ...
always shows up when it stops talking.

What can we do to debug this?

-- Ragge

09:53:40: Create log file
09:53:40: Created log file
PATH=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program 
Files\ATI Technologies\ATI Control 
Panel;C:\WINDOWS\system32\WindowsPowerShell\v1.0;C:\Program 
Files\MIT\Kerberos\bin;C:\Program Files\OpenAFS\Common;C:\Program 
Files\OpenAFS\Client\Program
2009-02-25 09:53:41: OEM Code Page = 850
2009-02-25 09:53:41: locale =  C
2009-02-25 09:53:41: running on 2000+ - using RegisterServiceCtrlHandlerEx
2009-02-25 09:53:41: C:\Program Files\OpenAFS\Client\Program\afsd_service.exe 
version 1.5.5700
2009-02-25 09:53:41: Num of Process Modules: 46
2009-02-25 09:53:41: C:\Program Files\OpenAFS\Client\Program\libosi.dll version 
1.5.5700
2009-02-25 09:53:43: C:\Program Files\OpenAFS\Common\afsrpc.dll version 1.5.5700
2009-02-25 09:53:44: C:\Program Files\OpenAFS\Common\afspthread.dll version 
1.5.5700
2009-02-25 09:53:44: C:\Program Files\OpenAFS\Common\afsauthent.dll version 
1.5.5700
2009-02-25 09:53:44: C:\Program Files\OpenAFS\Client\Program\libafsconf.dll 
version 1.5.5700
2009-02-25 09:53:44: osi_InitDebug code 0
2009-02-25 09:53:44: gethostname fdc-l017
2009-02-25 09:53:45: Lock Order Validation Off
2009-02-25 09:53:45: Trace Options = 0
2009-02-25 09:53:45: Default trace buffer size 1
2009-02-25 09:53:45: osi_LogCreate log addr 9958c0
2009-02-25 09:53:45: Cache size 50
2009-02-25 09:53:45: Chunk size 262144 (18)
2009-02-25 09:53:45: Block size 4096
2009-02-25 09:53:45: Defaulting to 4 background daemons
2009-02-25 09:53:46: Defaulting to 25 server threads
2009-02-25 09:53:46: Status cache entries: 2
2009-02-25 09:53:46: Default volume cache entries: 
2009-02-25 09:53:46: Default cell cache entries: 1024
2009-02-25 09:53:46: Logoff token transfer on
2009-02-25 09:53:46: Logoff token transfer timeout 120 seconds
2009-02-25 09:53:46: Default root volume name root.afs
2009-02-25 09:53:46: Mount root /afs
2009-02-25 09:53:47: Default cache path C:\WINDOWS\TEMP\AFSCache
2009-02-25 09:53:47: Cache type is FILE
2009-02-25 09:53:47: Cache Validation on Startup
2009-02-25 09:53:47: Set to trap on panic
2009-02-25 09:53:47: Sys name x86_win32 i386_w2k i386_nt40
2009-02-25 09:53:47: SecurityLevel is crypt
2009-02-25 09:53:47: CM ForceAnonVLDB is off
2009-02-25 09:53:47: DNS will be used to find AFS cell servers
2009-02-25 09:53:47: Freelance client feature is activated
2009-02-25 09:53:47: SMB Server Unicode Support is enabled
2009-02-25 09:53:47: Dot files/dirs will be marked hidden
2009-02-25 09:53:47: Maximum number of multiplexed sessions is 50
2009-02-25 09:53:47: Maximum number of VCs per server is 100
2009-02-25 09:53:47: SMB authentication type is EXTENDED
2009-02-25 09:53:47: RX Jumbograms are disabled
2009-02-25 09:53:47: RX extraPackets is 2176
2009-02-25 09:53:47: RX udpbufsize is 262144
2009-02-25 09:53:47: RX maximum MTU is 1260
2009-02-25 09:53:47: RX Peer Statistics gathering is enabled
2009-02-25 09:53:47: RX Process Statistics gathering is enabled
2009-02-25 09:53:47: RX Hot Thread is enabled
2009-02-25 09:53:47: CM CallBackPort is 7001
2009-02-25 09:53:47: EnableServerLocks: server requested
2009-02-25 09:53:47: CM DeleteReadOnly is 0
2009-02-25 09:53:47: CM BPlusTrees is 1
2009-02-25 09:53:47: No PrefetchExecutableExtensions
2009-02-25 09:53:47: CM OfflineReadOnlyIsValid is 0
2009-02-25 09:53:47: CM GiveUpAllCallBacks is 0
2009-02-25 09:53:47: CM FollowBackupPath is 0
2009-02-25 09:53:48: First Network address 82f062eb SubnetMask fc00
2009-02-25 09:53:48: lanmanworkstation : SessTimeout 45
2009-02-25 09:53:48: ConnDeadTimeout is 22
2009-02-25 09:53:48: HardDeadTimeout is 45
2009-02-25 09:53:48: Cache File "C:\WINDOWS\TEMP\AFSCache" already exists
2009-02-25 09:53:48: Existing File Size: :217747D4
2009-02-25 09:53:48: Granularity - 1
2009-02-25 09:53:48: Reusing existing AFS

