That was intended to be addressed only to John. Mea culpa.
On Wed, 24 Jan 2018, Stephen Joyce wrote:
Hey, John.
Let me know if you have more problems, or just need to bounce any ideas
around.
I went through something similar last summer, but I actually changed IP
addresses (moved
d Brooks Building; Room 140
Computer Services Systems Specialist
email: sopko AT cs.unc.edu
phone: 919-590-6144
___
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
--
Stephen Joyce
Linux Systems
On Wed, 18 Jan 2017, Jeffrey Altman wrote:
You will also need to update the configuration and restart the
fileservers. The fileservers are clients of the PT and VL servers but
use the server CellServDB file for their server info.
THANK YOU. I knew there was something I was forgetting, and
I know the current best-practice for changing the IP addresses of AFS
database servers is don't do it.
But assuming that I want/need to change IPs and have available hardware, is
the use of clone dbservers the preferred method? I can tolerate short
service interruptions of up to a few minutes
On Fri, 8 Apr 2016, Giovanni Bracco wrote:
In our AFS cell we have 9 fileservers (openafs 1.6.5 to 1.6.15) distributed
over WAN and we use the native openafs backup system, which works well (max
size of a volume is 200 GB)
We have defined a volset for all the .backup volumes of all
I'm no C programmer, but from my rudimentary reading of the code, wasn't
there always a chance for -ERESTARTSYS to be returned from inside the
while() loop inside splice_from_pipe_next(...)?
On Mon, 7 Mar 2016, Benjamin Kaduk wrote:
On Thu, 3 Mar 2016, Michael Dressel wrote:
Hi,
it is me
I admin the AFS cell for a college-level cell at a large university. :-)
I recently had an off-list discussion with someone regarding the futures of
OpenAFS. I happened to mention that I wrote a collection of scripts that
scrape my campus's LDAP directory to keep PTS in sync with it. Generally
/partinfo/>.
Cheers, Stephen
--
Stephen Joyce
Linux Systems Specialist
College of Arts and Sciences
University of North Carolina at Chapel Hill
On Sun, 25 Oct 2015, Garance A Drosehn wrote:
RPI has been running AFS since the 1990's. Somewhere along the line
we picked up a script called 'vspace', whi
It works OK for us on Ubuntu 12.04 LTS (apache 2.2.22-1ubuntu1.5, php
5.3.10-1ubuntu3.11, smarty 2.6.26-0.2ubuntu1).
Installation was pretty painless, but there are a number of patches
floating around that make it work better. I haven't tried it on 14.04 yet,
but I anticipate more changes
On Thu, 23 Oct 2014, D Brashear wrote:
Or the developer, if the builder and/or signer are not otherwise
contractually tied to the foundation's insurance.
Again, seek actual legal advice.
Yup. And that's the summary I'd give about the understanding
Stephen was looking for after Jeff's
Jeffrey,
I'd like to learn more about this. However since you sell a proprietary
fork of OpenAFS, it's difficult to discount your possible incentive to
spread FUD regarding OpenAFS.
Therefore can you provide URIs with specific information to educate me (and
possibly others) regarding these
Hi,
I'm trying to configure NIM correctly for OpenAFS on a Windows PC. The
kerberos flavor I'm attempting to use is Heimdal, per the recommendation on
Secure Endpoints' website.
I can get everything working well enough using user-specific settings,
however I'm trying to poke the registry so
I think someone mentioned an exclude list as a possible solution to this
problem.
What about an include list instead (or in addition to the exclude list)?
I'm envisioning something like CellServDB, but without the actual DB info
-- that is effectively a list of robust and/or often-used cells
Well, what you describe isn't exactly what I was proposing, but I'm not
picky and what you describe seems like it could work okay and might even be
easier (dare I hope trivial?) to implement...
Cheers,
Stephen
On Wed, 13 Aug 2014, Jeffrey Altman wrote:
On 8/13/2014 10:35 AM, Stephen Joyce
Hello,
I have a server which runs several scripts with AFS tokens. These scripts
often manipulate PTS users and groups and less-often perform volume
operations.
For the past ~week, I occasionally see in the output the following message.
rx failed to send packet: rx_sendmsg: Operation not
On Mon, 1 Jul 2013, Jeffrey Altman wrote:
A university would not.
Why not?
An organization that is supporting Bring Your Own Device (BYOD) cannot.
Is there a use case for roaming profiles in a BYOD environment?
