[OpenAFS] Windows: Keep tokens in an AD environment
Dear all, we use openafs with computers joined to an AD. Upon login, users receive Kerberos tickets, and Network Identity Manager (NIM) will acquire tokens from that. Windows will make sure that the user has Kerberos tickets all the time, but at least in our environment, the AFS tokens expire after a day. Is there any way to have NIM monitor the afs tokens and get new tokens if the kerberos tickts have an expiry date beyond that of the AFS tokens? Or would one write a logon script that calls aklog every half hour? Thanks and best wishes, Christian ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Re: [OpenAFS-devel] OpenAFS 1.8.7 available
Dear all, here is what I used for Denian buster to build packages: apt-get build-dep openafs [as root] as user, do not do this on server (tests may fail): mkdir afssrc cd afssrc apt-get source openafs cd openafs-1.8.2 quilt push -a quilt new fix-rx-overflow.patch quilt add src/rx/rx.c vi src/rx/rx.c [manually apply changes from gerrit] quilt refresh quilt header -e [Meaningful text describing patch in editor, include refference to gerrit pages] quilt pop -a vi debian/changelog [Insert a new version section at the top for 1.8.2-2, copy and edit from 1.8.2-1] fakeroot dpkg-buildpackage Best, Christian On 15.01.2021 12:04, Valtteri Vuorikoski wrote: Jakob Haufe writes: On Fri, 15 Jan 2021 10:17:54 + No, but 1.8.6-5 (containing the necessary patches) hit unstable yesterday. As it's been uploaded with urgency "emergency", it should migrate to bullseye today. You could either compile it for buster manually or apply the patches to 1.8.2-1 from buster if you want to stay with 1.8.2. Installing the sid/unstable package on bullseye/testing also works fine if you're in a hurry. buster might be a stretch. Rolled PPA updates to Ubuntu systems here and everything back in business now. -Valtteri ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] check in c (linux) whether a directory entry is a mount point for an AFS volume
Dear Ken, thank you, this is exactly what I was looking for. I can confirm that it works. The code from Michael were also very helpful. Thanks to all those who replied, Christian On 04/08/2018 06:40, Ken Hornstein wrote: >> is there an easy way to check in C (under linux) whether a directory >> entry is a mount point for an afs volume and maybe also obtain the name >> of the volume mounted? > > Assuming vanilla AFS ... the absolute easiest way to check to see if a > directory entry is a mount point is stat() the directory. If the inode > number of the directory is odd, it's a "real" directory. If the inode > number is even, it's a mount point. > > Determing the mount point NAME is more code from C; popen("fs lsm ") > might be the easist. You won't have to do it that often once you figure > out what is and isn't a mountpoint, though. > > --Ken > ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
[OpenAFS] check in c (linux) whether a directory entry is a mount point for an AFS volume
Hi all, is there an easy way to check in C (under linux) whether a directory entry is a mount point for an afs volume and maybe also obtain the name of the volume mounted? Thanks, Christian ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
[OpenAFS] OpenAFS Windows Package
We are migrating our Windows workstations from one domain to a new domain. Our issue is moving workstations from one Active Directory Domain to another. When we move a workstation from the source to the target and reboot, when the machine boots it take quite some time for the logon screen to appear, then we enter our credentials and select Enter and it hangs again, we have to hit "CTRL + ALT + Delete" to get past the logon once we enter credentials. Once we get to the Desktop intermittent programs will not fire nor function. If we reboot back into SAFEMODE and set the TransarcAFSDaemon to start manually so it doesn't start, we can boot the workstation normally login normally. If we start the service the symptoms persist. We cannot fix this by uninstalling and reinstalling the client Has anyone ever ran into this issue? Thank you in advance. Christian Watkins University of Pittsburgh Information Technology (CSSD) Office: 412.624.2974 Infrastructure cmw...@pitt.edu<mailto:cmw...@pitt.edu> Service Operations Center Help Desk - 412.624.HELP or http://technology.pitt.edu<http://technology.pitt.edu/> Get Help - http://technology.pitt.edu/helprequest/
[OpenAFS] Request for Assistance with OpenAFS - Windows Client
I am migrating windows workstations from one domain to another. When the workstation is migrated to the new domain and I login, certain applications in the interface will not start. If I stop the TransarcAFSDaemon service I don't have any issues. If I uninstall and reinstall the client I have the same issue. Has anyone run into this issue? Thank you Christian Watkins University of Pittsburgh Information Technology (CSSD) Office: 412.624.2974 Infrastructure cmw...@pitt.edu<mailto:cmw...@pitt.edu> Service Operations Center Help Desk - 412.624.HELP or http://technology.pitt.edu<http://technology.pitt.edu/> Get Help - http://technology.pitt.edu/helprequest/
Re: [OpenAFS] Re: RPC service unavailable, windows client, udebug works
Am 06.11.2014 18:13, schrieb Andrew Deason: > On Thu, 06 Nov 2014 00:18:36 +0100 > Christian wrote: > >> windump.exe -i blah host 130.75.103.223 and host 130.75.102.221 and >> not tcp >> >> gives me just an arp who-has and reply. > [...] >> windump.exe -i blah port 7000 and udp >> turns up nothing when I click on directories on the "problem" >> fileserver and plenty of traffic when I browse the "good" fileserver >> (130.75.103.221). > Well, to be more certain of capturing something, I would try capturing > for the entire time the client machine is up. That is, start capturing > on the openvpn endpoint (or some other machine that can see the traffic) > and reboot the windows machine. (If that's not possible, you can instead > just try capturing for a long period of time, over 10 minutes or to be > extreme maybe an hour, and trying to access the bad server again.) > > If you still don't see any 7000 traffic to that fileserver, while > capturing for the entire time the client is running (boot up to > shutdown), then I don't know. Jeff will need to handle that, and you > may need to capture some traces or whatnot, to see why we would not be > hitting the net at all. Hm. I rebooted the machine, and it is talking to the server again. Next time this happens (from experience, I am pretty sure it will...), would it be helpful to get a debug log along the lines of http://www.openafs.org/dl/openafs/1.7.31/winxp/ReleaseNotes/html/index.html#ch04s03.html ? Thanks, Christian ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Re: RPC service unavailable, windows client, udebug works
Am 05.11.2014 23:57, schrieb Andrew Deason: >> Sorry. Noticed that just after the email went out. rxdebug >> 130.75.103.223 works just fine from the client. So now I am trying >> >> tcpdump -n host 130.75.103.223 and host 130.75.102.221 and udp >> >> both on the client or on the server. When I click on one of the >> directories which reside on volumes on 130.75.103.223, I get the "RPC.. >> message " again, but I do not capture any traffic on the client. If I do >> a "fs checkservers" on the client, I capture on the client: > Well, you didn't see any traffic over port 7000, so that's still not > quite helpful yet. What may be happening is that the client has already > determined that the server was down, so it doesn't try to contact it. I > would imagine we would try to contact the server on an 'fs > checkservers', but maybe there is some detail of the Windows client I'm > missing. > > Do you see packets go to port 7000 while running that 'rxdebug -version' > command? If you don't see those packets go across during that, you're > certainly not going to see any real traffic, and you'd need to figure > out that first. 00:05:35.557992 IP 130.75.102.221.49902 > 130.75.103.223.7000: rx version (29) 00:05:35.589045 IP 130.75.103.223.7000 > 130.75.102.221.49902: rx version (93) > You may try just looking at those IPs and not restricting to UDP, just > to see what traffic is going by. Or if there is too much TCP traffic, > try excluding TCP traffic instead of including UDP traffic. If IP > fragments are in play, you will see packets that will be identified as > neither UDP nor TCP (but you should still see at least _one_ packet > going to UDP port 7000, so that doesn't explain to me why you wouldn't > see any). windump.exe -i blah host 130.75.103.223 and host 130.75.102.221 and not tcp gives me just an arp who-has and reply. > Or, you can try just capturing port 7000 UDP on the client side (not > restricted to any IP). You must see at least one packet going to port > 7000 UDP at some point when the client is trying to access something. If > the client ever reports the fileserver coming back up, we must have sent > and received packets over port 7000 UDP. windump.exe -i blah port 7000 and udp turns up nothing when I click on directories on the "problem" fileserver and plenty of traffic when I browse the "good" fileserver (130.75.103.221). > Also, are you certain those are the only IPs that the client and server > have? If they also have other IPs assigned to them, the traffic could be > going over those. The servers have private interfaces too, which are on a different subnet and not connected to the rest. The fileservers have been told to ignore these interfaces via NetInfo/NetRestrict. Thanks, Christian ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Re: RPC service unavailable, windows client, udebug works
Am 05.11.2014 23:42, schrieb Andrew Deason: > On Tue, 04 Nov 2014 16:05:24 +0100 > Christian wrote: > >> on some of our windows clients (win7 enterprise x64, openafs 1.7.31), we >> are seeing issues where if I try to access a volume on a given server, >> it gives me "RPC service unavailable". This only happens for one of our >> two file and db servers, which are both almost identical (the first one >> has in fact been cloned from the second one). > A new sub-thread for this because this _probably_ isn't a problem, but > just to make sure... > > When you say you cloned one of the servers from the other, I assume you > didn't, say, copy all of the files (or disk image, etc) after installing > a running fileserver? Specifically what I'm getting at is that the > directory /var/lib/openafs/local (/usr/afs/local for transarc paths) is > intended to _not_ be identical across machines; it contains (among other > things) a file containing the identity of the fileserver. If the > contents of that were duplicated across machines, it would cause very > strange behavior indeed. No, I paid attention to that specifically. md5sum /var/lib/openafs/local/sysid gives different results on both server machines. But thanks for checking, Christian ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Re: RPC service unavailable, windows client, udebug works
Am 05.11.2014 22:24, schrieb Jeffrey Altman: > On 11/5/2014 4:10 PM, Christian wrote: >> This is the result of >> udebug 130.75.103.223 7000 >> on the client, which fails with >> "return code -2 from VOTE_debug" >> > > udebug will not work against port 7000 since the File Server is not a > UBIK service. > > The UBIK services are VL (7003), PT (7002), ... Sorry. Noticed that just after the email went out. rxdebug 130.75.103.223 works just fine from the client. So now I am trying tcpdump -n host 130.75.103.223 and host 130.75.102.221 and udp both on the client or on the server. When I click on one of the directories which reside on volumes on 130.75.103.223, I get the "RPC.. message " again, but I do not capture any traffic on the client. If I do a "fs checkservers" on the client, I capture on the client: 22:43:40.811047 IP 130.75.102.221.7001 > 130.75.103.223.7003: rx data vldb call probe (32) 22:43:40.817684 IP 130.75.103.223.7003 > 130.75.102.221.7001: rx data vldb reply probe (28) 22:43:40.817808 IP 130.75.102.221.7001 > 130.75.103.223.7003: rx ack first 2 serial 0 reason delay (65) and on the server: 22:43:40.895858 IP 130.75.102.221.7001 > 130.75.103.223.7003: rx data vldb call probe (32) 22:43:40.896015 IP 130.75.103.223.7003 > 130.75.102.221.7001: rx data vldb reply probe (28) 22:43:40.900661 IP 130.75.102.221.7001 > 130.75.103.223.7003: rx ack first 2 serial 0 reason delay (65) Thanks, Christian ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Re: RPC service unavailable, windows client, udebug works
