IBM Support

AFS V 3.6 Patch 19 README

Fix Readme


Abstract

AFS V 3.6 Patch 19 README

Content

Patch 19 README

AFS for Multiplatforms
Patch 19 README

Version 3.6

First Edition (August 2009)

This edition applies to:

IBM AFS for AIX, Version 3.6

IBM AFS for Linux, Version 3.6

IBM AFS for Solaris, Version 3.6

IBM AFS for Windows, Version 3.6

and to all subsequent releases and modifications until otherwise indicated in new editions.

This softcopy version is based on the printed edition of this book. Some formatting amendments have been made to make this information more suitable for softcopy.

Order publications through your IBM representative or through the IBM branch office serving your locality.

© Copyright International Business Machines Corporation 2000, 2003, 2004, 2005, 2006, 2007, 2008, 2009. All rights reserved.
Note to U.S. Government Users -- Documentation related to restricted rights -- Use, duplication or disclosure is subject to restrictions set forth in GSA ADP Schedule contract with IBM Corp.

Contents


AFS(R) 3.6 Patch 19 README


AFS(R) 3.6 Patch 19 README
This file documents the fixed defects and remaining limitations associated with the Patch 19 release of AFS 3.6 (build level afs 3.6 2.64).

This document has the following sections:



For UNIX(R) systems, you use the same procedure to install a patch distribution as to upgrade from a previous release. See the upgrade instructions in the AFS Release Notes.

For Windows(R) systems, patches can be installed directly to the base 3.6 product or over any previous patches. The AFS for Windows installation program displays a series of dialog boxes that lead you through the installation process. Follow the directions in each dialog box and select the appropriate options.




Supported System Types
AFS 3.6 Patch 19 supports the following system types.

i386_linux26IBM-compatible PC with one or more processors running RedHat Enterprise Linux 4 GA with 2.6.9-5.EL Update 1
(Linux Kernel 2.6.9-11.EL), Update 2 (Linux Kernel 2.6.9-22.EL), RedHat Enterprise Linux 5 GA with 2.6.18-8.el5,
Update 1 (Linux Kernel 2.6.18-53.1.4.el5), Update 2 (Linux Kernel 2.6.18-92.el5) and Update 3 ( Linux Kernel 2.6.18-128.el5)
i386_linux24IBM-compatible PC with one or more processors running RedHat Enterprise Linux AS 3.0 with kernel 2.4.21-4.EL and 2.4.21-27.EL.
i386_win2kIBM-compatible PC with one or more processor running Microsoft Windows XP, Microsoft Windows 2003 and Windows Vista (32 bit)
rs_aix52IBM RS/6000/pSeries running AIX 5.2 or AIX 5.2b with:
    • one or more 32-bit processors running in 32-bit kernel mode
    • one or more 64-bit processors running in 32-bit or 64-bit kernel mode
rs_aix53IBM RS/6000/pSeries running AIX 5.3 , AIX 5.3A, AIX 5.3D, AIX 5.3H and AIX 53S with:
    • one or more 32-bit processors running in 32-bit kernel mode
    • one or more 64-bit processors running in 32-bit or 64-bit kernel mode
rs_aix61IBM RS/6000/pSeries running AIX 6.1, AIX TL1, AIX TL2 and AIX TL3 with :
    • one or more 64-bit processors running in 64-bit kernel mode
sun4x_58Sun SPARCstation with one or more processors running the 32-bit or 64-bit version of Solaris 8
sun4x_59Sun SPARCstation with one or more processors running the 32-bit or 64-bit version of Solaris 9
sun4x_510Sun SPARCstation with one or more processors running the 64-bit version of Solaris 10 (Update 6 Supported from this patch)

The following system types are no longer supported and are no longer part of the AFS patch distribution and support.

  • SGI IRIX 6.5.x
  • Compaq Tru64 5.1, 5.1a
  • HPUX 11.0, HPUX 11i
  • Digital UNIX 4.0d, 4.0e
  • Red Hat Linux
  • 2.2 kernel: 2.2.5-15, 2.2.10, 2.2.12, 2.2.12-20, 2.2.13, 2.2.14, 2.2.16-22, 2.2.18, 2.2.19
  • 2.4 kernel: 2.4.0, 2.4.1, 2.4.2, 2.4.7-10, 2.4.9-31, 2.4.18-10, 2.4.18-18.8.0, 2.4.20-8, 2.4.9-e.12, 2.4.9-e.24
  • AIX 4.2, 4.2.1, 4.3, 4.3.1, 4.3.2, 4.3.3.75, 5.1
  • Solaris 2.6
  • Solaris 2.7
  • Windows NT
  • Windows 2000
We are pleased to announce that service has been extended for AFS V3.6 and AFS V3.6 for Gateway on selected platforms. For detailed information regarding this announcement, please see the link for Product Life Cycle on the AFS Product Support page available here: http://www.ibm.com/software/stormgmt/afs/support.


