[OpenAFS-devel] 1.4.8 has (re) introduced IP address ACL problems?
Deon George
deon@wurley.net
Tue, 09 Dec 2008 11:31:42 +1100
Hi,
I use some host based ACLs:
[root@penguin ~]# fs la /afs/leenooks/asterisk
Access list for /afs/leenooks/asterisk is
Normal rights:
server:asterisk rlidwk
....
[root@penguin ~]# pts membership server:asterisk
Members of server:asterisk (id: -1005) are:
10.1.3.1
[root@penguin ~]# fs gc
10.1.3.1
However, it seems that AFS starts to ignore them after a little while...
[root@penguin ~]# tokens
Tokens held by the Cache Manager:
--End of list--
[root@penguin ~]# ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:0E:0C:5B:3B:55
inet addr:10.1.3.1 Bcast:10.1.3.63 Mask:255.255.255.192
[root@penguin ~]# ls -al /afs/leenooks/asterisk
ls: /afs/leenooks/asterisk: Permission denied
The only way I can get this working again, is if I restart the afs
client. Then it will work for a random amount of time, and then stop...
Its becoming annoying, because unmounting afs means kicking off all the
processes that have something open. And if it wont unmount, its a reboot
of the server (which is really annoying)... (Sometimes it wont unmount -
even when lsof shows nothing open ?)
I didnt appear to have this problem in 1.4.7 (Im running 1.4.8 now)...
Im happy to run some debugging if it helps you fix this - I really dont
want to go back to an older release :)
Any ideas why it isnt working?
...deon