On Tue, 04 Nov 2014 16:05:24 +0100 Christian wrote: >> on some of our windows clients (win7 enterprise x64, openafs 1.7.31), we >> are seeing issues where if I try to access a volume on a given server, >> it gives me "RPC service unavailable". This only happens for one of our >> two file and db servers, which are both almost identical (the first one >> has in fact been cloned from the second one). Servers run openafs >> 1.6.9-1~bpo7 from wheezy-backports on debian wheezy. While that is >> happening, "fs checkservers" reports that particular server as being >> down. > Does syslog report the server coming back up later, if you don't try to > access anything? Sometimes. I can sometimes also "fix" it by completely uninstalling the AFS client and reinstalling it. >> udebug 7003 works, though, and I can ping that server or >> ssh to it just fine. Should I post trace logs and udebug output for >> people to look at, or what is the appropriate way to debug this? Thanks >> a lot, > It's much more likely that you're failing to contact the fileserver > (port 7000), not the vlserver (port 7003). You can check basic > connectivity for that with 'rxdebug 7000 -version'. > > But that will probably just succeed and won't tell you anything. What > would really tell you what's happening is if you could capture AFS > traffic (udp port 7000) close to the client, and close to the server (at > least, 'before' and 'after' the openvpn link). If Jeff's suggestion is > what is happening, you'll see packets that appear to be sent on the > server side, but will not appear on the client side. Specifically, you'd > see packets over a certain size not appear on the client side. > > You can either look at the dump yourself in wireshark or something, or > provide it for one of us to look at. But you don't really need to know > anything about AFS to do the above analysis; just see if larger packets > appear in one dump but not the other. > > If you determine that what Jeff mentioned is what's happening, and you > can't fix or alter the thing that's dropping packets, you might be able > to change a setting in the Windows client to reduce the max size of > packets that we use (RxMaxMTU). Or change the MTU on the local > interface; I don't recall what the specifics are of changing this on > Windows. OK, so udebug 7000 130.75.103.223 fails on that machine. But it also fails for our other server which I can access via the afs client just fine. So I did this: (on the file server, 130.75.103.223) tcpdump -n host 130.75.103.223 and host 130.75.102.221 and udp 22:00:42.166283 IP 130.75.102.221.55607 > 130.75.103.223.7000: rx data fs call op#10006 (32) 22:00:42.166401 IP 130.75.103.223.7000 > 130.75.102.221.55607: rx abort (32) 22:00:42.169060 IP 130.75.102.221.55607 > 130.75.103.223.7000: rx data fs call op#10004 (32) 22:00:42.169157 IP 130.75.103.223.7000 > 130.75.102.221.55607: rx abort (32) (on the client, 130.75.102.221) windump.exe -n -i blah host 130.75.103.223 and host 130.75.102.221 and udp 22:00:42.166283 IP 130.75.102.221.55607 > 130.75.103.223.7000: rx data fs call op#10006 (32) 22:00:42.166401 IP 130.75.103.223.7000 > 130.75.102.221.55607: rx abort (32) 22:00:42.169060 IP 130.75.102.221.55607 > 130.75.103.223.7000: rx data fs call op#10004 (32) 22:00:42.169157 IP 130.75.103.223.7000 > 130.75.102.221.55607: rx abort (32) This is the result of udebug 130.75.103.223 7000 on the client, which fails with "return code -2 from VOTE_debug" Bizarre. I cannot see much of a difference... Thanks for looking into this, Christian ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
[OpenAFS] RPC service unavailable, windows client, udebug works
Dear all, on some of our windows clients (win7 enterprise x64, openafs 1.7.31), we are seeing issues where if I try to access a volume on a given server, it gives me "RPC service unavailable". This only happens for one of our two file and db servers, which are both almost identical (the first one has in fact been cloned from the second one). Servers run openafs 1.6.9-1~bpo7 from wheezy-backports on debian wheezy. While that is happening, "fs checkservers" reports that particular server as being down. udebug 7003 works, though, and I can ping that server or ssh to it just fine. Should I post trace logs and udebug output for people to look at, or what is the appropriate way to debug this? Thanks a lot, Christian PS: I should add that this particular client we are looking at right now is on the same subnet as the servers, but connected via a layer 2 bridge with openvpn. I cannot recall whether or not I have observed this behavior on clients hooked up directly. ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] >2TB vicep partitions, windows client
Jeffrey, thanks for the quick answer. Upgrading to 1.6.9 from wheezy-backports fixed these issues. Thanks a lot! Best, Christian Am 01.11.2014 17:01, schrieb Jeffrey Altman: > On 11/1/2014 11:48 AM, Christian Lists wrote: >> >>>> Dear all, >>>> >>>> we are seeing some issues with a file server with a 6TB vicepb >>>> partition. Whenever I map a drive to a volume located on that server, it >>>> shows -1024 B left of space, and the "slider" indicating storage usage >>>> is red and indicates that the drive is completely filled up. The total >>>> capacity reported corresponds to the quota (which is far from being >>>> exceeded). This does not happen on our other file servers, which have >>>> <2TB vicep partitions. Is this a known issue? Thanks a lot, >>>> >>>> Christian >>> >>> For some versions of file servers, yes, it is known issue. >>> >>> What versions of file servers and clients are you running? >>> >>> >> 1.6.1-3+deb7 from debian wheezy on the servers and 1.7.31 on windows7 >> x64 enterprise clients. Thanks, > > The fix was applied to the 1.6 series in 1.6.2. > > commit a64864529d1fca2b5a3f4d21ec598982be335368 > Author: Jeffrey Altman > Date: Mon Apr 2 22:35:41 2012 -0400 > > viced: AFSDisk, AFSFetchVolumeStatus Int31 PartSize > > The AFSDisk and AFSFetchVolumeStatus structures use signed > 32-bit integers for representation partition size and > available blocks. RoundInt64ToInt31() should be used instead > of RoundInt64ToInt32() when assigning their values. > > Change-Id: I3834141fce2d54ce8bdfac3dc566074583bb305e > > > ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] >2TB vicep partitions, windows client
> > Dear all, > > > > we are seeing some issues with a file server with a 6TB vicepb > > partition. Whenever I map a drive to a volume located on that server, it > > shows -1024 B left of space, and the "slider" indicating storage usage > > is red and indicates that the drive is completely filled up. The total > > capacity reported corresponds to the quota (which is far from being > > exceeded). This does not happen on our other file servers, which have > > <2TB vicep partitions. Is this a known issue? Thanks a lot, > > > > Christian > > For some versions of file servers, yes, it is known issue. > > What versions of file servers and clients are you running? > > 1.6.1-3+deb7 from debian wheezy on the servers and 1.7.31 on windows7 x64 enterprise clients. Thanks, Christian
[OpenAFS] >2TB vicep partitions, windows client
Dear all, we are seeing some issues with a file server with a 6TB vicepb partition. Whenever I map a drive to a volume located on that server, it shows -1024 B left of space, and the "slider" indicating storage usage is red and indicates that the drive is completely filled up. The total capacity reported corrresponds to the quota (which is far from being exceeded). This does not happen on our other file servers, which have <2TB vicep partitions. Is this a known issue? Thanks a lot, Christian ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
[OpenAFS] OSX, unicode filenames, finder
Dear all, while trying to help our OSX users, I have come across the following issue: When a filename created under linux or windows contains letters with diacritics (German, in my case), the finder will briefly display something and then show the entire folder as empty. From the shell, everything works OK. I understand that this must be due to the Unicode NFC vs. NFD issue with the finder mentioned e. g. in the windows client release notes: http://www.openafs.org/dl/openafs/1.7.28/winxp/ReleaseNotes/html/index.html#chap_3.html#d6e125 How do other people deal with this? I am not a MacOS expert in any way, but I thought about recommending some other file manager to my users, so they can at least rename files with diacritics to the "ue", "oe", "ae" or whatever form and then access them... Can anybody recommend an alternative filemanager or some other workaround? Any help is appreciated... Happy new year 2014, Christian ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] not enough space in target directory
Jeffrey, Hm. Sorry if I wasn't clear. I am not sure if we have a support contract or not. I am just a part-time sysadmin at a University institute. My main job is running a research group in physics. I hadn't been able to find out from the central IT people at the University level whether we have a support contract for Windows :-( so we probably don't... Is there a way to find out whether one has a support contract? Christian Am 14.10.2013 15:59, schrieb Jeffrey Altman: > Christian, > > Feel free to make noise wherever you wish but the reality is that when > Microsoft has a the choice to make between developers spending time on > the Shell and addressing bugs with its own tools (SkyDrive, ReFS, etc) > or those of third party products, Microsoft is going to focus on its own > stuff unless an entity (or an effected community) is paying them > sufficient money to make it worthwhile. In the end it requires multiple > paid support contract reports to raise the profile of the bug enough > that it will be fixed. > > Jeffrey Altman > > On 10/14/2013 9:33 AM, Christian wrote: >> Jeffrey, >> >> thanks for the hint. I had been blaming this on myself, suspecting >> something was not correctly configured. >> >> Now I have a really dumb question: is this one of the things you can >> only do with a support contract? Or via connect.microsoft.com? Is there >> any additional information I should submit? We are a University in >> Germany and run Windows 7 Enterprise... >> >> Best, >> >> Christian >> >> Am 05.10.2013 02:18, schrieb Jeffrey Altman: >>> File a bug report with Microsoft if the problem is experienced when >>> using the explorer shell or applications relying upon the shell api for >>> file access. >>> >>> This is a known bug in the explorer shell and Microsoft has been working >>> on it for more than six months. As with all Windows bugs, a fix is >>> prioritized based upon the number of complaints received from paying >>> support customers. >>> >>> Jeffrey Altman >>> >>> On 10/4/2013 6:36 PM, Christian wrote: >>>> All, >>>> >>>> we are seeing some weird issues with the windows client (1.7.26, but hat >>>> also seen that with previous 1.7 versions). Often, when attempting to >>>> write data, my users get a popup box complaining about insufficient >>>> space in the target directory. In those cases, writing the data to the >>>> RW path (.cell.name) instead works just fine. Note that the volumes >>>> which are being accessed in those cases do NOT have RO replicas, just >>>> some of the volumes from which they are mounted. Write access just fails >>>> intermittently when accessed through a path which contains OTHER >>>> replicated volumes. >>>> >>>> So, for example, say that the volume "users" containing the mount points >>>> for the individual user volumes is replicated. Then write access to >>>> /afs/our.cell/users/joe.user will fail intermittently, while writing to >>>> /afs/.our.cell/users/joe.user always works. We use dynroot and SRV records. >>>> >>>> I have read the debugging instructions, but I am a little unsure about >>>> how we should proceed here. What should I do? Try fs trace? >>>> >>>> Thanks, >>>> >>>> Christian >>>> ___ >>>> OpenAFS-info mailing list >>>> OpenAFS-info@openafs.org >>>> https://lists.openafs.org/mailman/listinfo/openafs-info >>> >> >> ___ >> OpenAFS-info mailing list >> OpenAFS-info@openafs.org >> https://lists.openafs.org/mailman/listinfo/openafs-info >> > ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] not enough space in target directory
Jeffrey, thanks for the hint. I had been blaming this on myself, suspecting something was not correctly configured. Now I have a really dumb question: is this one of the things you can only do with a support contract? Or via connect.microsoft.com? Is there any additional information I should submit? We are a University in Germany and run Windows 7 Enterprise... Best, Christian Am 05.10.2013 02:18, schrieb Jeffrey Altman: > File a bug report with Microsoft if the problem is experienced when > using the explorer shell or applications relying upon the shell api for > file access. > > This is a known bug in the explorer shell and Microsoft has been working > on it for more than six months. As with all Windows bugs, a fix is > prioritized based upon the number of complaints received from paying > support customers. > > Jeffrey Altman > > On 10/4/2013 6:36 PM, Christian wrote: >> All, >> >> we are seeing some weird issues with the windows client (1.7.26, but hat >> also seen that with previous 1.7 versions). Often, when attempting to >> write data, my users get a popup box complaining about insufficient >> space in the target directory. In those cases, writing the data to the >> RW path (.cell.name) instead works just fine. Note that the volumes >> which are being accessed in those cases do NOT have RO replicas, just >> some of the volumes from which they are mounted. Write access just fails >> intermittently when accessed through a path which contains OTHER >> replicated volumes. >> >> So, for example, say that the volume "users" containing the mount points >> for the individual user volumes is replicated. Then write access to >> /afs/our.cell/users/joe.user will fail intermittently, while writing to >> /afs/.our.cell/users/joe.user always works. We use dynroot and SRV records. >> >> I have read the debugging instructions, but I am a little unsure about >> how we should proceed here. What should I do? Try fs trace? >> >> Thanks, >> >> Christian >> ___ >> OpenAFS-info mailing list >> OpenAFS-info@openafs.org >> https://lists.openafs.org/mailman/listinfo/openafs-info > ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