(Not trying to troll; I don't support Windows currently but am always
On Fri, 20 Apr 2012, Lars Schimmer wrote:
The problem is:
1) Automatic renewal of the tgt by NiM do not work on Windows 7. It did
on XP.
2) Letting NiM fetch a new tgt when the user unlocks the screen do not
work. It did on XP.
Windows 7 is not Windows XP, MS changed a lot based on security
Stan,
On recent Ubuntu (probably Debian too), try installing all 3 of:
mysql-client
mysql-server
libmysqlclient-dev
I also recently updated my personal docs for installing filedrawers when I
upgraded 2 servers from Debian 4 to Ubuntu 10.4 LTS. Contact me off-list if
you'd like a sanitized
On Mon, 31 Jan 2011, Steve Simmons wrote:
We have seen similar issues. It occurs when there is a given vice
partition where lots of clients have registered callbacks but those
clients are no longer accessible. Not all the clients have responded when
the 1800 second timer goes off, and the
Hello,
Has anyone written a script or utility to add/remove PTS entries (either
membership in PTS groups or actual existence of the PTS user account would
be acceptable) from an external database, based on date?
My AFS cell is in the middle of transitioning from authenticating against a
I gave up gnome back around RedHat 8.x days due to issues with AFS
homedirs. Has gnome with afs homedirs improved any since then?
Anyway, we don't see the login problems you describe on Kubuntu 10.4. KDE
does have its own issues with lingering processes, but nothing annoying
enough to move to
-Natively-On-Linux-Slower-Than-Btrfs,
which along with the cruft its discussions are wont to have, touches on
licensing issues. OpenAFS gets a mention (not by me).
Cheers, Stephen
--
Stephen Joyce
Systems Administrator
PANIC - Physics and Astronomy Network Infrastructure and Computing
University
AFS community,
I'd like to announce the general availability of BackupAFS 1.0.0. There
were two release candidates and the changes since rc1 were minor:
- Fixed a display issue when browsing backups.
- Added the migration scripts to the list of binaries which the installer
script actually
AFS community,
I'd like to announce the general availability of BackupAFS 1.0.0rc1. The
project page is located at http://www.physics.unc.edu/~stephen/BackupAFS/
which includes a link to the sourceforge download site
https://sourceforge.net/projects/backupafs/. Feedback is encouraged. If
no
Hi Jeff,
Thanks for replying.
I think what Justin is trying to do is log into a PC in an AD domain (using
a local or domain account), obtain krb5 tickets in an MIT realm, get
tokens in an AFS cell (afs/c...@mit.realm), and optionally get tokens in
a second AFS cell (a...@mit.realm).
The
I just added a new key to the KeyFile on my db and file servers. This key
is for my campus's central krb5 realm.
Everything seems to be functioning normally regarding tickets and tokens. I
can kinit and aklog using tickets from the foreign krb5 realm and
manipulate files and folders in my
On Thu, 15 Apr 2010, Derrick Brashear wrote:
does localauth work after a bosserver restart?
Yes...
Glad it was something simple!
On Thu, Apr 15, 2010 at 3:37 PM, Stephen Joyce step...@physics.unc.edu wrote:
I just added a new key to the KeyFile on my db and file servers. This key
On Tue, 6 Apr 2010, li...@drewstud.com wrote:
...snip...
I am certain we are missing something simple here.
Thanks!
Simple? Do you have a firewall on any of the servers? Have you configured
it to allow packets to and from the other servers on the relevant ports?
(Remember udp).
... Just a
I'm trying to test trusting a Windows 2008R2 krb5 realm and am obviously
missing a step somewhere. I get tokens that don't work. I've been following
the steps at
http://www.dementia.org/twiki/bin/view/AFSLore/AdminFAQ#3_51_Can_I_authenticate_to_my_af
I've scanned the list archives and have
for an account made before the changes didn't work for me. Your
mileage may vary.
Cheers, Stephen
--
Stephen Joyce
Systems Administrator
PANIC - Physics and Astronomy Network Infrastructure and Computing
University of North Carolina at Chapel Hill
voice: 919.962.7214
fax: 919.962.0480
A human
On Thu, 4 Mar 2010, Jeffrey Altman wrote:
[C:\]translate_et 19270408
19270408 = ticket contained unknown key version number
What does kvno report when using the regular user?
Is it still three? My guess is not.
After a kinit on a client (to a regular user account in AD), the kvno of
before you
feed it into the loop for real.
