[OpenAFS-port-darwin] disktool -r in OpenAFS StartupItems script

David Botsch dwb7@ccmr.cornell.edu
Wed, 23 Apr 2003 11:14:53 -0400 

I have seen some lockups with versions of 10.2.3 and 10.2.4 (haven't 
tried 10.2.5) w.r.t. Appletalk and unmounting disk images mounted from 
an Appletalk AFS directory. But, that's it.

The other issue I have seen is that Mozilla and Camino cannot save 
files to a user's networked afs home directory. This broke in 10.2.3 or 
10.2.4, I believe. It has forced us to remove Mozilla and Camino from 
lab machines and only support IE and Safari as web browsers.

We are actually using cfengine to update the /etc/password file once an 
hour and then niload that into NetInfo on our user room OS X computers. 
If anyone wants any further info on what we are doing or has any 
comments, let me know.

On 2003.04.23 10:48 Bruce Carter wrote:
> Greetings all,
> 
> I've downloaded the documents referenced in this thread and will be 
> reading through them with interest.  We also are using AFS for remote 
> home directories without the intervention of a Mac OS X server.  Our 
> main issue right now is that whenever anyone with a remote home 
> directory in AFS tries to mount an AppleShare volume (SMB and WebDAV 
> work fine) the Finder crashes and reloads at the point where the 
> volume list would normally appear (after entering your user name and 
> password).  Our Apple SE is working with Apple Engineering on this, 
> and I've sent them several logs and dumps.  Anybody else see anything 
> like this?  It happens on all of our Mac OS X pilot machines.  I even 
> rebuilt one from scratch to see if that would help and it still did 
> it.
> 
> We're authenticating remotely (no local accounts except 1 admin for 
> maintenance and 1 local user for if the network is hosed so people 
> can still do stuff locally) and pulling the home directory location 
> from an iPlanet LDAP 3 server, and we are also using the Amazing 
> Alexei's aklog plug-in.  Alexei has also been kind enough to engage 
> in some bonehead level (on my end) email exchanges to help get us 
> going.  We get tickets and tokens and everything works fairly well (I 
> still have to get the ByHosts fix into our loginhook script, as well 
> as adding the disktool trick mentioned here and a few other duct tape 
> issues) except for that darn Finder crash.
> 
> We did build the indexes mentioned below, and that helped greatly 
> with the login speed.  It looks like we may need to increase the 
> default AFS quota as well since some of the students are starting to 
> hit the wall with that.
> 
> On Tuesday, April 22, 2003, at 06:04  PM, Steve Lidie wrote:
> 
>> 
>> On Tuesday, April 22, 2003, at 05:44 PM, John C. Welch wrote:
>> 
>>> On 04/22/2003 17:37, "Jonathan Z. Simon" <jzsimon@eng.umd.edu> 
>>> wrote:
>>> 
>>>> Following Alexei Kosut's suggestion (appending disktool -r to the
>>>> OpenAFS StartupItems script) has made my world a better place.
>>> 
>>> Just as a follow up for some folks who were asking, and because 
>>> Alexei's
>>> most excellent work made it possible, I have a PDF at:
>>> 
>>> <http://web.mit.edu/jwelch/www/AFS_homedirs_and_Mac_OS_X.pdf>
>>> 
>>> Which is the procedure we've tested at MIT for using AFS home 
>>> directories as
>>> OS X Home directories. It works pretty well for us, and although 
>>> it's pretty
>>> MIT - Centric, it should (hopefully) help others along the path.
>>> 
>>> I'm working on OS X Server docs that do a bit more, but that's 
>>> going to take
>>> longer.
>>> 
>>> On a side note, most of the Mac OS X folks at MIT would like to 
>>> thank Alexei
>>> for his aklog plugin, as without it, we wouldn't have been able to 
>>> do
>>> anything with AFS home directories, and Alexei, if you're ever in 
>>> Boston,
>>> let us know, we'll make sure you get at least a couple free beers.
>>> 
>> 
>> Ditto on the thanks to Alexei.  As well, many thanks to Ragnar 
>> Sundblad for his Kerberos plugin - they've both spent many hours 
>> helping me debug my Kerberos ticket -> AFS token problem.  John, 
>> thanks for your summary.
>> 
>> I, too, have created a PowerMac OS X 10.2.5 image that uses Kerberos 
>> authentication and AFS home directories.  I've taken a slightly 
>> different tack and used Directory Services tied to our LDAP (v2) 
>> server so that a user's home directory is automatically mapped to 
>> AFS-land - no local account required. That parallels how we've dealt 
>> with previous AIX and IRIX operating systems, where NIS specifies 
>> home directories in AFS space. So, at Lehigh, every Unix-based 
>> machine does krb authentication and uses a consistent home directory.
>> 
>> Does it work very, very well?  No );  Does it work well?  Yes!  The 
>> biggest problem here at Lehigh is that we use kaserver for  
>> authentication, and so far neither of the krb plugins can get me an 
>> AFS token.  That's a big problem during login, since Mac OS X wants 
>> to read/write ~/Library.  My current kludge is a Perl/Tk program 
>> that runs as a LoginHook to re-authenticate (e.g. does a klog).  
>> Until a token is acquired, login proceeds very slowly (i.e. ~= 60 
>> seconds).  If a token already exists from a prior login, login 
>> happens as fast as a login using a local account.
>> 
>> I wasn't aware that anyone else was using AFS as a home directory, 
>> so I'd like to hear all war stories.  I can say that IE's default 
>> cache size of 10 MB can cause login to fail if you only have a 10 MB 
>> quota.  I can verify that you'd better have indexed you LDAP data or 
>> logins will do a sequential lookup of 
>> uidNumber/gidNumer/NSFHomeDirectory, and delay login for a long time 
>> (;
>> 
>> Comments welcomed, thanks,
>> 
>> Steve
> 
>-- 
> Bruce Carter, ACTC, MacCSE, MCP              
> http://www.nd.edu/~bcarter/
> Senior Educational Technologist                    
> mailto:bcarter@nd.edu
> Information Technology Center 359                        
> AIM:bcarteratnd
> University of Notre Dame                           +1 574 631 9191 
> Voice
> Notre Dame, IN  46556-0539                         +1 574 631 8201   
> FAX
> 
> _______________________________________________
> port-darwin mailing list
> port-darwin@openafs.org
> https://lists.openafs.org/mailman/listinfo/port-darwin

-- 
********************************
David William Botsch
Consultant/Advisor II
CCMR Computing Facility
dwb7@ccmr.cornell.edu
********************************