[OpenAFS] not enough space in target directory
All, we are seeing some weird issues with the windows client (1.7.26, but hat also seen that with previous 1.7 versions). Often, when attempting to write data, my users get a popup box complaining about insufficient space in the target directory. In those cases, writing the data to the RW path (.cell.name) instead works just fine. Note that the volumes which are being accessed in those cases do NOT have RO replicas, just some of the volumes from which they are mounted. Write access just fails intermittently when accessed through a path which contains OTHER replicated volumes. So, for example, say that the volume "users" containing the mount points for the individual user volumes is replicated. Then write access to /afs/our.cell/users/joe.user will fail intermittently, while writing to /afs/.our.cell/users/joe.user always works. We use dynroot and SRV records. I have read the debugging instructions, but I am a little unsure about how we should proceed here. What should I do? Try fs trace? Thanks, Christian ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Find windows openafs version
Can't you use wpkg tests for that, since you are using wpkg anyway? I'd be happy to share our wpkg config for openafs... Best, Christian Am 22.08.2013 16:39, schrieb Christof Hanke: > Hi, > Am 22.08.2013, 16:33 Uhr, schrieb Gémes Géza : > >> Sorry for this slightly off topic question, but what is the >> recommended way to find out the version of the openafs installation. >> I ask this because I wrote different installation scripts (which take >> into account if the installation is 32 or 64 bit), (using wpkg to >> deploy them), but the problem is always the same: Is the installed >> version the newest, or it needs to be upgraded? > > not sure if it is recommended, > but executing "rxdebug localhost 7001 -v" > should give you what you need. > > Cheers, > > Christof > > ___ > OpenAFS-info mailing list > OpenAFS-info@openafs.org > https://lists.openafs.org/mailman/listinfo/openafs-info ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] scan client version
All, Thanks for all the useful input. I will look into what I can do on the KDCs. Best, Christian Am 01.08.2013 21:01 schrieb "Jeffrey Hutzelman" : > On Thu, 2013-08-01 at 12:30 -0400, Jeffrey Altman wrote: > > > > The rxkad-kdf change does not get rid of 1DES. It simply permits the > > afs cell key to be a non-1DES key. All wire encryption and the actual > > rxkad challenge/response is still performed using 1DES. > > Actually, that's not strictly true. Using rxkad-kdf effectively does > eliminate use of DES. As always, wire encryption and challenge/response > are performed using fcrypt, not DES. Not that this should make anyone > feel better... > > -- Jeff > > ___ > OpenAFS-info mailing list > OpenAFS-info@openafs.org > https://lists.openafs.org/mailman/listinfo/openafs-info >
[OpenAFS] scan client version
All, this might have come up before, but I wasn't able to find it. Given the need to upgrade all clients to fully get rid of 1des, is there a way to do an inventory of client versions on a subnet, either by some sort of scan, or by looking at server logs? Thanks to all those of you involved in finally getting rid of 1DES and for the excellent documentation, Christian ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Re: dbserver, cloning
Am 15.05.2013 20:19, schrieb Andrew Deason: On Wed, 15 May 2013 09:40:50 +0200 Christian wrote: we plan to upgrade one of our dbservers (scientific linux 5.3) to debian by rsyncing the installation of our other dbserver, which already runs debian (both systems x64). WRT openafs, I think I need to: Do you mean "dbserver" as in, afs dbserver? That is, a machine running ptserver, vlserver, etc. Yes. I'm not sure I'm completely clear on what you're doing. It sounds like you're taking all of the openafs-related files from an existing openafs dbserver, and just copying them all to the machine you're upgrading. Wouldn't you rather just install openafs on the box, and copy over the configuration bits that need copying? I'm cloning the entire Debian installation from our second dbserver machine, which already runs Debian, to the first one (which runs SL 5.3 right now) with rsync. Everything. Then I change the hostname, /etc/network/interfaces, a couple of keytabs and ssl keys, and that will be it. This works fine usually. The two dbservers are virtually identical as far as their roles and configurations are conerned. The result is a well-behaved debian system again. I'm trying to figure out whether there are specific files I need to pay attention to as far as cloning an afs dbserver installation to replace an existing installation is concerned. Sorry if I was not clear on that. /vicep? partitions of the old SL5.3 installation (on separate raid sets) will just be mounted to the rsynced debian installation. For a fileserver hosting volumes, the "proper" way to migrate it is to bring up a new fileserver, and 'vos move' all of the volumes to it. But that can take a lot of unnecessary time if you're not physically moving the volume data. If you're reinstalling the OS, but keeping the /vicep* partitions around (these are separate disks? or SAN or something?), this is also possible. The conceptual fileserver "identity" is kept in a file called /usr/afs/local/sysid (RHEL/SL) or /var/lib/openafs/local/sysid (Debian). If you're destroying the old fileserver installation, configuration, etc, you want to move that file from the old (scientific linux) installation to the new (Debian) installation. Ah. OK. That answers my question, it seems. Do NOT copy the 'sysid' file from the other existing Debian dbserver. Or maybe to be more generally proper, don't copy the contents of /usr/afs/local (or /var/lib/openafs/local) between server instances at all. Just move the sysid file from the scientific linux server, and create anew any required configuration in there. As you say, if you use NetInfo/NetRestrict, you'll need those in there. And you can put a BosConfig in there, though the more 'proper' way is to generate it using commands like 'bos create'. For dbserver database files, you shouldn't need to copy anything over. They will be synced from the existing dbserver(s). It can be faster to copy them yourself, but just not doing that can reduce steps. OK. Great. Thanks for the info! Best, Christian ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
[OpenAFS] dbserver, cloning
Hi all, we plan to upgrade one of our dbservers (scientific linux 5.3) to debian by rsyncing the installation of our other dbserver, which already runs debian (both systems x64). WRT openafs, I think I need to: * make sure NetInfo and NetRestrict are correct * make sure all partitions (/vicep? and /var/cache/openafs) are mounted correctly before I start the server How about the vldb and the list of volumes on the server? Do I need to do anything here? Thanks, Christian ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Unable transferring files larger than 2147483647 bytes with up on i386
On Wed, Mar 20, 2013 at 7:09 PM, Simon Wilkinson wrote: > > On 20 Mar 2013, at 18:01, Jeffrey Altman wrote: > >> I suspect the correct solution is to add >> >> #define _FILE_OFFSET_BITS64 >> >> to the appropriate src/config/param.*.h file for the platform in >> question in the #ifndef UKERNEL section. > > The correct fix to this is to use the autoconf macro that checks for 64 bit > file size support, and use that throughout. We've talked about this on a > number of occasions, but the impact on the fileserver (in particular) has > made everyone too nervous to make the switch. We should probably do so, > though, as it will solve a whole host of 64bit issues. > Thank you for your answers. I guess I will continue to use my 64-bit built version of "up" until this feature is included in the main repository. Christian ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
[OpenAFS] Unable transferring files larger than 2147483647 bytes with up on i386
Hi, I'm using Ubuntu 11.04 on an i386. The OpenAFS packages are of version 1.4.14+dfsg-1+ubuntu1. I noticed that it was not possible to transfer files larger than 2147483647 bytes with "up" (it's called "afs-up" on Ubuntu). The program fails with: "Can't find xyz.iso". I tried building your code from git://git.openafs.org/openafs.git, and got the same results. Looking thru the code it seems lstat() returns -1 and exits. I tried adding a perror and got the following answer: "Value too large for defined data type". --- a/src/venus/up.c +++ b/src/venus/up.c @@ -207,6 +207,7 @@ Copy(char *file1, char *file2, short recursive, int level) code = lstat(file1, &s1); if (code < 0) { + perror("perror"); fprintf(stderr, "Can't find %s\n", file1); return 1; } The solution to this was to configure openafs with ./configure CC="gcc -D_FILE_OFFSET_BITS=64". Is this the desired behaviour and the proper solution to make it possible to transfer large files with "up"? Christian Biamont ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Re: Mixing 1.4 and 1.6 fileservers
Note you should not mix 1.4 and 1.6 dbservers. Christian On 24.09.2012 19:15, Andrew Deason wrote: On Thu, 20 Sep 2012 09:44:18 +0200 "joerg.b...@gmx.net" wrote: i want to add a second fileserver to my afs-cell - should i expect any problems when mixing 1.4 (1.4.11+dfsg-1, debian) and 1.6 (1.6.⁻1~bpo50 +1, debian) versions of the fileserver No. You can mix any fileserver versions in a cell, and any client version can use any fileserver version, etc etc. If the servers are running database server processes (vlserver, ptserver, etc) then mixing versions is not supported, but should still work with those versions. I think that 1.4 version is a little old, so it may have some known issues (including security issues, assuming they're not fixed in the debian patches for that), but nothing caused by mixing with a 1.6 fileserver. (second needed cause i have to use kernel 3.2 ...)? A fileserver should not need any particular kernel version or anything. If you want an AFS client on the same machine, though, then sure, that makes sense. ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Windows client install options
All, let me re-phrase my question. I've read the MSI deployment guide. What I'd like to have is a bunch of MSIs that people can install, they should not get any questions, it should remove all previous configuration files, install the newest version with the changes contained in a transform, and be done. Alternatively, it could be a batch file with a bunch of calls to msiexec. Ultimately, I would like to run this from something like WPKG. I have often noticed that instructing users to simply install the newest version would not help. I had to first manually uninstall, remove all the registry keys and folders related to openafs and kerberos, then re-install. One example is that on the systems I have seen, if global settings for integrated login exist prior to an upgrade, whatever I choose during installation will not be honored, and the old settings will remain. The closest I have gotten (on Win7 x64) is this batch file (and I still need to manually uninstall openafs and kerberos before I run it): echo "Please make sure you have uninstalled all openafs and kerberos packages before proceeding!" regedit.exe /s %~dp0\remove_openafs_kerberos.reg del /s "%PROGRAMFILES%\Openafs" del /s "%PROGRAMFILES%\MIT\Kerberos" del /s "%PROGRAMFILES(X86)%\Openafs" del /s "%PROGRAMFILES(X86)%\MIT\Kerberos" del "%WINDIR%\krb5.ini" msiexec /qn+ /i %~dp0\Heimdal-AMD64-full-1-5-100-930.msi msiexec /qn+ /i %~dp0\netidmgr-AMD64-rel-2_0_102_907.msi msiexec /qn+ /i %~dp0\openafs-en_US-64bit-1-7-1500.msi TRANSFORMS=%~dp0\openafs-tf.mst msiexec /qn+ /i %~dp0\openafs-32bit-tools-en_US-1-7-1500.msi cp %~dp0\krb5.ini C:\ProgramData\Kerberos\krb5.conf pause What is the best way to do something like this automatically? Thanks, Christian On 23.05.2012 11:48, Lars Schimmer wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 2012-05-23 10:41, Christian wrote: All, we have a bunch of machines with old versions of the windows client left over in ill-defined states (old CellServDBs, old krb5.ini, old registry keys, Loopback adapter installed,...). We currently do not have anything like an Active Directory or other centralized deployment solution. It would be great if we had a batch file on a CD or on the network or something like that, and with one double-click it would wipe out all previous configuration items, remove the loopback adapter, re-install kerberos and openafs, set the cell name and copy the krb5.ini, and possibly enable integrated logon. Does anybody have something like this available or something close which could be modified? Sorry, nothing really helpful, but we just did a "remove OpenAFS 1.6.x" and a "install Openafs 1.7.x" on our machines and it did worked. Even with loopback device still in place and network ID manager not updated. CellServDB is updated with new OpenAFS version. For the autmated installation of OpenAFS 1.7.x with personal changes you need to have "transforms" for the .msi pacakge. You can write your own or make a contract with your-filesystem.com. Thanks, Christian MfG, Lars Schimmer - -- - - TU Graz, Institut für ComputerGraphik & WissensVisualisierung Tel: +43 316 873-5405 E-Mail: l.schim...@cgv.tugraz.at Fax: +43 316 873-5402 PGP-Key-ID: 0x4A9B1723 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk+8soYACgkQmWhuE0qbFyOvlgCfQAvmJxbmJiL2pgsIzctuyEKs Nd0An1qLVo9k0Jx4SkQx/Wlu+WxmvuxP =d7tZ -END PGP SIGNATURE- ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