Cheers, Stephen
--
Stephen Joyce
Systems Administrator
PANIC - Physics and Astronomy Network Infrastructure and Computing
University of North Carolina at Chapel Hill
voice: 919.962.7214
fax: 919.962.0480
.
Images now default to 850px height. For small displays, change
$imgHeight in image.php.
phpafsfree may be found at http://www.physics.unc.edu/~stephen/phpafsfree/
Cheers, Stephen
--
Stephen Joyce
Systems Administrator
PANIC - Physics and Astronomy Network Infrastructure and Computing
tokens. Just make sure that
pam_krb5 is sufficient and comes before pam_securityserver.so in your
stack.
Let me know (probably offlist) if you need any more hints.
Cheers, Stephen
--
Stephen Joyce
Systems Administrator
PANIC - Physics and Astronomy Network Infrastructure and Computing
having configured /etc/authorization
to do krb5 auth for the loginwindow). Doing that allowed logins via
securityd, but without saving tickets or getting tokens. Also remember to
beware the privilege separation.
Hth.
Cheers, Stephen
--
Stephen Joyce
Systems Administrator
PANIC - Physics
beneficial in the past. Who decided to restrict
access this year and for what reason?
Cheers, Stephen
--
Stephen Joyce
Systems Administrator
PANIC - Physics and Astronomy Network Infrastructure and Computing
University of North Carolina at Chapel Hill
voice: 919.962.7214
fax: 919.962.0480
Don't let
the source deb,
builds the binary deb, then installs it. (Later we can grab it and add it
to our repository.)
It's for debian, so the script is likely of little value to you. But
there's nothing to stop you from doing something similar with rpms.
Cheers, Stephen
--
Stephen Joyce
Systems
My department is rather small (under 500 users), and until now we've gotten
by without a real directory service. We currently use cfengine and custom
scripts to manage /etc/passwd by sourcing a central file and checking AFS
PTS group memberships to build the local file hourly.
For a number of
On Tue, 16 Dec 2008, Tom Maher wrote:
What's the semantics for negative ACLs? For example,
fs sa . system:authuser rl
fs sa . badguy +rl -negative
I'm guessing that'll give badguy negative rl bits.
Makes sense to me.
Should 'fs sa . badguy -rl' implicitly give him negative rl bits, if
he
On Fri, 30 May 2008, Ralf Hornik Mailings wrote:
KDM, WDM they all have the same problem. After successfully login, the
desktop manager is resetted (back to login prompt). With, or without
permission denied
I am using KDM with AFS on Debian Etch successfully. We took the low road
and used
Martin,
Thanks for the report.
This was due to the change I made to look for vos in the FHS location. You
can try version 0.4, which searches in more common locations for it, or
you can stick with your change since it works fine for you.
On Fri, 16 May 2008, Martin Flemming wrote:
Hi,
.]
Best of luck!
Cheers, Stephen
--
Stephen Joyce
Systems AdministratorP A N I C
Physics Astronomy Department Physics Astronomy
University of North Carolina at Chapel Hill Network Infrastructure
voice: (919) 962-7214
, Stephen
--
Stephen Joyce
Systems AdministratorP A N I C
Physics Astronomy Department Physics Astronomy
University of North Carolina at Chapel Hill Network Infrastructure
voice: (919) 962-7214
is an easy way to accidentally
cause this. Just something to be aware of.
Cheers, Stephen
--
Stephen Joyce
Systems AdministratorP A N I C
Physics Astronomy Department Physics Astronomy
University of North Carolina at Chapel Hill
--
Stephen Joyce
Systems AdministratorP A N I C
Physics Astronomy Department Physics Astronomy
University of North Carolina at Chapel Hill Network Infrastructure
voice: (919) 962-7214
into the public
domain or under an open license, some people may hesitate to use it and may
not know whether or not they can re-distribute your work, and if so under
what conditions.
I recommend http://www.gnu.org/licenses/licenses.html :-)
Cheers, Stephen
--
Stephen Joyce
Systems Administrator
. It stores a user's history and bookmarks in single
(intelligently-named) files rather than in separate files with names
reflecting page titles.
Cheers, Stephen
--
Stephen Joyce
Systems AdministratorP A N I C
Physics Astronomy Department
not simple or painless.