Re: [OpenAFS] Longer volume names than 22 characters.

[Anders Magnusson]

Derrick Brashear wrote:
> On Tue, Feb 24, 2009 at 4:58 AM, Anders Magnusson  wrote:
>   
>> I took a quick look in the source code, and found that there are two
>> interesting defines (in volser.h):
>>
>> #define VOLSER_MAXVOLNAME 65
>> #define VOLSER_OLDMAXVOLNAME 32
>>
>> So, obviously someone has thought about allowing longer names, but the
>> checks seems to be against
>> the old name length so it don't work.
>> What is needed if we want to use longer names?  And may it cause
>> incompatibility with clients
>> or other cells or whatever?
>> 
>
> All vlserver calls already use 65:
> const   VL_MAXNAMELEN   =   65;
>   
So that means that the protocol (what is sent between the client and server)
is already "65-byte-clean"?

> Sadly, look what's on the on-disk volume header:
> typedef struct VolumeDiskData {
> struct versionStamp stamp;  /* Must be first field */
> VolumeId id;/* Volume id--unique over all systems */
> #define VNAMESIZE 32/* including 0 byte */
> char name[VNAMESIZE];   /* Unofficial name for the volume */
>   
Hm, grepping shows that it is used in a bunch of structs.  But besides
VolumeDiskData ,
I assume all of them are only used inside the binaries...?

> So basically, you'd have to upgrade that, including having an upgrade
> and downgrade path for volume headers (and then switch out vos
> anywhere you wanted to actually be able to manipulate the volumes)
>   
So what you mean is basically this:
- Change VNAMESIZE to 65
- Wrap VOLUMEINFOVERSION to 2
- Add compatibility code to where the struct is read from disk to
convert it to new internal format.
- Change all sanity checks for volume name length to new length.

> It's not actually all that hard, realistically.
>   
Probably not if there's knowledge of the internals :-)  Biggest problem
for me would be that
I don't have any clues of the side effects of changes I might cause :-)

-- Ragge

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

[OpenAFS] Longer volume names than 22 characters.

[Anders Magnusson]

I took a quick look in the source code, and found that there are two 
interesting defines (in volser.h):


#define VOLSER_MAXVOLNAME 65
#define VOLSER_OLDMAXVOLNAME 32

So, obviously someone has thought about allowing longer names, but the 
checks seems to be against
the old name length so it don't work. 

What is needed if we want to use longer names?  And may it cause 
incompatibility with clients

or other cells or whatever?

-- Ragge
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] AFS to NFS translator in Linux

[Anders Magnusson]

Daniel Richard G. wrote:
>> Where can I find some information on how to use the
>> AFS->NFS translator on
>> Linux?  (Does it even exist?)
>> 
>
> My understanding is that the translator currently does not work on Linux. (I 
> do believe it works on Solaris.)
>
>   
>> Basically, I'm looking for read-only access, in
>> situations where it's either
>> inconvenient or impossible to compile the AFS kernel
>> modules; I have a couple
>> of systems where the module compiles OK, but doesn't
>> load.  (Namely OpenSUSE
>> 11.1, using packages from build.opensuse.org)
>> 
>
> We use UNFS3 (http://unfs3.sf.net/) for this exact purpose, exporting to a 
> number of old-school Unix systems. I added proper AFS FID support to it 
> recently, so that its filehandle cache plays well with AFS. We run it via 
> kstart so that it keeps the tickets/tokens required to read what it needs out 
> of AFS.
>   
Interesting.  How do you handle access control for users?  Is that just
left to the
client with the normal uid/gid access bits?

