[OpenAFS] Re: Weird LAN/WAN login problem
jukka.tuominen@finndesign.fi
jukka.tuominen@finndesign.fi
Tue, 26 Feb 2013 01:43:24 +0200 (EET)
> On Tue, 26 Feb 2013 01:05:14 +0200 (EET)
> jukka.tuominen@finndesign.fi wrote:
>
>> >> Feb 25 20:42:37 host-name kernel: [ 126.817136] afs: Lost contact
>> >> with file server 192.168.125.5 in cell company.com (all multi-homed
>> >> ip addresses down for the server)
>>
>> It is the local IP, which can be accessed from LAN. It is located in
>> DMZ, which is translated to be COMPANY.COM (or like) from WAN.
>
> The local IP for... the fileserver, I assume?
Correct
>
>> I think we're getting there :) I included userA also for reference.
>>
>> LAN:
>> userA@host-name:~$ vos listvldb user.userB
>
> For future reference, I should have told you -noresolv can be helpful
> here. But I think you already understand the output well enough for this
> case, so no worries :)
>
>> So, whereas userA is pointing to WAN address and can therefor be
>> access from both LAN and WAN, userB is pointing to LAN address, and
>> can only be accessed from LAN.
>>
>> That makes sense. But how do I fix it? It would be great to fix the
>> userB account as is, but more important is to make the new accounts
>> work out once created.
>
> Run this:
>
> vos listaddrs -noresolv -printuuid
>
> I assume you want to obscure the public IPs in that, but if you do,
> please do so in a way that I can still see if there are duplicate IPs in
> there.
>
> What version of OpenAFS is on the server?
>
> --
> Andrew Deason
> adeason@sinenomine.net
>
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
>
vos listaddrs -noresolv -printuuid lists two items; the local IP and some
long character string, IPv6, maybe?
IIRC there were duplicates prohibiting to create new accounts first, but
when I removed something from some conf (sorry, can't remember), it
allowed to create the account. Maybe I shouldn't have done it manually, or
should have refreshed it first. Or maybe I left the local address whereas
I should have left the public one? Or the public name is resolved to local
address, or something.
Sorry, I need to look into the server confs now...
br, jukka