Jeffrey Altman <[EMAIL PROTECTED]> writes:
> What were you going to do with a private build that was hacked to
> set the Hard Dead Timeout value to 5 seconds instead of 120 seconds?
> Were you going to give it to the faculty member to install on her/his
> machine? In my opinion that would have be
Yes,
I read that in the docs..
So what provisions are needed to keep packets from being dropped..
Tedc
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Jeffrey Altman
Sent: Tuesday, February 14, 2006 6:51 PM
To: tedc
Cc: openafs-info@openafs.org
Subject
Adam Megacz wrote:
> Jeffrey Altman <[EMAIL PROTECTED]> writes:
>> Then you will want to upgrade to 1.4.1-rc7 when it is available.
>
> Ok, cool.
>
> BTW, regarding the whole hacking-it-versus-submitting-bugs, under
> normal circumstances, and wrt future issues, I totally agree with you.
> This w
ktadd changes the key.
>>> Dare I ask if there was a reason for this decision?
>> Keytabs are normally not supposed to be shared between multiple machines,
> Since you shouldn't really have multiple copies of the same keytab out
Okay, this makes sense.
- a
--
PGP/GPG: 5C9F F366 C9CF
Jeffrey Altman <[EMAIL PROTECTED]> writes:
> Then you will want to upgrade to 1.4.1-rc7 when it is available.
Ok, cool.
BTW, regarding the whole hacking-it-versus-submitting-bugs, under
normal circumstances, and wrt future issues, I totally agree with you.
This was an unusual situation that had
Jeffrey Altman <[EMAIL PROTECTED]> writes:
> However, if Adam would give us additional information
You make it sound like I'm hiding something from you! ;)
No seriously, the reason why I'm so desperate to hack this away with a
kludge is that this particular situation is a debugging nightmare. I
"Christopher D. Clausen" <[EMAIL PROTECTED]> writes:
>> From the perspective of the People Making The Decisions, this is a
>> problem with AFS, not a problem with Mac OS X. You know that's wrong,
>> I know that's wrong, but we cannot change it.
> You could simply revert to Mac OS 10.3. Or are y
tedc wrote:
> Well, if only one server needs this it would eliminate unnecessary
> traffic to the others.
the value determines how often a thread is kicked off. It is not
a per server or per cell value.
Jeffrey Altman
smime.p7s
Description: S/MIME Cryptographic Signature
Jeffrey Altman wrote:
ted creedon wrote:
The "probe interval" in the windows client GUI is set to 30 which may
explain the difference between the Llinux and Windows clients. However
network connections are still lost, so I'll reduce that.
The source code reads:
void Config_GetProbeIn
During the first week of December 2005 there was a discussion on this
mailing list regarding how Byte Range Locking backed by AFS File Locks
would be released in OpenAFS for Windows (and by proxy, AFS clients on
UNIX/Linux.)
Over the last couple of months the Elder's have considered the issues
rai
There is no released client for Tiger, so really end users should expect to
do some level of debugging when using "release candidate" software.
Aside from submitting bug reports I expect nothing from the average user.
rc7 tonight is actually hopefully what the final release will be.
___
Ken Hornstein <[EMAIL PROTECTED]> writes:
>> I set off to compile a newer release . . . alas the configure script
>> did not track the compiler location.
> I believe the reason it does that is that under Solaris, the kernel
> module needs to be compiled with the Sun compiler.
I don't think this
Christopher D. Clausen wrote:
> There is no released client for Tiger, so really end users should expect
> to do some level of debugging when using "release candidate" software.
Thank you for saying this. I can't agree with you more.
However, if Adam would give us additional information and in p
Adam Megacz wrote:
> It does seem to have something to do with disconnecting from the
> network and reconnecting (possibly with a new IP, elsewhere). That
> seems to precede more than half of the occurrences of this problem
> (these are laptops).
Then you will want to upgrade to 1.4.1-rc7 when i
Adam Megacz wrote:
> Jeffrey Altman <[EMAIL PROTECTED]> writes:
>> Are the servers not responding at all? If so, "fs checkservers"
>> should list them as being "down".
>
> They're definately up, but I'm not around when these problems happen,
> so I can't debug them. And it's not my place to tel
Adam Megacz <[EMAIL PROTECTED]> wrote:
Jeffrey Altman <[EMAIL PROTECTED]> writes:
If there are things you would like Apple to do in order to make AFS
work better on their operating system, find your campus Apple sales
representative and tell them. It is the only way that things will
get better.