-- Ragge


> I've been meaning to send a note about this to the list, to let folks know 
> about this new AFS->NFS option on Linux. If any AFS gurus could have a peek 
> at 
> afssupport.c in the codebase, I would be grateful for any feedback on the 
> implementation.
>
>
> --Daniel
>
>
> ___
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
>   

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] Volume space "lost in space".

[Anders Magnusson]

Harald Barth wrote:


We have encountered a strange error here on a volume.  vos examine (or fs lq) 
says that it is 15G in size,
but du can only find 4G in the volume.  salvager do not find anything wrong 
with the volume.
   



Have you told it to reattach orphan files during salvage?
 

No, I hadn't.  I didn't realize that "bos salvage" didn't complain 
directly but I needed to

do "bos getlog" to see it.  But Derrick corrected me :-)

-- Ragge

You may have salvaging errors. I think there was a bug in the salvager that was fixed in 1.4.8. 

 


Any hints?  The fileserver runs 1.4.5 (on RHEL4).  Reading the RELNOTES for the 
later releases
shows nothing about a fix for this problem.
   



Before you run the salvager across the volume, have a look at the file tree on 
/vicep*.
If your volume number is 4711:

$ /afs/stacken.kth.se/home/haba/bin/scripts/volid.pl  4711
4711:/vicep?/AFSIDat/b=/b7=

that is your tree. How big is that? If you make a tar of that and the
V04711 file, you have everything to start over if things go wrong.
Don't forget the -p when unpacking the tar, there _is_ info that
matters in these bits.

Harald.
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
 



___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

[OpenAFS] Volume space "lost in space".

[Anders Magnusson]

We have encountered a strange error here on a volume.  vos examine (or 
fs lq) says that it is 15G in size,
but du can only find 4G in the volume.  salvager do not find anything 
wrong with the volume.


Any hints?  The fileserver runs 1.4.5 (on RHEL4).  Reading the RELNOTES 
for the later releases

shows nothing about a fix for this problem.

-- Ragge
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] Integrated logon and locking/unlocking workstatations

[Anders Magnusson]

Jeffrey Altman wrote:
> Douglas E. Engert wrote:
>
>   
>> Jeff,
>> The netmgr can import tickets from MSLSA, but only appears to do this
>> at login or when the import credentials is selected.  Could it do this
>> on a periodic bases to check if the MSLA TGT might have been updated
>> by a screen unlock?  Or did I miss something?
>>
>> So if Ryan can use the Windows DC as the KDC, with renewable tickets
>> with a reasonable RenewUntil time, and the users unlock their machines
>> some time withing the RenewUntil time, they would never loose
>> their AFS token.
>> 
>
> There are lots of things NIM could do.  None of them are things that
> NIM does today. Therefore, NIM as currently shipped will not do what
> Ryan needs.
>
> The correct one is to receive notification that the LSA has new tickets
> and do something with them.   The only notifications I see are for
> terminal server.   I will need to research what other possibilities
> there are.
>   
Not that I know how any of these things works in Windows, but wouldn't it be
possible to get the LSA to keep track of and renew the afs ticket, and
then just
have a really small program that just asks the LSA for the afs principal
and convert
it to an afs token?  And then let the LSA handle everything around.

-- Ragge
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] Windows AFS client refuses to start.

[Anders Magnusson]

Jeffrey Altman wrote:

2008-08-28 14:20:40: Error mapping view of file: 8
2008-08-28 14:20:40: cm_InitMappedMemory code 66543208

ERROR_NOT_ENOUGH_MEMORY   winerror.h
# Not enough storage is available to process this command.

The size of the cache file is larger than the contiguous blocks of
memory in the afsd_service process.

Make your cache smaller.
  

Hm, the cache size is set to 800MB which works in all other computer labs.