[OpenAFS] Windows client install options
All, we have a bunch of machines with old versions of the windows client left over in ill-defined states (old CellServDBs, old krb5.ini, old registry keys, Loopback adapter installed,...). We currently do not have anything like an Active Directory or other centralized deployment solution. It would be great if we had a batch file on a CD or on the network or something like that, and with one double-click it would wipe out all previous configuration items, remove the loopback adapter, re-install kerberos and openafs, set the cell name and copy the krb5.ini, and possibly enable integrated logon. Does anybody have something like this available or something close which could be modified? Thanks, Christian ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] weird access denied issues with windows client
Jeffrey, hm. In all cases observed so far, we have been able to eliminate this issue by installing the latest version of the windows client and by doing a "fs flushall". I'll let you know whether it reappears on those machines. Thanks, Christian On 18.05.2012 14:55, Jeffrey Altman wrote: The lack of event log messages is good in that it indicates that the afsd_service is not experiencing communication issues with your file servers and volumes are not inaccessible. The troubleshooting section of the Release Notes which are installed on each OpenAFS client machine provides hints on how to use the "fs trace" commands and SysInternals Process Monitor to collect information about what operations OpenAFS client is performing and what the result for each operation is. "fs trace" provides the view from the afsd_service.exe and Process Monitor provides the view from the application. (Start Menu->Programs->OpenAFS->Documentation->Release Notes) On Friday, May 18, 2012 2:26:01 AM, Christian wrote: I can see these three: OpenAFS Start Pending. Version OpenAFS_1.7.1300. OpenAFS Running. RDR interface Security Level is Crypt. All at system startup. Nothing else. BTW, the machine is configured to use freelance and use DNS to look for dbservers. Thanks, Christian On 18.05.2012 07:25, Jeffrey Altman wrote: Are there any "AFS Client" messages in the Windows Application Event Log? On Thursday, May 17, 2012 7:13:26 PM, Christian wrote: All, we are seeing some weird "access denied" issues with windows clients in our cell (iqo.uni-hannover.de). One example is openafs 1.7.13 64 bit. I have tokens, can access certain volumes using explorer, but others give me "permission denied", although I can access them under linux. Sometimes, I can access volumes under the RW tree, but not under the RO tree. This is always different from machine to machine. It does not only concern our cell, but also browsing other cells from our machines (e. g. desy.de). What could be wrong here? How can I best help debug this? Best, Christian ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] weird access denied issues with windows client
I can see these three: OpenAFS Start Pending. Version OpenAFS_1.7.1300. OpenAFS Running. RDR interface Security Level is Crypt. All at system startup. Nothing else. BTW, the machine is configured to use freelance and use DNS to look for dbservers. Thanks, Christian On 18.05.2012 07:25, Jeffrey Altman wrote: Are there any "AFS Client" messages in the Windows Application Event Log? On Thursday, May 17, 2012 7:13:26 PM, Christian wrote: All, we are seeing some weird "access denied" issues with windows clients in our cell (iqo.uni-hannover.de). One example is openafs 1.7.13 64 bit. I have tokens, can access certain volumes using explorer, but others give me "permission denied", although I can access them under linux. Sometimes, I can access volumes under the RW tree, but not under the RO tree. This is always different from machine to machine. It does not only concern our cell, but also browsing other cells from our machines (e. g. desy.de). What could be wrong here? How can I best help debug this? Best, Christian ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
[OpenAFS] weird access denied issues with windows client
All, we are seeing some weird "access denied" issues with windows clients in our cell (iqo.uni-hannover.de). One example is openafs 1.7.13 64 bit. I have tokens, can access certain volumes using explorer, but others give me "permission denied", although I can access them under linux. Sometimes, I can access volumes under the RW tree, but not under the RO tree. This is always different from machine to machine. It does not only concern our cell, but also browsing other cells from our machines (e. g. desy.de). What could be wrong here? How can I best help debug this? Best, Christian ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] mixing AFS versions for db servers?
Thanks, Jeffrey. With 1.4.12 being the latest version on debian stable, can I mix 1.4.12 and 1.4.7? Thanks, Christian Am 22.10.2011 02:18, schrieb Jeffrey Altman: Database servers all must be the same version. You can run 1.4.7 database servers on the 1.6.x fileserver machine but all of the database servers must match. Mixed versions are not supported. On 10/21/2011 7:05 PM, Christian wrote: All, we have a db server machine running 1.4.7 that seems to be having issues with hardware. I have another machine running 1.6.x as a fileserver. Can I promote that machine to be our second db server even if version numbers don't match? That would allow me to temporarily withdraw the first machine and do software and hardware maintenance. Fortunately, the new machine has a higher IP address, and the dbservers are distributed via DNS. Adding more db servers is something we had wanted to do for a long time... I remember this question came up before, but I can't find it in the archive, sorry. The only reference I find is https://lists.openafs.org/pipermail/openafs-devel/2005-March/011717.html which is admittedly rather old. Thanks, Christian ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
[OpenAFS] mixing AFS versions for db servers?
All, we have a db server machine running 1.4.7 that seems to be having issues with hardware. I have another machine running 1.6.x as a fileserver. Can I promote that machine to be our second db server even if version numbers don't match? That would allow me to temporarily withdraw the first machine and do software and hardware maintenance. Fortunately, the new machine has a higher IP address, and the dbservers are distributed via DNS. Adding more db servers is something we had wanted to do for a long time... I remember this question came up before, but I can't find it in the archive, sorry. The only reference I find is https://lists.openafs.org/pipermail/openafs-devel/2005-March/011717.html which is admittedly rather old. Thanks, Christian ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Fwd: [OpenAFS] Re: Problem with AFS Client on Windows Vista x64
I apparently dropped off list, my bad. Posting to make it appear in the archives for future help. Anyhow, I managed to solve it by installing KfW for 64-bit (http://www.secure-endpoints.com/#kfw). Thanks! -- Forwarded message -- From: Christian Svensson <[EMAIL PROTECTED]> Date: Dec 9, 2007 11:12 AM Subject: Re: [OpenAFS] Re: Problem with AFS Client on Windows Vista x64 On 12/9/07, Jeffrey Altman <[EMAIL PROTECTED]> wrote: > 64-bit OpenAFS for Windows requires 64-bit KFW. I can't seem to find KfW for 64-bit - MIT only provides links to 32 bit as far as I can see. > 32-bit OpenAFS Tools for Windows requires 32-bit KFW. I have 32-bit OpenAFS tool installed. I thought that the tools would act as a "bridge" between the 64-bit AFS and the 32-bit KfW - if that is not the case, what function does the Tools provide then? > CellServDB for 64-bit is in \Program Files\OpenAFS\Client That's the one I changed > CellServDB for 32-bit is in \Program Files (x86)\OpenAFS\Client No such file exists. On 12/9/07, Jeffrey Altman <[EMAIL PROTECTED]> wrote: > > But is "cmd.nu" the workstation cell? As far as I can tell yes. The server is configured for that and the "Cell name" says cmd.nu. > Freelance is the default. OK - I suppose I will leave it there then > No configuration data for your realm in krb5.ini Listing C:\Windows\krb5.ini: [domain_realm] .cmd.nu = "CMD.NU" cmd.nu = "CMD.NU" [libdefaults] default_realm = "CMD.NU" forwardable = "true" [realms] CMD.NU = { admin_server = "thunder.cmd.nu" kdc = "thunder.cmd.nu" master_kdc = "thunder.cmd.nu" } > Send crash data to Microsoft. Perhaps they will fix it in SP1. Let's hope so -- Christian Svensson Command Systems -- Christian Svensson Command Systems ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
[OpenAFS] Re: Problem with AFS Client on Windows Vista x64
Hello again. I continued my hunt for the problem and one of the things that seemed to change stuff is: 1. I removed all cells but cmd.nu 2. Then it wouldn't start up again - just saying "can't find root cell in afsdcell.ini" in the event log.* 3. I changed FreelanceClient from 0 to 1 since the XP client had it that way - then it starts. 4. Now when I try with getting tokens I get this error: "Error: -1 (specified realm is unknown)" KfW did not change its behaviour. * By the way, MMC crashes if I try to read any AFS errors. I have to export them to XML On 12/8/07, Christian Svensson <[EMAIL PROTECTED]> wrote: > Hello! > > I've spent the day reading about and installing OpenAFS - it's quite > neat. I have a problem though: when I try to obtain my token using the > "Obtain new tokens.." button and filling in the fields I'm presented > with a error saying: > > "The AFS client was unable to obtain tokens as bluecommand in cell cmd.nu. > Error: 20 (unknown authentication error 20)" > > I'm using Windows Vista Ultimate 64-bit, AFS Client 1.5.27 and KfW > 3.2.2. KfW 3.2.2 works with PuTTY and others and it has the AFS plugin > loaded and everything. AFS was installed after KfW / PuTTY. > > When I try to renew / obtain my credentials in KfW I'm greeted with the error: > "Could not locate configuration information for cell cmd.nu. > The error code returned was -1." > > Both errors appear seemingly instant which makes me suspect it's a > local configuration error and not a server response triggering the > message. > > Greetings! > > P.S. I have verified that the AFS server works by using the AFS client > under Windows XP x32 > D.S > > -- > Christian Svensson > Command Systems > -- Christian Svensson Command Systems ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
[OpenAFS] Problem with AFS Client on Windows Vista x64
Hello! I've spent the day reading about and installing OpenAFS - it's quite neat. I have a problem though: when I try to obtain my token using the "Obtain new tokens.." button and filling in the fields I'm presented with a error saying: "The AFS client was unable to obtain tokens as bluecommand in cell cmd.nu. Error: 20 (unknown authentication error 20)" I'm using Windows Vista Ultimate 64-bit, AFS Client 1.5.27 and KfW 3.2.2. KfW 3.2.2 works with PuTTY and others and it has the AFS plugin loaded and everything. AFS was installed after KfW / PuTTY. When I try to renew / obtain my credentials in KfW I'm greeted with the error: "Could not locate configuration information for cell cmd.nu. The error code returned was -1." Both errors appear seemingly instant which makes me suspect it's a local configuration error and not a server response triggering the message. Greetings! P.S. I have verified that the AFS server works by using the AFS client under Windows XP x32 D.S -- Christian Svensson Command Systems ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] WinSCP onto debian server/openafs storage errors...
