[OpenAFS] IP-address-based ACLs not working for a specific host
Kevin Sumner
ksumner@email.unc.edu
Fri, 09 Jan 2009 10:29:38 -0500
Btw, that's not to say you're having the same problem here. Sorry if I
jumped the gun. You may want to try giving the client a new UUID, esp.
if you've cloned the client rather than installing from scratch.
Kevin Sumner
ITS Enterprise Storage Management
University of North Carolina at Chapel Hill
CB# 1150, 440 W. Franklin Street, Office G408
Chapel Hill, NC 27599-1150
ksumner@unc.edu
919.962.1547 (office)
919.259.9734 (mobile)
919.445.9485 (fax)
Kevin Sumner wrote:
> We had a problem with this at the last place I worked -- turned out to
> be the Linux clients getting an all-zero UUID on startup. When somebody
> without permission with the same UUID would auth to the cell and start
> doing file IO, our machines would quit being able to use IP-based ACLs.
> I thought there was a fix in the 1.4 branch at some point, but we got
> around it quickly by running fs uuid -generate on startup after the link
> came up.
>
> Kevin Sumner
> ITS Enterprise Storage Management
> University of North Carolina at Chapel Hill
> CB# 1150, 440 W. Franklin Street, Office G408
> Chapel Hill, NC 27599-1150
>
> ksumner@unc.edu
>
> 919.962.1547 (office)
> 919.259.9734 (mobile)
> 919.445.9485 (fax)
>
>
>
> Jeff Blaine wrote:
>> We use IP-address-based ACLs on one of our Solaris 9 clients
>> with no problems.
>>
>> This Linux box we're trying to set up the same way is having
>> none of it.
>>
>> The admin work:
>>
>> ADMIN% pts creategroup silkhosts
>> group silkhosts has id -1594
>> ADMIN% pts adduser X.Y.11.70 silkhosts
>> ADMIN% pts adduser X.Y.11.39 silkhosts
>> ADMIN% pwd
>> /afs/whee/project/silk
>> ADMIN% fs sa . silkhosts rlidwk
>> ADMIN%
>>
>> The failure:
>>
>> OpenAFS 1.4.7 client
>>
>> Linux coll 2.6.18-92.el5 #1 SMP x86_64 x86_64 x86_64 GNU/Linux
>>
>> ~:coll> ifconfig -a | grep 129
>> inet addr:X.Y.11.39 Bcast:X.Y.11.255 Mask:255.255.254.0
>> ~:coll>
>> ~:coll> cd /afs/whee/project
>> ~:coll> cd silk
>> -bash: cd: silk: Permission denied
>> ~:coll>
>>
>>
>> _______________________________________________
>> OpenAFS-info mailing list
>> OpenAFS-info@openafs.org
>> https://lists.openafs.org/mailman/listinfo/openafs-info
>