What may be causing this, can it happen anytime?  And how little memory 
may it be
available?  Also, wouldn't it be better if afsd just complained in the 
log and resized the

cache file to something smaller that worked?

-- Ragge
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

[OpenAFS] Windows AFS client refuses to start.

[Anders Magnusson]

Hi,

we have entered a state on the computers in a newly installed WinXP lab 
where the afs daemon won't start, and I do not really understand what is 
the problem. 

I have attached the afsd_init.log file, someone (Jeffrey? :-)  may 
understand the magics written in it.


-- Ragge
14:20:30: Create log file
14:20:30: Created log file
PATH=C:\Program Files\Autodesk\Maya2008\bin;C:\Program Files\Autodesk\AliasStudio2009\bin;C:\Program Files\Hummingbird\Connectivity\12.00\Exceed;C:\PROGRA~1\MKSTOO~1\bin;C:\PROGRA~1\MKSTOO~1\bin\X11;C:\PROGRA~1\MKSTOO~1\mksnt;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\Windows Imaging\;C:\Program Files\MATLAB\R2008a\bin;C:\Program Files\MATLAB\R2008a\bin\win32;C:\Robcad\bin\;C:\Robcad\xml\;C:\Robcad\tools\;C:\Program Files\proeWildfire 4.0\bin;C:\Program Files\proeWildfire 4.0\mech\bin;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\MIT\Kerberos\bin;C:\Program Files\OpenAFS\Common;C:\Program Files\OpenAFS\Client\Program2008-08-28 14:20:30: OEM Code Page = 850
2008-08-28 14:20:30: locale =  C
2008-08-28 14:20:30: running on 2000+ - using RegisterServiceCtrlHandlerEx
2008-08-28 14:20:31: C:\Program Files\OpenAFS\Client\Program\afsd_service.exe version 1.5.3600
2008-08-28 14:20:31: Signature Verification disabled
2008-08-28 14:20:31: Num of Process Modules: 35
2008-08-28 14:20:31: C:\Program Files\OpenAFS\Client\Program\libosi.dll version 1.5.3600
2008-08-28 14:20:31: C:\Program Files\OpenAFS\Common\afsrpc.dll version 1.5.3600
2008-08-28 14:20:31: C:\Program Files\OpenAFS\Common\afspthread.dll version 1.5.3600
2008-08-28 14:20:31: C:\Program Files\OpenAFS\Common\afsauthent.dll version 1.5.3600
2008-08-28 14:20:31: C:\Program Files\OpenAFS\Client\Program\libafsconf.dll version 1.5.3600
2008-08-28 14:20:31: osi_InitDebug code 0
2008-08-28 14:20:31: gethostname LUL-F131-W001R
2008-08-28 14:20:31: Trace Options = 0
2008-08-28 14:20:31: Default trace buffer size 1
2008-08-28 14:20:31: osi_LogCreate log addr 9e5c20
2008-08-28 14:20:31: Cache size 80
2008-08-28 14:20:31: Chunk size 262144 (18)
2008-08-28 14:20:31: Block size 4096
2008-08-28 14:20:31: Defaulting to 4 background daemons
2008-08-28 14:20:31: Defaulting to 25 server threads
2008-08-28 14:20:31: Status cache entries: 2
2008-08-28 14:20:31: Default volume cache entries: 
2008-08-28 14:20:31: Default cell cache entries: 1024
2008-08-28 14:20:31: Logoff token transfer on
2008-08-28 14:20:31: Logoff token transfer timeout 120 seconds
2008-08-28 14:20:31: Default root volume name root.afs
2008-08-28 14:20:31: Mount root /afs
2008-08-28 14:20:31: Default cache path C:\WINDOWS\TEMP\AFSCache
2008-08-28 14:20:31: Cache type is FILE
2008-08-28 14:20:31: Cache Validation on Startup
2008-08-28 14:20:31: Set to trap on panic
2008-08-28 14:20:31: Sys name x86_win32 i386_w2k i386_nt40
2008-08-28 14:20:31: SecurityLevel is crypt
2008-08-28 14:20:31: CM ForceAnonVLDB is off
2008-08-28 14:20:31: DNS will be used to find AFS cell servers
2008-08-28 14:20:31: Freelance client feature is activated
2008-08-28 14:20:31: Dot files/dirs will be marked hidden
2008-08-28 14:20:31: Maximum number of multiplexed sessions is 50
2008-08-28 14:20:31: Maximum number of VCs per server is 100
2008-08-28 14:20:31: SMB authentication type is EXTENDED
2008-08-28 14:20:31: RX extraPackets is 120
2008-08-28 14:20:31: RX Peer Statistics gathering is enabled
2008-08-28 14:20:31: RX Process Statistics gathering is enabled
2008-08-28 14:20:31: RX Hot Thread is enabled
2008-08-28 14:20:31: CM CallBackPort is 7001
2008-08-28 14:20:31: EnableServerLocks: server requested
2008-08-28 14:20:31: CM DeleteReadOnly is 0
2008-08-28 14:20:31: CM BPlusTrees is 1
2008-08-28 14:20:31: No PrefetchExecutableExtensions
2008-08-28 14:20:31: CM OfflineReadOnlyIsValid is 0
2008-08-28 14:20:31: CM GiveUpAllCallBacks is 0
2008-08-28 14:20:31: CM FollowBackupPath is 0
2008-08-28 14:20:32: First Network address 82f04983 SubnetMask ff00
2008-08-28 14:20:32: HardDeadTimeout is 0
2008-08-28 14:20:32: IdleDeadTimeout is 30
2008-08-28 14:20:32: lanmanworkstation : SessTimeout 45
2008-08-28 14:20:32: ConnDeadTimeout is 22
2008-08-28 14:20:32: HardDeadTimeout is 45
2008-08-28 14:20:39: Cache File "C:\WINDOWS\TEMP\AFSCache" already exists
2008-08-28 14:20:40: Existing File Size: :346598CC
2008-08-28 14:20:40: Granularity - 1
2008-08-28 14:20:40: Configuration changed or Not a persistent cache file
2008-08-28 14:20:40: Error mapping view of file: 8
2008-08-28 14:20:40: cm_InitMappedMemory code 66543208
2008-08-28 14:20:40: afsd_InitCM failed: error initializing cache file (code = -1)
2008-08-28 14:20:40: --- begin dump ---
a - Dir Lookup   Hits: 0   
a -Misses: 0   
a - Enums: 0   
a -Create: 0   
a -Remove:

Re: [OpenAFS] Weird filenames with Visual Studio 2003 and OpenAFS 1.5.5[12]

[Anders Magnusson]

Charles Karney wrote:
> I recently upgraded my Windows XP machine from OpenAFS 1.5.32 to 1.5.51
> and then to 1.5.52.  With both versions, 1.5.5x, when I do compilations
> under Visual Studio 2003, I get error messages of the form:
>
>   Compiling...
>   cl : Command line error D2022 : cannot open
>  'u:\win\proj\src\latlongutmconversionlib\Release\RSP33.rsp'
>   Could not delete temporary file. Make sure that you do not have it
>  open and that the file is not protected.
>
> If I list the Release directory on a Linux box, I see that rsp file has
> some trailing junk characters (from find -ls)
>
>   37450452 1 -rwxrwxrwx 1 ckarney  ckarney 157 Aug 20 15:35
>  ./Release/RSP33.rsp\001\350\200\204
>
> Downgrading back to 1.5.32 gets rid of this problem.
>
> Perhaps this is some bug that's triggered by OpenAFS's support of
> Unicode filenames?
FYI:  I have seen exactly the same when trying to create mandatory
profiles using
OpenAFS 1.5.52 and using the windows profile export tool.  If necessary
I can come
up with a more descriptive error dump later.

This is _not_ the same problem as the other mandatory profile error I
mailed about yesterday.

-- Ragge
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] Problem with mandatory profiles on AFS.

[Anders Magnusson]

Jeffrey Altman wrote:

Debugging techniques are described in the Release Notes.
  
Yes, I've read them, but I didn't really understand how to parse all 
information

that I could get out from the system :-)


If the client comes to a complete halt it is likely a deadlock.
A number of deadlocks have been fixed in the 1.5.51 and 1.5.52
releases that have been present for quite some time.
  