Maybe use Samba for the windows boxes, should be a little bit faster than scp. Are there any reason why you can't install the openafs client? Another idea would be to just copy the files in a "normal" directory on the server and run the copy into afs in a batch mode. Thus wrote Lars Schimmer ([EMAIL PROTECTED]) [07.05.15 13:30]: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Hi! > > We´ve got some win2003 servers which should NOT be equipped with OpenAFS > client. > - From this server some files (100MB-15GB size) should be saved in OpenAFS. > Right now we tried to SCP the files via winscp script from the server > into a debian sarge server with openafs 1.4.2-6 on afs-space. > (yes, special user with home in OpenAFS and 100GB quota and token via > ssh login/scp). > > This method works sometimes, sometimes not. The connections breaks down > nearly everytime while transferring bigger files. For our luck winscp > uses append... > If we copy the files to a local home on the debian server, no errors > appeared. > > Has anyone seen something like that? > Any other tip for us to copy that files into afs (without installing a > afs client)? > > > MfG, > Lars Schimmer > - -- > - - > TU Graz, Institut für ComputerGraphik & WissensVisualisierung > Tel: +43 316 873-5405 E-Mail: [EMAIL PROTECTED] > Fax: +43 316 873-5402 PGP-Key-ID: 0x4A9B1723 > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.5 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFGSZiQmWhuE0qbFyMRAu9OAJ91YqmHsGHPeTVtxNUGQeL5wkSLQACgitAS > llM2VY//JSGroboB2cwepgI= > =sTZl > -END PGP SIGNATURE- > ___ > OpenAFS-info mailing list > OpenAFS-info@openafs.org > https://lists.openafs.org/mailman/listinfo/openafs-info > -- --- Christian Kuka [EMAIL PROTECTED] signature.asc Description: Digital signature
Re: [OpenAFS] Protection database already exists
maybe try to add the user without the perl script, :bos adduser fileserver..com matt.admin -noauth or replace line 205 with something that removes the database if it exists Thus wrote Matt Chipman ([EMAIL PROTECTED]) [07.05.15 09:20]: > Hi, > > I am really struggling with this error below. Using Debian etch > (stable) and openafs debs. Have setup the server and associated apps > according to the readme.servers in the doc directory also followed the > install transcript in the same. > > I have install the test server 3 times and am getting the same error > each time. Deleting the database does not remove the error and just > recreates the database files while returning the same error. > > what am I missing? > > thanks > > -Matt > > afs-newcell > > Do you meet these requirements? [y/n] y > If the fileserver is not running, this may hang for 30 seconds. > /etc/init.d/openafs-fileserver stop > Stopping AFS Server: bosserver. > What administrative principal should be used? matt/admin > > /etc/openafs/server/CellServDB already exists, renaming to .old > /etc/init.d/openafs-fileserver start > Starting AFS Server: bosserver. > bos adduser fileserver.x.com matt.admin -localauth > ERROR: Protection database already exists; cell already partially > ERROR: created. If you do not want the current database, remove > ERROR: all files in /var/lib/openafs/db and then run this program > ERROR: again. > > Cell setup failed, ABORTING > bos removeuser fileserver.x.com matt.admin -localauth > > ___ > OpenAFS-info mailing list > OpenAFS-info@openafs.org > https://lists.openafs.org/mailman/listinfo/openafs-info > -- --- Christian Kuka [EMAIL PROTECTED] signature.asc Description: Digital signature
[OpenAFS] MSI customization question
Hello list, I am trying to customize the MSI for our local setup. In particular, I am trying to customize the CellServDB. I have gone through the release notes, installed ORCA.EXE, opened a copy of the original MSI in ORCA and followed the steps outlined in the release notes. Now this is my first contact with Windows Installer related issues, and I cannot really understand how in the end I will put the actual new CellServDB into the modified MSI. This must be a really dumb question; sorry. It must somehow have to do with the Media table. Maybe someone on this list can give me a hint. Thank you very much, Christian ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] AFS and Apache Virtual Directory
> Does anybody have any experience with using an AFS directory as a > virtual directory of an Apache server running on Linux? If yes, could > you give me some pointers on making this work? Just for the sake of > trying, I created a symlink inside the /var/www/html directory that > points to the AFS directory. I can browse the directory fine as a root > or any other user, but Apache refuses to recognize it. It has to do > with authentication I believe, but not sure on how to tackle this > problem. FollowSymLinks ? Regards, Christian ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] ByteRangeLocking in 1.4RC2
Jeffrey Altman wrote: Christian Fischer wrote: Jeffrey Altman wrote: What does afsd_init.log report? here the log.. 8/31/2005 2:37:58 PM: cm_GetRootCellName code 0, cm_freelanceEnabled= 1, rcn= ethz.ch 8/31/2005 2:37:58 PM: Mountpoint[0] = abled= 1, rcn= ethz.ch #abled= 1, rcn= ethz.ch :root.cell. 8/31/2005 2:37:58 PM: error occurred while parsing mountpoint entry [0]: non-printable character 8/31/2005 2:37:58 PM: error occurred while parsing mountpoint entry [0]: non-printable character 8/31/2005 2:37:58 PM: Mountpoint[1] = .abled= 1, rcn= ethz.ch %abled= 1, rcn= ethz.ch :root.cell. 8/31/2005 2:37:58 PM: error occurred while parsing mountpoint entry [1]: non-printable character 8/31/2005 2:37:58 PM: error occurred while parsing mountpoint entry [1]: non-printable character 8/31/2005 2:37:58 PM: Mountpoint[2] = ethz.ch#ethz.ch:root.cell. This looks like you had 1.3.75 or 1.3.76 installed. These releases generated garbage in the registry for the Freelance root.afs entries. You will need to edit the registry to remove the mount point and symlink entries and then restart. [HKLM\SOFTWARE\OpenAFS\Client\Freelance] I got it runing, after I open a doc file in word as a second user, it locks the file for both of us. suggestions? cheers ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] ByteRangeLocking in 1.4RC2
Jeffrey Altman wrote: What does afsd_init.log report? here the log.. 11:54:33 AM: Create log file 11:54:33 AM: Created log file PATH=C:\Perl\bin\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\OpenAFS\Common;C:\Program Files\OpenAFS\Client\Program 8/30/2005 11:54:33 AM: running on 2000+ - using RegisterServiceCtrlHandlerEx 8/30/2005 11:54:34 AM: osi_InitDebug code 0 8/30/2005 11:54:34 AM: gethostname isg70-234-vm 8/30/2005 11:54:34 AM: Event Log Tracing = 0 8/30/2005 11:54:34 AM: Default trace buffer size 5000 8/30/2005 11:54:34 AM: osi_LogCreate log addr 363f98 8/30/2005 11:54:34 AM: Default cache size 20480 8/30/2005 11:54:34 AM: Default chunk size 17 8/30/2005 11:54:34 AM: Defaulting to 2 background daemons 8/30/2005 11:54:34 AM: Defaulting to 25 server threads 8/30/2005 11:54:34 AM: Default status cache size 1000 8/30/2005 11:54:34 AM: Logoff token transfer on by default 8/30/2005 11:54:34 AM: Logoff token transfer is currently ignored 8/30/2005 11:54:34 AM: Default logoff token transfer timeout 10 seconds 8/30/2005 11:54:34 AM: Default logoff token is currently ignored 8/30/2005 11:54:34 AM: Default root volume name root.afs 8/30/2005 11:54:34 AM: Mount root /afs 8/30/2005 11:54:34 AM: Default cache path C:\AFSCache 8/30/2005 11:54:34 AM: Cache type is FILE 8/30/2005 11:54:34 AM: Default sys name i386_nt40 8/30/2005 11:54:34 AM: SecurityLevel is crypt 8/30/2005 11:54:34 AM: DNS will be used to find AFS cell servers 8/30/2005 11:54:34 AM: Freelance client feature is activated 8/30/2005 11:54:34 AM: Dot files/dirs will be marked hidden 8/30/2005 11:54:34 AM: Maximum number of multiplexed sessions is 50 8/30/2005 11:54:34 AM: Maximum number of VCs per server is 100 8/30/2005 11:54:34 AM: SMB authentication type is EXTENDED 8/30/2005 11:54:34 AM: RX maximum MTU is 1260 8/30/2005 11:54:34 AM: ConnDeadTimeout is 60 8/30/2005 11:54:34 AM: HardDeadTimeout is 120 8/30/2005 11:54:34 AM: LAN adapter number 3 8/30/2005 11:54:34 AM: Using >AFS< as SMB server name 8/30/2005 11:54:34 AM: First Network address 818446ea SubnetMask ffc0 8/30/2005 11:54:34 AM: rx_SetMaxMTU 1260 successful 8/30/2005 11:54:34 AM: rx_Init code 0 8/30/2005 11:54:34 AM: rx_NewService addr e62778 8/30/2005 11:54:34 AM: RPC server listening 8/30/2005 11:54:34 AM: rx_NewService addr e95f18 8/30/2005 11:54:34 AM: rx_StartServer 8/30/2005 11:54:34 AM: cm_InitDCache code 0 8/30/2005 11:54:34 AM: cm_GetRootCellName code 0, cm_freelanceEnabled= 1, rcn= ethz.ch 8/30/2005 11:54:34 AM: cm_GetSCache code 0 scache eb2e28 8/30/2005 11:54:34 AM: cm_InitDaemon 8/30/2005 11:54:34 AM: smb_localNamep is >AFS< 8/30/2005 11:54:37 AM: Setting SMB server domain name to [ISG70-234-VM] 8/30/2005 11:54:37 AM: smb_Init 11:58:15 AM: Create log file 11:58:15 AM: Created log file PATH=C:\Perl\bin\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\OpenAFS\Common;C:\Program Files\OpenAFS\Client\Program 8/30/2005 11:58:15 AM: running on 2000+ - using RegisterServiceCtrlHandlerEx 8/30/2005 11:58:16 AM: osi_InitDebug code 0 8/30/2005 11:58:16 AM: gethostname isg70-234-vm 8/30/2005 11:58:16 AM: Event Log Tracing = 0 8/30/2005 11:58:16 AM: Default trace buffer size 5000 8/30/2005 11:58:16 AM: osi_LogCreate log addr 363f98 8/30/2005 11:58:16 AM: Default cache size 20480 8/30/2005 11:58:16 AM: Default chunk size 17 8/30/2005 11:58:16 AM: Defaulting to 2 background daemons 8/30/2005 11:58:16 AM: Defaulting to 25 server threads 8/30/2005 11:58:16 AM: Default status cache size 1000 8/30/2005 11:58:16 AM: Logoff token transfer on by default 8/30/2005 11:58:16 AM: Logoff token transfer is currently ignored 8/30/2005 11:58:16 AM: Default logoff token transfer timeout 10 seconds 8/30/2005 11:58:16 AM: Default logoff token is currently ignored 8/30/2005 11:58:16 AM: Default root volume name root.afs 8/30/2005 11:58:16 AM: Mount root /afs 8/30/2005 11:58:16 AM: Default cache path C:\AFSCache 8/30/2005 11:58:16 AM: Cache type is FILE 8/30/2005 11:58:16 AM: Default sys name i386_nt40 8/30/2005 11:58:16 AM: SecurityLevel is crypt 8/30/2005 11:58:16 AM: DNS will be used to find AFS cell servers 8/30/2005 11:58:16 AM: Freelance client feature is activated 8/30/2005 11:58:16 AM: Dot files/dirs will be marked hidden 8/30/2005 11:58:16 AM: Maximum number of multiplexed sessions is 50 8/30/2005 11:58:16 AM: Maximum number of VCs per server is 100 8/30/2005 11:58:16 AM: SMB authentication type is EXTENDED 8/30/2005 11:58:16 AM: RX maximum MTU is 1260 8/30/2005 11:58:16 AM: ConnDeadTimeout is 60 8/30/2005 11:58:16 AM: HardDeadTimeout is 120 8/30/2005 11:58:16 AM: LAN adapter number 3 8/30/2005 11:58:16 AM: Using >AFS< as SMB server name 8/30/2005 11:58:16 AM: First Network address 818446ea SubnetMask ffc0 8/30/2005 11:58:16 AM: rx_SetMaxMTU 1260 successful 8/30/2005 11:58:16 AM: rx_Init code 0 8/30/2005 11:58:16 AM: rx_NewService addr e62778 8/30/2005 11:58:16 AM: RPC server listening 8/30/2005 11:58:16 AM: rx_NewService addr e95f30 8/3
Re: [OpenAFS] ByteRangeLocking in 1.4RC2
Jeffrey Altman wrote: If you are not familiar with how to debug OpenAFS for Windows, please read afs-install-notes.txt I can run the afs service, when I disable the freelance-mode.. I will send further information (logs..) next week. cheers christian ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] ByteRangeLocking in 1.4RC2
Jeffrey, I can run the setup, but the service can't be started successfully.. I tried it on an xp sp1 machine.. suggestions? cheers Jeffrey Altman wrote: No. Byte range locking is not in the 1.4 release. Byte range locking exists on the CVS HEAD and will be released in a future 1.4 release once it is stable. Apparently the CVS HEAD version of the afs-changes file was published instead of the 1.4 version. The correct version is available at /afs/athena.mit.edu/user/j/a/jaltman/Public/OpenAFS/afs-changes-since-1.2.txt ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] LDAP and Krb5 and OpenAFS - problem?
