RE: [OpenAFS] Decentralized failover/backup system for RW volumes

Fri, 15 Jun 2018 11:55:36 -0700 

On an Active-Directory-Integrated Windows client, you may try
aklog -cache MSLSA:

or you may set up an system enviroment variable KRB5CCNAME=MSLSA:

Note the trailing colon. 

That will make AFS re-use the Kerberos ticket obtained in Windows logon. 

Best regards,
Simon


-----Original Message-----
From: [email protected] [mailto:[email protected]] On 
Behalf Of Prunk Dump
Sent: Wednesday, April 04, 2018 11:12 PM
To: [email protected]
Subject: Re: [OpenAFS] Decentralized failover/backup system for RW volumes

2018-04-04 11:10 GMT+02:00 Lars Schimmer <[email protected]>:
> On 04/04/18 10:10, Prunk Dump wrote:
>> Hi OpenAFS Team !
>
> Hi from a (still) OpenAFS admin.
>
>> I'm currently administering a high-school networks with 5 Samba PDC 
>> and around 150 Linux et 300 Windows clients. To build my user's 
>> shares I use simultaneously Samba DFS and NFSv4 ( with referrals ). 
>> So I have a global namespace for my windows and Linux clients but I 
>> need to manages all my volumes manually to distribute the load on the 
>> servers and making redundancy with rsync.
>>
>> I will be shortly upgrading all my servers. So I have started 
>> investigating on new solutions. And AFS seems to fit nearly all my 
>> needs ! Just a point is still problematic.
>
> First: keep in mind, the OpenAFS Windows client is old and 
> unmaintained currently. Needs more work to keep it current and updated 
> with latest OpenAFS 1.8.x An alternate implementation is Auristor, but 
> that is a commercial suite.

Thank you very much for your help !

That's very sad ... As I can't have only Linux stations I absolutely need a 
reliable Windows client for my network file system. And it is not acceptable 
for me to use a closed source client. This is really frustrating as more I read 
the AFS documentation more I find that it fit perfectly the needs for a local 
network parallelized file system.
And I have made some tests linking AFS to a Samba Active Directory for Kerberos 
security and it works perfectly for Linux servers and clients ! (once AES 
encryption is enabled on AFS)

There is also another problem. As I use Samba Active Directory for security, it 
seems that the current AFS windows clients don't use the Kerberos ticket 
obtained at logon to obtain the AFS token. So there is two Kerberos 
authentication at logon instead of one.

But I like the fact that we know, in AFS, where the volumes are stored. This is 
not the case in some other file systems like glusterFS. So I can potentially do 
some optimizations with AFS. For example I know that all the students on a same 
class will mount their home share at the same time. So to load balance my 
servers I just need to distribute each class home shares between my 5 servers.

And actually, Samba domain DFS support is not fully supported and
NFSv4 pNFS feature is still in development ...

Maybe is to too early to update my network design.

Thanks again !

Baptiste.
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
:��T���&j)b�   b�өzpJ)ߢ�^��좸!��l��b��(���~�+��Y���b�ا~����~ȧ~

Reply via email to