No, it do not look like a deadlock, everything else continues and after the
timeout (error popup) everything is back to normal.

We have tried with 1.5.52 also, but no difference.

-- Ragge
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] Problem with mandatory profiles on AFS.

[Anders Magnusson]

Christof Hanke wrote:

On Tuesday 19 August 2008 11:52:02 Anders Magnusson wrote:
  

Hi,

first environment:  AFS servers running 1.4.5, Windows clients 1.5.36.

The problem is that when exporting mandatory profiles it usually works
fine, but on some
profiles it just hangs.  Looking at the task manager shows that both CPU
and network traffic stops,
and after a while an error message pops up (after I assume the SMB
timeout).

This happens about 700 files and 35MB into a profile of size 5000 files
and 125MB.

The directory where it fails contains 900 files with quite long names,
but it's not the
directory max-limit that is the problem.

Copying the profile just using Explorer works fine and has no problem.

The cache size on the client is set to 800MB (32-bit client).

Who can we debug this?  Any hints?  Have I missed something? :-)


Hmm, not that I know anything about the windows-client, but  maybe you should 
try the newest windows-client ?
It has unicode supported for funny names like "Smörebröd" in directories and 
profiles, which could lead to behaviour like that.
  

No, it's not the the character set that is the problem, it's something else.

-- Ragge
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

[OpenAFS] Problem with mandatory profiles on AFS.

[Anders Magnusson]

Hi,

first environment:  AFS servers running 1.4.5, Windows clients 1.5.36.

The problem is that when exporting mandatory profiles it usually works 
fine, but on some
profiles it just hangs.  Looking at the task manager shows that both CPU 
and network traffic stops,

and after a while an error message pops up (after I assume the SMB timeout).

This happens about 700 files and 35MB into a profile of size 5000 files 
and 125MB.


The directory where it fails contains 900 files with quite long names, 
but it's not the

directory max-limit that is the problem.

Copying the profile just using Explorer works fine and has no problem.

The cache size on the client is set to 800MB (32-bit client).

Who can we debug this?  Any hints?  Have I missed something? :-)

-- Ragge
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

[OpenAFS] Re: [OpenAFS-announce] OpenAFS 1.5.51 released (Production Version for Windows including UNICODE; Test Version for other platforms)

[Anders Magnusson]

Jeffrey Altman wrote:
[...]
>
>
>   * Large File support is disabled. (Bug introduced in 1.5.50)
>
Hm, what does this mean in reality?

-- Ragge

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] changing uid on anonymous.

[Anders Magnusson]

Jeffrey Altman skrev:

Anders Magnusson wrote:

Hi,

I want to change uid on the anonymous user to something else than 
32766, but I can't figure out how :-)


Just deleting the anonymous user and recreating it do not work;

# pts delete anonymous
pts: User or group doesn't exist so couldn't look up id for anonymous
# pts listentries -users | grep anonymous
anonymous  32766   -204-204

``how do I do?''

-- Ragge


The anonymous value is hard coded and is well known to the clients.
It cannot be changed.
Thanks, I got that info from Simon also. 
...which just means that I have to change the uid for a user instead.


-- Ragge
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

[OpenAFS] changing uid on anonymous.

[Anders Magnusson]

Hi,

I want to change uid on the anonymous user to something else than 32766, 
but I can't figure out how :-)


Just deleting the anonymous user and recreating it do not work;

# pts delete anonymous
pts: User or group doesn't exist so couldn't look up id for anonymous
# pts listentries -users | grep anonymous
anonymous  32766   -204-204

``how do I do?''

-- Ragge
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] Strange message when connecting a Windows Mobile phone.

[Anders Magnusson]

Jeffrey Altman wrote:


I assume you are still using the afscreds.exe tool and that is where
the error is coming from.  Switch to Network Identity Manager and you
won't see the error.
Hm, we have the Identity Manager installed, but you mean that the 
"Prevent AFSCreds.exe from starting..."
should be marked as well? 


-- Ragge

___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

[OpenAFS] Strange message when connecting a Windows Mobile phone.