Chris Huebsch <[EMAIL PROTECTED]> writes: > Hi, > > On Thu, 23 Jun 2005, Lars Schimmer wrote: > > > > Are there any errors to expect? E.G. passwords - while user can change there > > passwords on Krb5 the passwords are not changed in ldap - user with 2 > > passwd > > could login. I think I have to disable passwords via ldap. > > Don't use LDAP for password-checks. Leave the password-field empty. > You might want to set the password-field to "[EMAIL PROTECTED]". We use that setup so that users can authenticate against kerberos via LDAP & SASL to a web application server. It would be a non trivial task to kerberize the application. It was much easier to use secure the server and use the way over LDAP. For workstations though we disabled all but kerberos for authentification. Regards, Christian -- Dipl.-Ing. Christian Pfaffel-Janser <[EMAIL PROTECTED]> Technische Universität Graz Telefon: +43 / 316 / 873 - 81 90 Institut für Theoretische PhysikTelefax: +43 / 316 / 873 - 86 78 Petersgasse 16, A-8010 Graz http://itp.tugraz.at/~flash/pubkey.gpg ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
[OpenAFS] strange group limits with openafs-1.3.81
Here is something really weird: I have a system with 31 normal user accounts. The system is debian sarge with the 1.3.81 packages from experimental on kernel-image-2.6.8-2-686. In /etc/group, I usually add all of these users to the floppy, cdrom, video and audio group. I had some strange issues with cd burning as non-root users which seem to be related to the openafs kernel module. Here is what happens: When I add those 31 users _only_ to the audio and cdrom group, the following thing will work just fine: weissmies:~# cat /tmp/testsh #!/bin/sh echo "Hello world!" weissmies:~# ls -l /tmp/testsh -rwxr-x--- 1 root cdrom 30 May 10 14:19 /tmp/testsh weissmies:~# ls -ln /tmp/testsh -rwxr-x--- 1 0 24 30 May 10 14:19 /tmp/testsh weissmies:~# /tmp/testsh Hello world! weissmies:~# logout Connection to weissmies closed. [EMAIL PROTECTED]:~$ id -G 277 34050 41333 24 29 [EMAIL PROTECTED]:~$ /tmp/testsh Hello world! So the executable belongs to the cdrom group and is suid root. User christia belongs to that group (numeric gid 24). The permissions are exactly those of the cdrecord binary on my system - this is how I originally noticed there was a problem. However, if I add those 31 users to one other group (say, the floppy group), running the small script will fail with [EMAIL PROTECTED]:~$ /tmp/testsh bash: /tmp/testsh: Permission denied If I do not load the openafs module at boot, I do not have these problems. Only after the modules is loaded and the user logs out and in again, I start seeing this issues. I also do not see this problem at all with the same packages and kernel-image-2.4.27-2-686. So I assume this has to do with the setgroups hook for PAGs in the 2.6 code. I also noticed that it does not seem to matter how many users I put into one of these groups. For the problem to occur, it is sufficient for that one user to be a member of more than two of those additional groups. Maybe somebody can comment... Best regards, Christian PS: In fact, the group entries come from ldap, but I have verified that the behaviour is exactly the same if I use local entries in /etc/group. ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Kerberos and AFS PAM modules
> I pulled down the source from Sourceforge and I'm not sure what made you > think that this was based on Cusack's module. As near as I can tell, it's > based on the Red Hat Kerberos v5 PAM module with nary a sign of Cusack's > module in sight. That's true. It's based on the Red Hat module. I was confused by the following: the libpam-heimdal package contained in debian/woody is the Cusack one. When you build the module from the sourceforge site (Balazs GAL) using the debian packaging tools, the package name is also libpam-heimdal :-( Sorry for the confusion. > Could you give me a bit more information on what lets you force credential > refreshing with the screensaver? What PAM configuration does this module > allow that lets you do that, and which wasn't available elsewhere? I got the hint from somebody else on this list: /etc/pam.d/kscreensaver: authsufficient pam_krb5afs.so ignore_root force_creds refresh_creds authrequiredpam_unix.so shadow try_first_pass ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Problem with pam on debian with 1.3.81 kernel 2.6.11
> Hm, maybe we should look at that one for Debian, since right now we have a > module with no active upstream. Do you know what has been changed since > Cusack's 1.0 release off-hand? (I'll go take a look later, but I'm > juggling several balls at once at the moment, and I'd love to hear a user > perspective on why that module is better than what's in Debian already.) I like it because it allows me to force credential refreshing with the screensaver and has both the afs and kerberors part in one module and because it worked :-). Fixing the compilation errors with heimdal turns out easier than expected. To build the current CVS of that module on woody, the build directory should contain the "tools" directory so that the automake version included in woody doesn't fail. For building on sarge, the acinclude.m4 file must be changed: diff -Nru pam_krb5.orig/acinclude.m4 pam_krb5/acinclude.m4 --- pam_krb5.orig/acinclude.m4 2003-08-12 10:52:18.083348400 +0200 +++ pam_krb5/acinclude.m4 2005-04-14 19:50:42.384158115 +0200 @@ -411,7 +411,7 @@ fi AC_MSG_CHECKING([which implementation of Kerberos we have]) -AC_TRY_LINK_FUNC(__heimdal_version,KRB5IMPL="heimdal",KRB5IMPL="mit") +AC_CHECK_DECL(heimdal_version,KRB5IMPL="heimdal",KRB5IMPL="mit",[#include ]) AC_MSG_RESULT([looks like $KRB5IMPL]) dnl if $ac_cv_krb5_libs was not set we defaulted to Heimdal libraries, This is because heimdal 0.6x doesn't seem to offer __heimdal_version() I'll submit a bug report to http://sourceforge.net/projects/pam-krb5/. Attached is a script to compile the current cvs with that patch and the tools directory created. Below some comments from the READMEs for that module. Can somebody else check if it compiles against MIT with these modifications? Christian - From README.heimdal: Heimdal port: = It's now able to get krb5 tgt, convert krb5 tgt to krb4 tgt (krb524), get afs tokens with krb5_afslog, optinal native kth-krb4 ticket grabing. New codes which are not in the main pam_krb5: - I wrote a new code which is usefull e.g at ssh with token forwarding. It try to use and convert the forwarded krb5 tgt to krb4 tgt and to afs tokens. (like pam_openafs_session) It can convert krb5 tgt to krb4 tgt (krb524) with Heimdal and with MIT Kerberos V. New refresh_creds option. See more in the README. It is now in beta status. Please, mail me if you can or can't use this port. Any feature request and bug report are welcome. Balazs Gal <[EMAIL PROTECTED]> Sat, 3 Aug 2002 - From README.Debian pam-krb5 for Debian -- The original pam_krb5 was portred to Heimdal by Balazs Gal -- Balazs GAL <[EMAIL PROTECTED]>, Thu, 6 Jun 2002 20:14:15 +0200 compile_pam-krb5_cvs Description: application/shellscript
Re: [OpenAFS] Problem with pam on debian with 1.3.81 kernel 2.6.11
> Christian Ospelkaus <[EMAIL PROTECTED]> writes: > > From http://sourceforge.net/projects/pam-krb5/ This used to be the > > recommended module for some time. Is it still??? > > There are a few different PAM modules for Kerberos v5, it appears. > libpam-krb5 in Debian isn't based on this one, but rather is based on a > different module by Frank Cusack, with various accumulated fixes over > time. It's built against MIT, though, which may not be what you want if > you have a Heimdal system. > > libpam-heimdal in Debian started out as the same source, but has diverged > over time and doesn't have some of the same fixes. I'm not sure if it has > fixes that libpam-krb5 doesn't have. The one on http://sourceforge.net/projects/pam-krb5/ is based on the Cusack one, claims to work for both Kerberos implementations (and did on Debian woody IIRC), though things may have become less straightforward from woody to sarge as you can see from my "compilation fixes"... ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Problem with pam on debian with 1.3.81 kernel 2.6.11
> Ok, after some more looking, I found, I don't have got the pam_krb5afs.so > pam module. > Only the pam_krb5 modules and pam_openafs_session.so. > > So, where did you got that pam_krb5afs.so modul? From http://sourceforge.net/projects/pam-krb5/ This used to be the recommended module for some time. Is it still??? I got it to compile by using (You might need to fulfill some build dependencies): cvs -d:pserver:[EMAIL PROTECTED]:/cvsroot/pam-krb5 login cvs -z3 -d:pserver:[EMAIL PROTECTED]:/cvsroot/pam-krb5 co \ -P pam_krb5 cd pam_krb5 mkdir tools ln -s /usr/share/libtool/ltmain.sh tools/ltmain.sh aclocal-1.7 automake-1.7 -a autoconf autoheader I build against Heimdal, which gets incorrectly detected by the configure script for the current heimdal version in sarge. You can hack the configure script to look like else echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 KRB5IMPL="mit" fi KRB5IMPL="heimdal" # <--- insert this!!! crude hack!!! around line 21188. Running debian/rules should then provide you with a packages in the parent directory which you can install using dpkg. Question: Am I doing something wrong or has building this module really become that difficult? Should the whole auto* stuff be fixed??? With the config I sent to you, credential refreshing with kscreensaver should work. Christian ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Problem with pam on debian with 1.3.81 kernel 2.6.11
> I setup pam conf on debian sarge like it was written here: > http://mailman.mit.edu/pipermail/kerberos/2004-October/006601.html > > And tried to login and get my tokens. > > I can login, but can't get any tickets. I hace to call kinit manually to > get a ticket and after that aklog to obtain a token. > Has anyone a working conf on debian sarge for me? With pam_krb5afs.so: /etc/pam.d/common-auth: auth sufficient pam_krb5afs.so auth required pam_unix.so use_first_pass /etc/pam.d/common-session: sessionoptional pam_krb5afs.so sessionrequired pam_unix.so /etc/pam.d/kscreensaver: authsufficient pam_krb5afs.so ignore_root force_creds refresh_creds authrequiredpam_unix.so shadow try_first_pass in /etc/krb5.conf: [] [appdefaults] pam = { ticket_lifetime = 86400 } Regards, Christian ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] XP embedded
> We have converted and use Microsoft Windows PE, instead of DOS to build our > Windows XP workstations. I have been interested in trying to install the > OpenAFS Windows client into PE. However there are a few difficulties that > are immediately apparent. First, there appears to be no SYSTEM registry, > so you can't install your own services. This makes sense because Microsoft > doesn't want PE to "get out" and become a small operating system of its > own. The second problem is installing OpenAFS. You can't use any > installer under Windows PE, everything would need to be hand > installed. And finally, there can be no "live" caches under PE, so the > AFSCache file is out. I haven't had time to look any further, but it > really would be cool to mount AFS under PE for network builds. Thanks for the info. I do not really see the link between running OpenAFS on Windows XP embedded and Windows PE. Maybe somebody can give me a hint... Christian Ospelkaus ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
[OpenAFS] XP embedded
Hello, can anybody on this list comment on whether or not the current windows client will run on XP embedded (R&S FSP spectrum analyzer) ? Best regards, Christian Ospelkaus ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Is /vicepa really mandatory on afs clients?