Ken Hornstein <[EMAIL PROTECTED]> writes:
> - Using -fakestat or -fakestat-all as an option to afsd
Currently in use.
> - Using -dynroot,
Currently in use.
> using -afsdb
Currently in use.
> and distributing an empty CellServDB and to look up cell info.
Ok, but I don't think that this alon
>I set off to compile a newer release . . .
>alas the configure script did not track the
>compiler location.
I believe the reason it does that is that under Solaris, the kernel
module needs to be compiled with the Sun compiler.
--Ken
___
OpenAFS-info ma
> Are you running 64bit? I had the exact same issue
that the clever folks here
> fixed in 1.4.1rc?? (I'm running rc3 and it works wonderfully in 64bit
mode..)
I set off to compile a newer release . . .
alas the configure script did not track the
compiler location.
% CC=/usr/sfw/bin/gcc ./config
Jeffrey Altman <[EMAIL PROTECTED]> writes:
> Are the servers not responding at all? If so, "fs checkservers"
> should list them as being "down".
They're definately up, but I'm not around when these problems happen,
so I can't debug them. And it's not my place to tell faculty that
they must do
Juha Jäykkä <[EMAIL PROTECTED]> writes:
> Upserver/-client is wonderful, but it (of course!) suffers from chicken
> and egg problem: you need to distribute the KeyFile at least once
> without it since it cannot distribute the KeyFile without a
> KeyFile. From your comment I gather this is *not* tr
Ken Hornstein wrote:
Something has gone awry in my installation, but I'm
not sure where to look.
% ls -al /afs
/afs/.usgs.gov: No such device
/afs/usgs.gov: No such device
What does your messages file (I guess it's probably /var/adm/messages) say?
When I've seen this, there was some sort o
Hi all,
This is Ernie Prabhakar, the Open Source Product Manager at Apple.
I've just joined this list, but I have been following the thread, and
I want to affirm everything Jeffrey said:
a) We definitely want to help the AFS gatekeepers succeed, and talk
to them on a regular basis
b)
>I have informed Apple campus reps at UIUC that we needed OpenAFS to work
>before we (being one very small portion of UIUC) could deploy Tiger.
>They responded and said they were aware of the issues and are actively
>working on them. So its not that campus-level requests are being
>ignored.
I
Christopher D. Clausen wrote:
> Is there a particular reason it is defined at compile time and isn't
> configurable on the fly? (Other than no one having written it yet, of
> course.)
No one has written the code. The values are hard coded into the
daemon thread function.
> Would it be reasonab
Jeffrey Altman <[EMAIL PROTECTED]> wrote:
Notice I asked you to file the ADC bug report number in the openafs
RT. The OpenAFS gatekeepers are in contact with Apple on a regular
basis and we can make sure things are followed up. However, we
really need a broad base of users to tell Apple what the
Jeffrey Altman <[EMAIL PROTECTED]> wrote:
Christopher D. Clausen wrote:
Jeffrey Altman <[EMAIL PROTECTED]> wrote:
Added to what?
the fs checkserver command.
There is an fs checkserver -interval command to set the interval, but
there isn't one to print the current interval, which is weird b/c
On Tue, 14 Feb 2006, Jim Rees wrote:
I seem to remember a problem where the Mac Finder would not just stat every
directory, but open it and look for a .DS_Store file. Is that still true?
-fakestat-all is intended to deal with this.
___
OpenAFS-info
Are you running 64bit? I had the exact same issue that the clever folks here
fixed in 1.4.1rc?? (I'm running rc3 and it works wonderfully in 64bit mode..)
You can find details in the archives of the list, I don't remember them
offhand..
--Kris
Today at 12:32, David R Boldt <[EMAIL PROTECTE
Christopher D. Clausen wrote:
> Jeffrey Altman <[EMAIL PROTECTED]> wrote:
>> Added to what?
>
> the fs checkserver command.
>
> There is an fs checkserver -interval command to set the interval, but
> there isn't one to print the current interval, which is weird b/c fs
> checks -interval tells you
Derek Atkins <[EMAIL PROTECTED]> writes:
> Russ Allbery <[EMAIL PROTECTED]> writes:
>> Or use upserver/upclient, which is the way that you're "supposed" to
>> distribute a KeyFile between multiple AFS servers.
> That doesn't work for the initial KeyFile distribution, only for key
> changes.
True
Jeffrey Altman <[EMAIL PROTECTED]> wrote:
ted creedon wrote:
An additional switch added "-getinterval" to print the current
interval would be help.