Cheers, Stephen
--
Stephen Joyce
Systems AdministratorP A N I C
Physics Astronomy Department Physics Astronomy
University of North Carolina at Chapel Hill Network Infrastructure
voice: (919) 962-7214
is that file
change notifications do not work on \\AFS UNC paths, as referenced in
http://rt.central.org/rt/Ticket/Display.html?id=50864 . My understanding is
that this will never be fixed on WinXP.
Cheers, Stephen
--
Stephen Joyce
Systems AdministratorP A N
offers the best bang for the buck on an OpenAFS server?
This is for an academic environment that fills both academic and
research needs. Researchers are asking for lots of AFS space (200GB+).
Of course this needs to be backed up as well.
Thanks,
Jason
Cheers, Stephen
--
Stephen Joyce
Systems
When you have bonnie++ numbers for xfs /vicep partitions, please post them.
Mine are currently ext3, but I've warmed considerably to xfs since they
were installed.
On Fri, 30 Nov 2007, Jerry Normandin wrote:
AFS on EXT3? No there are Metadata issues. EXT3 was intended for this.
I inherited
its backup
directories? I seem to recall that AFS doesn't support hard links between
files in different directories...? (This has disappointed me once or
twice).
Cheers, Stephen
--
Stephen Joyce
Systems AdministratorP A N I C
Physics Astronomy
, Stephen
--
Stephen Joyce
Systems AdministratorP A N I C
Physics Astronomy Department Physics Astronomy
University of North Carolina at Chapel Hill Network Infrastructure
voice: (919) 962-7214
not a diplomat or journalist, with google as a last
resort.
Add an option to compress the dumpfiles to save disk space.
Others?
Hope this helps!
Cheers, Stephen
--
Stephen Joyce
Systems AdministratorP A N I C
Physics Astronomy Department
the code--it's
pretty rough at the moment--and release it. I just don't want to go to that
trouble if no one is interested.
Please be kind as the demo url above does query real servers.
Oh, and if anyone has a better tool to do the same thing, feel free to
share.
Cheers, Stephen
--
Stephen Joyce
http://backuppc4afs.sourceforge.net/
It won't help with your current situation, but it does everything you want
and is much easier to configure (via gui) than anything else I've seen.
On Mon, 1 Oct 2007, Brian Sebby wrote:
I ended up writing a script to use the commmand 'vos dump' to dump
test our new Debian KDCs.
Cheers, Stephen
--
Stephen Joyce
Systems AdministratorP A N I C
Physics Astronomy Department Physics Astronomy
University of North Carolina at Chapel Hill Network Infrastructure
voice: (919
-solving it. (Actually, it'd be nice if I could
store the groups in ldap and have both AFS and unix be able to use them.)
Cheers, Stephen
--
Stephen Joyce
Systems AdministratorP A N I C
Physics Astronomy Department Physics Astronomy
, what info would be useful in
troubleshooting it? The problem is occuring _right now_. I can solve it by
restarting the fs process, but can delay and troubleshoot if it would be
beneficial.
Thanks!
Cheers, Stephen
--
Stephen Joyce
Systems AdministratorP
currently try to limit each server to no more than 2 TB. When/if I have
more than a few TBs per server, I'd probably use xfs. ext3 is exponentially
painful as the size increases.
My $0.02.
Cheers, Stephen
--
Stephen Joyce
Systems AdministratorP A N I C
version of Debian, but there's nothing
to stop the software from running on another linux distro. I've also tested
it on solaris. You will of course need admin access to a production or test
cell.
Cheers, Stephen
--
Stephen Joyce
Systems Administrator
--
Stephen Joyce
Systems AdministratorP A N I C
Physics Astronomy Department Physics Astronomy
University of North Carolina at Chapel Hill Network Infrastructure
voice: (919) 962-7214
with small filenames
succeed.
Cheers, Stephen
--
Stephen Joyce
Systems AdministratorP A N I C
Physics Astronomy Department Physics Astronomy
University of North Carolina at Chapel Hill Network Infrastructure
voice
://grand.central.org/rt/Ticket/Display.html?id=50864
There's a bit more technical info in RT from Jeff Altman on this problem.
Cheers, Stephen
--
Stephen Joyce
Systems AdministratorP A N I C
Physics Astronomy Department Physics Astronomy
1.5.13 + KfW 3.1.0 RUP in AFS fails, but have tokens
after logon.
Hopefully this is just a config problem on my part (see the previous doc
disclaimer); any help is appreciated.
Cheers, Stephen
--
Stephen Joyce
Systems Administrator
and GNU_GPL.txt files in the distribution for more information.