"Craig Cook" <[EMAIL PROTECTED]> writes: > In the IBM docs for creating a client it contains this: > > > Create a directory called /vicepxx for each AFS server partition you are > configuring (there must be at least one). Repeat the command for each > partition. > ># mkdir /vicepxx > > There is no need to to create /vicepxx on a client. /vicepxx is needed only on file servers. Christian -- Christian Pfaffel <[EMAIL PROTECTED]> Technische Universität Graz Telefon: +43 / 316 / 873 - 81 90 Institut für Theoretische PhysikTelefax: +43 / 316 / 873 - 86 78 Petersgasse 16, A-8010 Graz http://itp.tugraz.at/~flash/pubkey.gpg ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] AFS file locking doesn't work anymore with ms office xp
Jeffrey Altman wrote: If someone is willing to pay to have this work done I can try to make time to add this support to the AFS for Windows client. Jeffrey Altman how much?:-) -- Christian Fischer ETH Zürich IT Support Group D-AGRL Schmelzbergstr. 7 / LFV E31 CH-8092 Zürich ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] AFS file locking doesn't work anymore with ms office xp
Volker Lendecke wrote: > On Wed, Mar 16, 2005 at 03:02:36PM +, Chris Crowther wrote: > >> Would translating those into whole-file locks instead be a workable >>solution? > > > For Samba as an AFS front end I've got a patch that takes another route: Once > a > file is opened in any way (read or write), I flock the complete file. The > second opener gets the error message NT_STATUS_SHARING_VIOLATION. This is the > error code designed for the windows share modes (whole-file locks). I don't > think that it would be wise to map the windows-style byte range locks into > anything that the server sees, as this would very likely kill performance > completely. Unlike Unix apps Windows Apps do a hell lot of locking, and doing > that over the net would incur really big latency issues. unfortunately, AFS over Samba is not an option for us, since we do not want clear text passwords over the network. ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] AFS file locking doesn't work anymore with ms office xp
Chris Crowther wrote: > Neulinger, Nathan wrote: > >> MS Office does byte range locking - not full file locking. Byte range >> locks in afs are no-ops. They are completely ignored. >> >> > >Would translating those into whole-file locks instead be a workable > solution? > translating into whole-file would be for us THE solution ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] AFS file locking doesn't work anymore with ms office xp
Jeffrey Altman wrote: Christian Fischer wrote: no, as I wrote, we didn't notice when the change happened. (Only the users did :-( ). However, officially afs should support file locking doesn't it? What we can see, is that if the file is on a samba share, then MS-Office opens it only the first time read-write, then read-only. If the file is on afs, it is always opened read-write. Samba supports byte range locking. AFS does not. I am talking about whole file locking! -- Christian Fischer ETH Zürich IT Support Group D-AGRL Schmelzbergstr. 7 / LFV E31 CH-8092 Zürich ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] AFS file locking doesn't work anymore with ms office xp
Jeffrey Altman wrote: > > I do not believe there has been any change in behavior. Are you aware > of a version of AFS for Windows which does what you expect? no, as I wrote, we didn't notice when the change happened. (Only the users did :-( ). However, officially afs should support file locking doesn't it? What we can see, is that if the file is on a samba share, then MS-Office opens it only the first time read-write, then read-only. If the file is on afs, it is always opened read-write. ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
[OpenAFS] AFS file locking doesn't work anymore with ms office xp
hello, we use afs to share data for workgroups. Recently users complained, that the same file can be edited in MS-Word or MS-Excel by several persons without getting any notice. Unfortunately we didn't realize with which version the change happened (we are now using the Openafs client v. 1.3.7100 under windows xp sp1 and Openafs server 1.2.13 under Solaris) Any idea? many thanks in advance. Chris -- Christian Fischer ETH Zürich IT Support Group D-AGRL Schmelzbergstr. 7 / LFV E31 CH-8092 Zürich ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] where to put NetRestrict?
Am Montag, 17. Januar 2005 13:51 schrieb Hagbard Celine: > Thanks Frank and Christian, > > I thought too that /var/lib/openafs was the right guess, but seems > that the Horst suggestion to strace fileserver was wise. > > In fact, from the strace: > > open("/etc/openafs/server-local/NetRestrict", O_RDONLY) = -1 ENOENT (No > such fil e or directory) I just noticed I also have this location on my fileserver - I have symbolic links from: /etc/openafs/server-local/NetRestrict /var/lib/openafs/NetRestrict to: /etc/openafs/NetRestrict The behaviour somehow seems to have changed in the past in debian packages... Best regards, Christian ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] where to put NetRestrict?
/var/lib/openafs/NetRestrict Best regards, Christian > On Jan 17, 2005, at 12:23 PM, Hagbard Celine wrote: > > Hello, > > > > This may sound silly, but where's the correct location on Debian where > > to put the NetRestrict file? > > That's always a good question ... :-) > The best solution is stracing the fileserver. > > You'll see the attempt to open the file and that's how you know for > sure. > > Horst > > ___ > OpenAFS-info mailing list > OpenAFS-info@openafs.org > https://lists.openafs.org/mailman/listinfo/openafs-info ___ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] afsd: Can't mount AFS on /afs(22)
Ron Croonenberg <[EMAIL PROTECTED]> writes: > Hello all, > > I removed all rpm's from the "test" machine I have for OpenAFS. I was running > the 1.2.11 rpm's. I downloaded the 1.2.13 rpm's and installed them. > > when I start the service (using service afs start) I get : > > [EMAIL PROTECTED] etc]# service afs start > Found libafs-2.4.21-4.EL-i686.mp.o from SymTable... Loading... > Starting AFS services. > afsd: All AFS daemons started. > afsd: Can't mount AFS on /afs(22) > > any suggestions ? > > thanks, > > Ron > Hi Ron! We had a similar problem. The solution was, that on installation the configuration file ThisCell got overwritten with a wrong cell, because the installer (debian) wrongly assumed it to be tu-graz.ac.at instead of itp.tugraz.at and it overwrote the correct info. Hope this helps, Christian -- Christian Pfaffel <[EMAIL PROTECTED]> Technische Universität Graz Telefon: +43 / 316 / 873 - 81 90 Institut für Theoretische PhysikTelefax: +43 / 316 / 873 - 86 78 Petersgasse 16, A-8010 Graz http://itp.tugraz.at/~flash/pubkey.gpg ___ OpenAFS-info mailing list [EMAIL PROTECTED] https://lists.openafs.org/mailman/listinfo/openafs-info
[OpenAFS] Problem with afs_syscall
Hello everyone! I have got the following problem on a couple of more or less heavily loaded application servers all running OpenAFS version 1.2.11 on debian x86 woody. Once the AFS client has been running for some time, a machine tends to block for some time completely. This happens whenever someone executes a program using afs_syscall for converting a kerberos ticket to an AFS token. To clearify with an example, here is what i can reproduce with aklog. # kinit user # time strace -c aklog execve("/usr/bin/aklog", ["aklog"], [/* 45 vars */]) = 0 % time seconds usecs/call callserrors syscall -- --- --- - - 98.600.899662 449831 2 afs_syscall 0.690.0062961574 4 select 0.180.001617 208241 open 0.160.001446 9 168 read [..snip..] 0.000.07 4 2 time 0.000.07 7 1 getuid32 -- --- --- - - 100.000.912437 63150 total real0m0.941s user0m0.030s sys 0m0.900s Subsequent calls to aklog show a much quicker response, as expected. # time strace -c aklog execve("/usr/bin/aklog", ["aklog"], [/* 50 vars */]) = 0 % time seconds usecs/call callserrors syscall -- --- --- - - 32.610.001148 196135 open [..snip..] 0.680.24 24 1 afs_syscall [..snip..] 0.060.02 2 1 getuid32 -- --- --- - - 100.000.003520 39647 total real0m0.022s user0m0.010s sys 0m0.000s When the client is freshly restarted (including kernel module reloading) the output of kinit && aklog looks like # time strace -c aklog execve("/usr/bin/aklog", ["aklog"], [/* 50 vars */]) = 0 % time seconds usecs/call callserrors syscall -- --- --- - - 43.890.0055311383 4 select 14.690.001851 228645 open 11.400.001437 9 169 read [..snip..] 2.730.000344 172 2 afs_syscall 2.330.000294 649 close -- --- --- - - 100.000.012603 64059 total real0m0.043s user0m0.020s sys 0m0.030s Any comment would be well appreciated, regards, Christian -- Christian Pfaffel <[EMAIL PROTECTED]> Technische Universität Graz Telefon: +43 / 316 / 873 - 81 90 Institut für Theoretische PhysikTelefax: +43 / 316 / 873 - 86 78 Petersgasse 16, A-8010 Graz http://fubphpc.tu-graz.ac.at/~flash/pubkey.gpg ___ OpenAFS-info mailing list [EMAIL PROTECTED] https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Moving volume to server with existing RO replica
You might also find this thread interesting: https://lists.openafs.org/pipermail/openafs-info/2004-March/012559.html Best regards, Christian Ospelkaus ___ OpenAFS-info mailing list [EMAIL PROTECTED] https://lists.openafs.org/mailman/listinfo/openafs-info
[OpenAFS] NetRestrict
Hello, In my cell, all machines have both a public and a private address (actually, an alias address on the same physical interface) used for tunneling nis / nfs through ipsec. I would like to restrict afs to the public interfaces because the ipsec interfaces coming up and down seem to confuse the afs client occasionally. I am using Debian/unstable with OpenAFS 1.2.11. Here is what I do: dick:~# locate NetRestrict /etc/openafs/NetRestrict /etc/openafs/server-local/NetRestrict /usr/afs/local/NetRestrict dick:~# cat `locate NetRestrict` 192.168.107.176 192.168.107.176 192.168.107.176 dick:~# vos lista vsu_ClientInit: Could not get afs tokens, running unauthenticated. tell-sec.physnet.uni-hamburg.de tell.physnet.uni-hamburg.de dick-sec.physnet.uni-hamburg.de dick.physnet.uni-hamburg.de dick:~# fs getclienta 134.100.107.176 (*-sec refers to the private interface). So the client seems to use only the public address as expected, but the server doesn't. What's going wrong here? Thanks for any help, Christian Ospelkaus ___ OpenAFS-info mailing list [EMAIL PROTECTED] https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] PAM-AFS isn't working with openssh-3.7.1p1 (sun4x_58)