Added to what?
the fs checkserver command.
There is an fs checkserver -interval command to set the interval, but
there isn't one to print the
Ken Hornstein wrote:
>> The gatekeepers have an open channel to Apple on AFS but we really
>> need issues to be filed via the Apple Sales staff. Other organizations
>> have gotten Apple's attention by refusing to order new equipment with
>> Tiger installed until an OpenAFS stable release is availa
Russ Allbery <[EMAIL PROTECTED]> writes:
> Derek Atkins <[EMAIL PROTECTED]> writes:
>
>> Correct, but you can always just scp (or sneakernet) the KeyFile
>> between your servers. Indeed, you could scp or sneakernet your
>> keytab, too.
>
> Or use upserver/upclient, which is the way that you're "s
ted creedon wrote:
> The "probe interval" in the windows client GUI is set to 30 which may
> explain the difference between the Llinux and Windows clients. However
> network connections are still lost, so I'll reduce that.
The source code reads:
void Config_GetProbeInt (ULONG *pcsecProbe)
{
>The gatekeepers have an open channel to Apple on AFS but we really
>need issues to be filed via the Apple Sales staff. Other organizations
>have gotten Apple's attention by refusing to order new equipment with
>Tiger installed until an OpenAFS stable release is available. I'm not
>suggesting yo
It's not well documented, but "fs checks -interval 0" will return the
current interval.
Also, I'm not sure this does what I thought it did. There is an interval
for down servers and a different one for up servers. It looks like this
sets the one for down servers, which probably won't help for NA
> >Something has gone awry in my installation,
but I'm
> >not sure where to look.
> >
> >% ls -al /afs
> >/afs/.usgs.gov: No such device
> >/afs/usgs.gov: No such device
>
> What does your messages file (I guess it's probably /var/adm/messages)
say?
> When I've seen this, there was some sort of e
Ken Hornstein wrote:
>> If there are things you would like Apple to do in order to make
>> AFS work better on their operating system, find your campus Apple
>> sales representative and tell them. It is the only way that things
>> will get better. Apple won't make changes in Tiger but if you tell
The "probe interval" in the windows client GUI is set to 30 which may
explain the difference between the Llinux and Windows clients. However
network connections are still lost, so I'll reduce that.
The windows probe interval needs to have the cell name added to the GUI...
An additional switch ad
Derek Atkins <[EMAIL PROTECTED]> writes:
> Correct, but you can always just scp (or sneakernet) the KeyFile
> between your servers. Indeed, you could scp or sneakernet your
> keytab, too.
Or use upserver/upclient, which is the way that you're "supposed" to
distribute a KeyFile between multiple A
>Something has gone awry in my installation, but I'm
>not sure where to look.
>
>% ls -al /afs
>/afs/.usgs.gov: No such device
>/afs/usgs.gov: No such device
What does your messages file (I guess it's probably /var/adm/messages) say?
When I've seen this, there was some sort of error in there.
--K
I seem to remember a problem where the Mac Finder would not just stat every
directory, but open it and look for a .DS_Store file. Is that still true?
I also remember there being some command you could run on the Mac that would
prevent the finder from creating .DS_Store files, but I don't know if
>If there are things you would like Apple to do in order to make
>AFS work better on their operating system, find your campus Apple
>sales representative and tell them. It is the only way that things
>will get better. Apple won't make changes in Tiger but if you tell
>them what you need they mig
Something has gone awry in my installation,
but I'm
not sure where to look.
% ls -al /afs
/afs/.usgs.gov: No such device
/afs/usgs.gov: No such device
% uname -a
SunOS vulcan2 5.10 Generic_118844-26 i86pc i386 i86pc
% fs getcacheparms
AFS using 2 of the cache's available 10 1K byte
blocks.
The keep-alive pings are sent from the client. Only the client can
maintain the NAT's port mapping. Windows clients older than 1.4.1-rc5
ping the servers once every hour; 1.4.1-rc5 and later ping every ten
minutes just like the UNIX/Linux clients.
Jeffrey Altman
ted creedon wrote:
> The window
>Is there any way to make sure that the cache manager never waits for
>more than (say) 5 seconds for a response? By which I mean that if the
>server fails to respond after 5 seconds, assume it's never coming back
>and return EIO to the caller or something like that.
In the interests of solving th
The windows client stays connected more reliably thru 2 NATTED firewalls
than the Linux client. If the Linux client were upgraded to do whatever the
windows client does the "cellname workaround" would be acceptable.
