[OpenAFS] AFS evaluation
Rick Cochran
rcc2@cornell.edu
Mon, 17 May 2010 16:10:45 -0400
Thanks for the quick and thorough response. I am thrashing due to end/beginning
of semester issues with other services, hence slow reply (below).
On 05/14/2010 06:56 PM, Jeffrey Altman wrote:
> On 5/14/2010 5:20 PM, Rick Cochran wrote:
>> I was a very happy AFS admin until changing jobs about 13 years ago.
>> Now, I have been asked to evaluate AFS as a possible solution to our
>> need for central filesystem functionality at Cornell. Here are my
>> experiences so far. Comments and suggestions are welcome.
>>
>> -Rick
>>
>>
>> Documentation issues (setting up server functionality):
>>
>> Should mention krb.conf:
>> http://docs.openafs.org/QuickStartUnix/ch02s14.html
>>
>> Should mention /usr/vice/etc/krb.conf:
>> http://docs.openafs.org/Reference/5/krb.conf.html
>>
>> "asetkey" command is missing "add":
>> http://docs.openafs.org/QuickStartUnix/ch02s14.html
>>
>> There are no useful descriptions of the AFSDB and SRV record techniques
>> in either the "QuickStart" or "Reference" documentation.
>
> AFSDB records are discussed in the CellServDB man page,
> http://docs.openafs.org/Reference/5/CellServDB.html
> SRV records need to be added.
>
> AFSDB records are also mentioned as part of the description of the
> -afsdb switch on the Unix afsd command,
> http://docs.openafs.org/Reference/8/afsd.html
>
> The Windows Release Notes discuss Configuration for AFS Volume
> Database Servers in section 3.49.
>
> There is no reference in the Admin Guide.
>
> I have added links to the IETF RFCs
>
> DNS AFSDB
> http://tools.ietf.org/html/rfc1183
>
> DNS AFS SRV
> http://tools.ietf.org/html/rfc5864
>
> to the http://docs.openafs.org/ page.
Thanks! This is quite helpful.
>> -----------------------
>>
>> Client issues
>> Windows client
>>
>> * Windows 7 client (1.5.74) has authentication issues
>
> Please clarify what your authentication issue is. Since your realm and
> cell do not have the same name I suspect you have configuration data
> that you have not specified.
We have had good results with 32-bit Win7 with both 1.5.74 and 1.5.7401.
With 64-bit Win7, 1.5.7401 works fine, but 1.5.74 gets
aklog: ktc 7 (11862791) while obtaining tokens for cell afsdemo.cit.cornell.edu
which translates to
11862791 (ktc).7 = Cache Manager is not initialized / afsd is not running
which I am pretty sure is not true.
One limitation I have is that I don't personally have a machine running 64-bit
Win7, and the people who do are exceedingly busy. I will attempt to crank up a
Vbox instance for myself.
>> * Windows 7 client (1.5.74) running in a NATed VirtualBox instance
>> cannot map a drive letter to "\\AFS".
>
> Please clarify how you are attempting to map a drive letter?
> Are you using "NET USE<d:> \\AFS\.... or the Explorer Shell drive
> mapping dialog?
The latter. Since I have since installed 1.5.7401, I can't try the former. But
see next section.
>> * Windows 7 client (1.5.7401) running in a NATed VirtualBox instance
>> cannot access any cell other than openafs.org.
>
> Do you mean that you installed it with the local cell set to its default
> at "openafs.org" and no other cells are listed in the Explorer Shell
> under \\AFS by default? Freelance mode (aka Unix dynroot) is
> on by default and when it is used cell names are added to the local
> root.afs volume as they are accessed.
>
> Or do you mean something else?
The default cell is set to afsdemo.cit.cornell.edu (our demo cell), and the db
server is added to the CellServDB.
Interestingly, this problem also occurs with 1.5.7401 - nothing but
".openafs.org", ".root", and "openafs.org" appear in the "AFS" folder under
"Network".
Again, this happens in a 32-bit Win7 NATed VirtualBox instance.
>> * Windows 7 client works OK in 32-bit "bridged" VirtualBox instance.
>
> I will of course assume that you have read the Windows release notes
> and in particular 3.43, Known Issues with Microsoft Windows Vista,
> Windows 7, and Server 2008 [R2]
>
> http://docs.openafs.org/ReleaseNotesWindows/ch03s43.html
This doesn't sound like the problem since it _never_ works no matter how long I
wait.
This description from http://openafs.org/windows.html may be relevant:
--------------
Windows 7 and Server 2008 R2 Specific Issues
* There is a bug in Windows that will prevent access to \\AFS after an IP
address has been removed or assigned after boot. When the bug is triggered, all
attempts to connect to \\AFS will result in a "Bad Network Name" error. Please
reproduce this issue locally and submit bug reports to Microsoft.
--------------
I will reinstall 1.5.74 and see what happens when I "NET USE ...".
-Rick