[Anders Magnusson]

We've seen a strange window that popups when connecting a Windows Mobile 
phone (via USB) to a XP workstation with the AFS client installed.  It says:


KTC_NCOM: The service, Transarc AFS Daemon, most likely is not started! 
(0xb50307)
(ktc_GetToken()failed)


(modulo typing errors, written down by hand).  AFS on the XP machine 
continues to work, though, but people gets scared when it pops up :-)
I assume that it is because another network interface is created on the 
XP machine when the telephone is connected:


Ethernet adapter Local Area Connection 3:

   Connection-specific DNS Suffix  . :
   IP Address. . . . . . . . . . . . : 169.254.2.2
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :


So, is this something that should be configured somewhere or have we 
encountered a bug? :-)


-- Ragge
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] groups in groups, ptsviewers etc...

[Anders Magnusson]

Christopher D. Clausen skrev:

% pts listentries -groups seems to require that the user belongs to
system:administrators.



I don't think you realize just how many groups there are in some cells. 
Enumerating all of them is not useful in many cases.


Most users are probably fine just checking on their own group membership 
and using these groups to allow access to files.  pts mem  
will list the groups that a user is in.  And pts listowned  
will list the groups that a particular users "owns."
  
What I am thinking on is letting people give access to groups that they 
are not member of.
For example to let a teacher give and take rights for courses he gives; 
we have about 20k
of (auto-generated) student groups so it's good to be able to list them 
to find the right group :-)


-- Ragge
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] groups in groups, ptsviewers etc...

[Anders Magnusson]

Marcus Watts wrote:
Also, for people to be able to see what's in the protection database, 
they must obviously be members
of the (undocumented?) ptsviewers group. Is it safe just to add all 
people to this group or are there other

implications of doing so?



Depends on if you ever want private groups or not.

If you want everybody in your cell to be able to see group
membership by default, you're probably better off running ptserver this way:
/usr/afs/bin/ptserver -p 16 -default SOM-- SOM--
probably you will need to remake your ptserver instances in bos to do this.
  
As a follow-up to this question, is there a way to allow users to list 
the pts entries in some way?


% pts listentries -groups seems to require that the user belongs to 
system:administrators.


-- Ragge
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info

Re: [OpenAFS] groups in groups, ptsviewers etc...

[Anders Magnusson]

Great, exactly what I was wondering about!  Many thanks for your quick 
answer!


-- Ragge


Marcus Watts wrote:

Anders Magnusson <[EMAIL PROTECTED]> writes:
  

Date:Tue, 18 Mar 2008 10:26:26 BST
To:  openafs-info@openafs.org
From:Anders Magnusson <[EMAIL PROTECTED]>
Subject: [OpenAFS] groups in groups, ptsviewers etc...

Hi,

a few questions for which I don't seem able to find docs :-)

It seems like it is possible to recompile 1.4.6 with an option to get 
the possibility to put groups in groups.

- Is this feature considered stable for production use?



umich.edu has run with older versions of this feature for ages.
Obviously we consider it "ready for production".

  

- Will it allow for multiple levels of groups in groups?



Yes.  There's a fairly modest depth limit (defaults to 5).

  
- Is this a server-only feature or is the client affected as well (i.e. 
must the clients be recompiled?)



Mostly this affects ptserver.  Fileservers and clients do not need to
be recompiled.  "ListSuperGroups" is an rpc operation which only works
on supergroup aware clients, which would affect "ptclient" lsg command
and any custom code you wrote that called ubik_PR_ListSuperGroups.
For most ordinary purposes you won't need this and can use standard
clients.

Older versions of openafs only enabled some other useful but
unrelated features of pts if you compiled in supergroups support.
This should not be an issue with 1.4.6.

  
Also, for people to be able to see what's in the protection database, 
they must obviously be members
of the (undocumented?) ptsviewers group. Is it safe just to add all 
people to this group or are there other

implications of doing so?



Depends on if you ever want private groups or not.

If you want everybody in your cell to be able to see group
membership by default, you're probably better off running ptserver this way:
/usr/afs/bin/ptserver -p 16 -default SOM-- SOM--
probably you will need to remake your ptserver instances in bos to do this.

  

-- Ragge



-Marcus Watts
  


___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info