[OpenAFS] NetRestrict ignored

Derrick Brashear shadow@gmail.com
Mon, 18 Jun 2012 08:07:18 -0400


On Sun, Jun 17, 2012 at 5:07 PM, Ian Crowther <i.crowther@gmail.com> wrote:
> Hi,
>
> I've got two 'practice' AFS servers that refuse to stop using
> 10.1.2.0/24. I'm running 1.4.12.1+dfsg-4 on Debian. OpenAfs works
> quite happily apart from this.
>
> vos listaddrs shows:
> =A0vos listaddrs
> =A0xantheose.example.com
> =A0b.ns.example.com
> =A010.1.2.17
> =A0caffeine.example.com
> =A0a.ns.example.com
> =A010.1.2.16
>
> (each of the 2 servers has 3 IPs; IPs with PTRs are on 10.1.0.0/24)
>
> My volumes look like:
>
> #vos listvol 10.1.0.144
> Total number of volumes on server 10.1.0.144 partition /vicepa: 5
> root.afs =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0536870915 RW =
=A0 =A0 =A0 =A0 =A02 K On-line
> root.cell =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 536870921 RW =
=A0 =A0 =A0 =A0 =A04 K On-line
> root.public =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 536870930 RW =A0 =
=A0 =A0 =A0 =A03 K On-line
> root.user =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 536870924 RW =
=A0 =A0 =A0 =A0 =A03 K On-line
> user.ian =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0536870933 RW =
=A0 =A07323050 K On-line
>
> Total volumes onLine 5 ; Total volumes offLine 0 ; Total busy 0
>
> #vos listvol 10.1.0.145
> Total number of volumes on server 10.1.0.145 partition /vicepa: 6
> root.afs.readonly =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 536870916 RO =A0 =A0 =
=A0 =A0 =A02 K On-line
> root.cell.readonly =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0536870922 RO =A0 =A0 =
=A0 =A0 =A04 K On-line
> root.public.readonly =A0 =A0 =A0 =A0 =A0 =A0 =A0536870931 RO =A0 =A0 =A0 =
=A0 =A02 K On-line
> root.public.readonly =A0 =A0 =A0 =A0 =A0 =A0 =A0536870928 RO =A0 =A0 =A0 =
=A0 =A02 K On-line
> root.user.readonly =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0536870925 RO =A0 =A0 =
=A0 =A0 =A03 K On-line
> user.ian.readonly =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 536870934 RO =A0 =A0 =
=A0 =A0 10 K On-line
>
> Total volumes onLine 6 ; Total volumes offLine 0 ; Total busy 0
>
> (not entirely sure why root.public.readonly appears twice)
>
> /var/lib/openafs/local/NetRestrict (/etc/openafs/ too, but at the
> moment I'm concerned about the servers) contains a single line on both
> servers: 10.1.2.255

that address doesn't appear in the list of addresses you showed.
your choices are
1) use 10.1.2.16 to apply to that
2) use 10.255.255.255, the classful subnet address, in the file to
apply to that.



--=20
Derrick