John Tang Boyland <[EMAIL PROTECTED]> writes: > ] Perchance did you do something like run sshd in one of your existing PAGs? > > Yes, that would explain that behavior. > So I have rebooted the machine so sshd starts outside of a PAG. > > But I still have the basic problem that ssh apparently uses PAM enough that > it uses my AFS password to log me on, but doesn't get a PAG, or > retain the AFS keys: (Presumably the tokens were allocated for a new > PAG, but then the new PAG was lost. In my experience with CDE session > problems, this is caused by "incorrect" usage of PAM: the > authentication is done in a sub-process. Any change the openssh people > will be sympathetic to this problem?) This Is exactly what happens, they are using pthreads or fork. Christian -- Christian Pfaffel <[EMAIL PROTECTED]> Technische Universität Graz Telefon: +43 / 316 / 873 - 81 90 Institut für Theoretische PhysikTelefax: +43 / 316 / 873 - 86 78 Petersgasse 16, A-8010 Graz http://fubphpc.tu-graz.ac.at/~flash/pubkey.gpg ___ OpenAFS-info mailing list [EMAIL PROTECTED] https://lists.openafs.org/mailman/listinfo/openafs-info
[OpenAFS] OpenAFS client hangs on WinXP
Hi, I am trying to access an AFS server using OpenAFS 1.2.10 for Windows. I am using Windows XP Prof SP1. To be allowed to access our server, I have got to use a VPN tunnel, as my client is in an outside network. I am using a Cisco VPN Client 4.0.2 (B) and tried a split and a full tunnel connection. Obtaining the token and mapping some drives works OK, but when I try to access the drives from Explorer, the Explorer hangs. When I kill and restart the Explorer, the mapped drives appear under "My Computer", but when I access them, Explorer hangs again. The only hints I have are some Windows event log entries: | Warning: Pkt straddled session startup, took 76260 ms, ncb | length 96. | Warning: Pkt straddled session startup, took 42061 ms, ncb | length 86. | Warning: HardDeadTime exceeded. I apologize for the sparse information - I am pretty clueless about OpenAFS and don't know what to look for. Thanks, Christian ___ OpenAFS-info mailing list [EMAIL PROTECTED] https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] some simple openafs questions
> Starting from heimdal-0.6 you no longer need kth-krb (v4 support) to get > afs tokens > if you use a reasonably recent version of openafs. Oh, good news. Debian ships 0.4e in the stable distribution... Best regards, Christian ___ OpenAFS-info mailing list [EMAIL PROTECTED] https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] some simple openafs questions
> No, this is not my intention. I will have my own cell. If I was to join > the university cell (probably not an option), would setting up kerberos > not be necessary? Not a KDC. > > Otherwise, you could start setting up your own cell. This will however > > involve setting up a Kerberos KDC; KV is indeed preferred - you can use > > Heimdal or MIT. Both are nicely packaged for Debian. Heimdal has the > > advantage that it can also provide support for V4 clients. > > I've taken a look at Hartman's configuration-transcript.txt. It says > > * > By default, Kerberos4 requests are allowed from principals that do not > require preauthentication. This allows Kerberos4 services to exist while > requiring most users to use Kerberos5 clients to get their initial > tickets. These tickets can then be converted to Kerberos4 tickets. > Alternatively, the mode can be set to full, allowing Kerberos4 to get > initial tickets even when preauthentication would normally be required, or > to disable, which will disable all Kerberos4 support. > > d. disable f. full n. nopreauth > > What Kerberos4 compatibility mode should be used? [n] > * > > This configuration corresponds to MIT Kerberos. I'm not sure what this > means, but it seems to imply that krb4 client support does work in some > fashion. I'm also not sure what preauthentication means. Should I set > this to full or nopreauth? I think the default is OK. > I do want klog to continue working with my server. > > In any case, is there any other reason to prefer one implementation - > Heimdal vs MIT - versus the other? If you compile applications with Kerberos support yourself, this may be easier with the MIT version. You need to distinguish between the KDC and the client programs. As far as I know, a Heimdal KDC has the advantage that it can also provide you with Kerberos 4 backwards compatibility. On the client side, the Heimdal programs provide excellent AFS integration. For example, if I do a kinit, I get a V5 ticket, and it also transparently gets an afs token. With MIT, you need to do a kinit to get a V5 ticket, and then aklog from the openafs-krb5 package to obtain a token. I use a configuration with a Heimdal KDC, the Heimdal client programs, the libpam-krb5 PAM module (compiled against MIT libraries) for Kerberos authentication at login and the libpam-openafs-session module for token grabbing at login. Note that in order to make it all work that way, heimdal needs to be compiled with AFS and kth-krb4 (which is the case with the Debian packages). > I take it this kaserver is a KRB 4 implementation? Is it part of openafs? > I can't see anything that looks like this in the openafs packages. It is Kerberos 4. I can't find it in the packages either. But it is part of the sources of openafs. > Isn't this one for kaserver, though? Yes, and it is not installed on my box. I just also pasted the lines starting with "un" from the output of dpkg -l openafs* > > openafs-ptutil > > This one doesn't seem to exist any longer. See above. Best regards, Christian ___ OpenAFS-info mailing list [EMAIL PROTECTED] https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Distributing passwd
> Yes, you used krb for auth, but do you prevent regular and passwordless > auth from working? +:*:0:0::: in /etc/passwd (or similar for shadow-like configuration) should be enough? Christian ___ OpenAFS-info mailing list [EMAIL PROTECTED] https://lists.openafs.org/mailman/listinfo/openafs-info
[OpenAFS] ticket lifetime
Hello everybody, thanks to Sam Hartman's debian packages, I got started really quickly. I have openafs-1.2.8 running on one server and one client with a MIT krb5 kdc. I have managed to increase the ticket lifetime by increasing the maxlife of the user principals, of krbtgt/... and of the afs entry. Additionally, I have changed the max_life in kdc.conf to 24 hours. If I do a kinit -l 24h I get tickets with 24h lifetime, so this works. However, if I just do kinit or get a ticket through the pam module, I still get 10h ticket lifetime. How can I set the default lifetime? I have been playing with various settings in krb5.conf without much success... Thanks for your help, Christian Ospelkaus ___ OpenAFS-info mailing list [EMAIL PROTECTED] https://lists.openafs.org/mailman/listinfo/openafs-info
[OpenAFS] Re: Kerberos V and xscreensaver/xlock
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Charles Clancy <[EMAIL PROTECTED]> writes: > On 28 Oct 2002, Christian Pfaffel wrote: > > > > Is there a way to configure a standard xscreensaver/xlock to > > renew/replace the kerberos V ticket and obtain a newer AFS token, so > > that I will always have a valid token to access my AFS homespace. > > Just use pam_krb5 for authentication; that should get you a new TGT. > > Then, pam_openafs-session should be able to get you a new token. You need > to have pam_openafs-session NOT get a new PAG for you, otherwise that new > token will die with xscreensaver. I'm not sure if there's an option to do > that or not. If not, it should be added. > I do not even get the TGT if I authenticate to xlock | xscreensaver. I have the following lines in my /etc/pam.d/system-auth: ... authsufficient/lib/security/pam_krb5afs.so debug tokens forwardable use_first_pass ... session optional /lib/security/pam_openafs_session.so ... I tried it with pam_krb5.so as well: authsufficient/lib/security/pam_krb5.so debug forwardable use_first_pass It never does renew my TGT. klist befor and after xlock show the same expiration times for it. :-( Christian - -- PGP-Key: http://fubphpc.tu-graz.ac.at/~flash/pubkey.gpg -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Processed by Mailcrypt 3.5.7 <http://mailcrypt.sourceforge.net/> iD8DBQE9vmvtzNp7/ndBhMQRAkT2AJ4jdhJJpFbKcSeiSo0rlmXJKOV/PgCbB/os BG4g67cPe+Abk0GOyjbyBZY= =W2pN -END PGP SIGNATURE- ___ OpenAFS-info mailing list [EMAIL PROTECTED] https://lists.openafs.org/mailman/listinfo/openafs-info
[OpenAFS] OpenAFS-devel] Windows client - memory leak
Scott, At CERN, for some openAFS end-users, we have the same behaviour as the one described in : https://lists.openafs.org/pipermail/openafs-devel/2002-May/002936.html Has the problem being identified, Is there any fix in preparation ? Cheers; Christian Boissat ___ OpenAFS-info mailing list [EMAIL PROTECTED] https://lists.openafs.org/mailman/listinfo/openafs-info
Re: [OpenAFS] Moving root.*.readonly from /vicepa to /vicepb
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 28 May 2002, Turbo Fredriksson wrote: > When I started testing AFS, I had only a very small disk to play with, > so all my volumes ended up on that little disk/partition. I later added > a 36Gb disk when I desided to go live with AFS. > > The /vicepa partition is formated as XFS, and the /vicepb as ext2... I've > moved all the root volumes to /vicepb so that i can 'reformat' the /vicepa > partition to ext2 as well. But the readonly volumes refuse to move... > > - s n i p - > [papadoc.pts/3]$ for vol in `vos listvol papadoc /vicepa | grep ^root | sed 's@ >.*@@'`; do echo "VOL: $vol"; vos move -id $vol -fromserver papadoc -frompartition >/vicepa -toserver papadoc -topartition /vicepb -encrypt; done > VOL: root.afs.readonly > Only RW volume can be moved > VOL: root.cell.readonly > Only RW volume can be moved > [papadoc.pts/3]$ vos listvol papadoc /vicepa > Total number of volumes on server papadoc partition /vicepa: 2 > root.afs.readonly 536870913 RO 36 K On-line > root.cell.readonly536870916 RO 5 K On-line > > Total volumes onLine 2 ; Total volumes offLine 0 ; Total busy 0 > - s n i p - > > How do I move the two remaining volumes? > You do not move a readonly volume. what you have to do is a # vos addsite papadoc vicepb root.afs # vos remsite papadoc vicepb root.afs same for root.cell regards, Christian - -- PGP-Key: http://fubphpc.tu-graz.ac.at/~flash/pubkey.gpg -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE884tPzNp7/ndBhMQRAoOMAJ4kzxws0jUPMlLcCKyo32QUpPRlXwCfQLG9 xm+cKTj6FuBbBNC8ob8oIhc= =OKkb -END PGP SIGNATURE- ___ OpenAFS-info mailing list [EMAIL PROTECTED] https://lists.openafs.org/mailman/listinfo/openafs-info
[OpenAFS] redhat7: unresolved symbol kernel_flag
Hi all! Openafs does not start on my redhat7 box (smp-kernel). Insmod outputs: "libafs-2.2.16-22.mp.o: unresolved symbol kernel_flag". When i grep my /proc/ksyms file i find "c01fe400 kernel_flag_R__ver_kernel_flag". Can someone help me? Thanks a lot! With best regards, Chris ___ OpenAFS-info mailing list [EMAIL PROTECTED] https://lists.openafs.org/mailman/listinfo.cgi/openafs-info