Connectionless UDP packets are port forwarded to the Class C server. I
recall prev
>It's not a bad idea to rekey one's services from time to time. It's just
>temporarily disruptive if one doesn't go through the steps in the right order
>(which for AFS would be to distribute the new key to the AFS servers
>*before* the KDC starts issuing tickets with it).
I agree in theory you sh
Hello,
I observe that one of my fileservers is very busy over long periods of time,
everal days or even a week. tcpdump on the fileservcer only shows the
following traffic;
16:09:12.981900338 server.afs3-fileserver > client.afs3-callback: udp 66
16:09:12.982000367 server.afs3-fileserver > clien
NAT UDP Timeouts. The firewall/NAT gateway loses the UDP mapping
between the client and the server.. The server can no longer talk
to the client.. Callbacks fail.. The server marks the client as
"Bad" because it can't talk back to the client.
It's not widely known, but the workaround fo
"ted creedon" <[EMAIL PROTECTED]> writes:
> For a client/server combination each behind a firewall:
>
> 1. Why does the Linux client timeout fairly rapidly requiring a client
> restart?
NAT UDP Timeouts. The firewall/NAT gateway loses the UDP mapping
between the client and the server.. The
Juha Jäykkä <[EMAIL PROTECTED]> writes:
>> AFS does not require a shared keytab. AFS requires that the contents
>> of a keytab be set into the AFS key file which is done by running
>> 'asetkey'.
>
> Ach, my mistake. AFS does not require a shared keytab, it requires a
> common KeyFile, which is co
-Original Message-
From: Juha =?ISO-8859-1?B?SuR5a2vk?= <[EMAIL PROTECTED]>
Date: Tuesday, Feb 14, 2006 9:06 am
Subject: Re: [OpenAFS] Re: "ktadd -k afs/[EMAIL PROTECTED]" breaks
AFS instantly?
Or the Heimdal commands like Brandon Allbery noted. Indeed, there is no program
"asetkey"
> AFS does not require a shared keytab. AFS requires that the contents
> of a keytab be set into the AFS key file which is done by running
> 'asetkey'.
Ach, my mistake. AFS does not require a shared keytab, it requires a
common KeyFile, which is conceptually the same - it's just not called
keytab
> Heimdal's "kt_extract" (kadmin command) extracts a key without
> generating a new one. (This is generally considered a bad thing; I
> could see it being limited to kadmin's "local mode" in the future.)
> Other mechanisms will indeed create a new key.
This last sentence is exactly what I
Hi,
I am kind of new to AFS installation, trying to install
afs-server,client on the same machine. RedHat EL3 rpms installed on my
system. I can't find afs.rc. Can anyone guide me to a good place. The
Quick beginners guide keep referring to the AFS CDROM which I
don't have at the moment.
Thnks fo
On Feb 14, 2006, at 3:27 , Juha Jäykkä wrote:
Keytabs are normally not supposed to be shared between multiple
machines, and this approach means that kadmind doesn't need to
have the
capability of retrieving keys from the KDC, which is an additional
separation of capability and an additional
* Juha Jäykkä [2006-02-14 10:27:30 +0200]:
> > Keytabs are normally not supposed to be shared between multiple
> > machines, and this approach means that kadmind doesn't need to have the
> > capability of retrieving keys from the KDC, which is an additional
> > separation of capability and an addit
Adam Megacz wrote:
Are the servers not responding at all? If so, "fs checkservers"
should list them as being "down".
Or is the response just slower than you would prefer?
What operations are failing?
What is the connection like? Are the users communicating with
campus over a VPN?
Do some op
Juha Jäykkä wrote:
> Except that AFS requires a shared keytab. Nice. :-) What about
> (Heimdal's) ktutil, does it have the same "problem" as ktadd? And how
> would an AFS cell recover from the unfortunate human error of an admin
> doing the line in the subject? This sounds like a disaster waiting t
On Feb 13, 2006, at 11:42 PM, Russ Allbery wrote:
Adam Megacz <[EMAIL PROTECTED]> writes:
Russ Allbery <[EMAIL PROTECTED]> writes:
ktadd changes the key.
I am: dumbfounded.
Dare I ask if there was a reason for this decision? Other than
causing
me grief, of course.
Keytabs are norm
> Keytabs are normally not supposed to be shared between multiple
> machines, and this approach means that kadmind doesn't need to have the
> capability of retrieving keys from the KDC, which is an additional
> separation of capability and an additional level of security.
Except that AFS requires
63 matches
Mail list logo