Product Notes
This section lists general information, requirements, and outstanding limitations and defects that apply to this patch release, categorized by system type. The notes are cumulative starting with Patch 1. The description of each note indicates when it was first noted.
Note:
This document does not duplicate the notes included in the AFS Release Notes and AFS For Windows Release Notes distributed with the General Availability (GA) release of AFS 3.6, but those notes also apply to this patch release unless otherwise noted. See those documents for additional information.
Product Notes for All System Types
Product notes for AFS 3.6 GA release still apply

In addition to the following notes, the product notes for all system types in the AFS Release Notes distributed with the GA release of AFS 3.6 also apply to this patch release.


1. File count being updated in volume header

This delta updates filecount information as soon as the files get added/deleted in a volume.
Earlier, Salvager had to be run to update this count.
"vos exam <volumename> -extented " command will now show updated filecount for the particular volume.

(Noted at Patch 19)



2. Minhour restriction for ADMIN ID

This delta makes the -minhour restriction applicable to all users including the ADMIN.
This delta also solves a kaserver hang, caused when changing password of a non-existent user.

(Noted at Patch 19)


3. Support for allow or deny setuid binaries from local cell

AFS lets system administrators to specifically allow or deny setuid binaries from local cell. The SETUID variable in AFS startup script needs to be set appropriately with values "ALLOW" or "DENY". If this variable is left unset then AFS will exhibit the default behaviour.

(Noted at Patch 16)

4. Maximum volume size for AIX, Solaris, Windows and Linux

AFS supports a maximum volume size of 20 GB for AIX, Solaris, Windows and Linux.

(Noted at Patch 15)


5. buserver -cellservdb flag


The AFS Administrative Reference document states that this flag is used to specify the pathname of the directory from which the Backup Server reads in an alternative version of the CellServDB file. This is true, however, It should also mention that the standard ThisCell and KeyFile must reside in that directory as well.

(Noted at Patch 11)


6. system:ptsviewers group added


A new built-in group, "system:ptsviewers" has been introduced in the ptserver. Members of this group are allowed to perform the following actions without having administrative privileges if they belong to this group:

pts examine

pts membership

pts listowned

Note: The new group uses the group ID -203. If this group ID is already present in the ptserver database, this feature will be disabled and a warning message will be added to ptserver log. This is to ensure backward compatibility.

(Noted at Patch 9)


7. Kaserver with -crossrealm option


There is a cryptographic weakness in Kerberos 4 (used by AFS) that allows an attacker to impersonate any principal in a realm if he knows the shared cross-realm key between the local realm and a remote realm. This is described in the vulnerability:

MITKRB5-SA-2003-004

IBM AFS does not support Cross Realm Authentication. AFS Cross Realm Authentication has been disabled in the kaserver by default. There is no fix for this vulnerability except to disable cross realm authentication.

The kaserver can be started with the option "-crossrealm" to enable AFS Cross Realm Authentication. However, this will expose the cell to the above vulnerability.

(Noted at Patch 8)


8. Rx with '-nojumbo' option


An option called '-nojumbo' on the server and '-rxnojumbo' on the client, has been added, to disable the use of AFS Rx jumbograms. This option can be useful when network is problematic or there are lots of resends in the network.

For UNIX AFS Server, this option can be added to fileserver or volserver through BosConfig file, before starting bosserver. Alternatively, the 'rxtune' command can be used to set rxi_nSendFrags to 1 for disabling jumbograms. However, this will take effect only for new connections.

For UNIX AFS Clients, this option is specified as an argument to afsd in afs.rc script, while starting AFS client. On windows, this is controlled through registry key called 'RxNoJumbo'. User has to create a DWORD value for RxNojumbo in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters. If RxNoJumbo is set to 1, then Jumbograms are disabled. If it is set to 0, then Jumbograms are enabled. If no registry key is specified, Jumbograms are disabled.

(Noted at Patch 8)


9. Vulnerability in the RX connection


A vulnerability in the RX connection exists, wherein a malicious program can intercept or sniff packets between an authenticated client and server by getting its host IP updated into the connection structures on the peer. The malicious client program can send modified content to the server. This problem has been corrected.