Cheers, Stephen
--
Stephen Joyce
Systems AdministratorP A N I C
Physics Astronomy Department Physics Astronomy
University of North Carolina at Chapel Hill Network
-beta (10/26/2003)? Or is anyone using
this reliably on linux and willing to share their changes? OR, as I asked
originally, if balance is no longer the best program to use for balancing
volumes across partitions, what is?
Cheers, Stephen
--
Stephen Joyce
Systems Administrator
http://www.physics.unc.edu/~stephen/backuppc-afs/
Feedback welcome.
Cheers, Stephen
--
Stephen Joyce
Systems AdministratorP A N I C
Physics Astronomy Department Physics Astronomy
University of North Carolina at Chapel Hill
BackupPC or has excellent
perl skills, preferably both! and would like to collaborate, please contact
me offlist.
Cheers, Stephen
--
Stephen Joyce
Systems AdministratorP A N I C
Physics Astronomy Department Physics Astronomy
On Sun, 8 Oct 2006, seth vidal wrote:
Specifically I'm interested in how many of them can do:
- volumeset backups or backup by wildcarded volume/partion names
- full volume restores
- directory restores preserving acls
- individual file restores
- incremental backups
- backups
updated it more recently than
2003? (1.2-beta does at least compile on linux and solaris with minor
tweaks...)
Cheers, Stephen
--
Stephen Joyce
Systems AdministratorP A N I C
Physics Astronomy Department Physics Astronomy
and security updates, for at least a few
years. There's nothing worse than a system that has to be baby-sat to work
properly or torn apart every 8 months to add capacity.
Cheers, Stephen
--
Stephen Joyce
Systems AdministratorP A N I C
Physics Astronomy Department
Joshua,
I took a brief look at the source for Apache-AuthKrb5Afs on CPAN and it
looks very simple; much too simple to be aware of AFS-specific features
such as ACLs, groups, etc.
I didn't see any method of PAG implementation in the source either, but I'm
just beginning to read up on DAV, so
, Stephen
--
Stephen Joyce
Systems AdministratorP A N I C
Physics Astronomy Department Physics Astronomy
University of North Carolina at Chapel Hill Network Infrastructure
voice: (919) 962-7214
On Fri, 12 Nov 2004, Douglas E. Engert wrote:
However I'm still getting the following error:
Open AFS (R) openafs 1.2.13 fsck
** /dev/rdsk/c1t0d0s3
BAD SUPER BLOCK: VALUES IN SUPER BLOCK DISAGREE WITH THOSE IN FIRST
ALTERNATE
USE AN ALTERNATE SUPER-BLOCK TO SUPPLY NEEDED
does has been updated
Stephen Joyce wrote:
Thanks for working on this. Is there a solution yet? I have a development
machine (solaris 9, openafs 1.2.11) which I patched last night (before
reading the archives--doh!) and it appears to have the same, or a similar,
problem (it was fine
Thanks for working on this. Is there a solution yet? I have a development
machine (solaris 9, openafs 1.2.11) which I patched last night (before
reading the archives--doh!) and it appears to have the same, or a similar,
problem (it was fine before applying the newest patches):
The system is
it out took lots of experimentation.
Cheers,
Stephen
--
Stephen Joyce
Systems AdministratorP A N I C
Physics Astronomy Department Physics Astronomy
University of North Carolina at Chapel Hill Network Infrastructure
voice: (919
Jeffrey,
Sorry if this has been covered already, but then what's the proposed
solution for those of us who are storing roaming profiles in AFS? Worked
fine with 1.2.x but from what I read below (and what I'm seeing in real
life), 1.3.71 breaks this.
Cheers,
Stephen
--
Stephen Joyce
Systems
- Research Computing Facility
Carnegie Mellon University - Pittsburgh, PA
Cheers,
Stephen
--
Stephen Joyce
Systems AdministratorP A N I C
Physics Astronomy Department Physics Astronomy
University of North Carolina at Chapel Hill
--
Stephen Joyce
Systems AdministratorP A N I C
Physics Astronomy Department Physics Astronomy
University of North Carolina at Chapel Hill Network Infrastructure
voice: (919) 962-7214
On Mon, 17 Feb 2003, Neulinger, Nathan wrote:
Another possible scenario would be assume bypass until the file has been
read once. That would cause all initial creates to bypass, but later
appends/edits would return to normal speed.
How much of AFS' poor performance is due to the CM overhead
82 matches
Mail list logo