(Noted at Patch 6)


10. butc with showprogress option


butc
with showprogress option works correctly while restoring volumes greater than 4GB.

(Noted at Patch 6)


11. Resolution of client panic


A client panic that resulted from calls made to specific AFS RPCs has been corrected.

(Noted at Patch 5)


12. Maintain the same patch level on all backup binaries


The butc, backup, and buserver binaries must be at the same patch level on all machines that use the AFS backup utility.

(Noted at Patch 2)


13. Change to AFS logging


On UNIX systems, AFS messages are now logged via syslog. Previously, AFS messages were logged to /dev/console. When /dev/console was unavailable, the process that was trying to write to it waited until it became available again; it was not possible to stop the process.

(Noted at Patch 1)

Product Notes for AIX(R) Systems

  • Product notes for AFS 3.6 GA release still apply

In addition to the following notes, the product notes for AIX in the AFS Release Notes distributed with the GA release of AFS 3.6 (build level afs3.6 2.0) also apply to this patch release.

  • Changes in rc.afs script for nfs-afs translator setup

Added NFS-AFS translator setup comments for AIX in rc.afs.

(Noted at Patch 19)

  • Reduced AFS client Load time

AFS client on AIX used to take considerable amount of time for startup. It was loading many kernel symbols which are not required at all.

This change loads only the required symbols at the startup, thus reducing start time for AFS client on AIX. This change applies only to 64 bit kernels.

(Noted at Patch 19)

  • TSM 6.1 support on AIX

    On AIX, AFS supports TSM 6.1.

    (Noted at Patch 19)



  • TSM 5.4 support on AIX
On AIX, AFS supports TSM 5.4.

(Noted at Patch 17)


  • TSM 5.2 and 5.3 support on AIX
On AIX, AFS supports TSM 5.2 and 5.3.

(Noted at Patch 15)

  • TSM 4.2 is not supported on AIX

On AIX, AFS will not support TSM 4.2

(Noted at Patch 8)

  • APAR IY13763 Needed

On AIX 4.3.3, AFS has seen frequent problems of jfs returning ENOMEM error for certain filesystem operations. This was due to design limitation with initial versions of AIX and typically happens when many files of size > 32K are copied or used simultaneously in the system. This has been fixed in AIX APAR 13763.

Solution involves installation of the mentioned AIX APAR and remounting fileserver partition /vicepxx and cache partition /usr/vice/cache, with option '-o mind'.

(Noted at Patch 8)

  • TSM 5.1 and TSM 5.2 supported on AIX

On AIX, AFS supports TSM 5.1 and TSM 5.2. Note that there is only one butc binary which can be used with both TSM 5.1 and TSM 5.2. To run butc on AIX, it is essential to have following package installed in the system.

tivoli.tsm.client.api.aix43.32bit

(Noted at Patch 7 and 8)

  • Exiting the butc program

Due to a limitation in AIX 4.3.3, using CTRL-C does not cause the butc program to exit. To avoid this problem, an environment variable called 'AIXTHREAD_SCOPE' needs to be set to S, before executing butc. Note that, butc should always be run with root privileges on the Tape Coordinator machine.

(Noted at Patch 5)

  • Curpag binary

The curpag binary is a small program that prints the pags for the current user session.

On AIX, when the user authenticates through kerberos, the KRBTKFILE environment variable is not set. If this environment variable is not set, the kerberos tokens are not displayed with the tokens.krb command.

The value of KRBTKFILE variable is of the following format: /tmp/tktp$PAG where $PAG are the pags associated with the current session. The curpag binary prints $PAG. To set the KRBTKFILE environment variable, issue the following command: $ setenv KRBTKFILE /tmp/tktp`/usr/vice/etc/curpag`.

The "curpag" binary is distributed with AFS on AIX 4.3 and 5.1 distributions and is in the /usr/vice/etc directory.

(Noted at Patch 4)

  • Garbage collection of tokens


By default, garbage collection of tokens is disabled for AIX systems. To turn on garbage collection, run /usr/afsws/etc/gcpags, a toggle switch that enables and disables garbage collection. To verify whether garbage collection is enabled, run kdump -gcpags. If afs_gcpags=1 garbage collection is enabled; if afs_gcpags=2 garbage collection is disabled. For AIX 4.x systems, garbage collection works only if afs_gcpags_procsize has one of the following values: 256, 384, 416, 448.

For AIX 5.1, garbage collection will work irrespective of the value of afs_gcpags_procsize, which will always be 0.

(Noted at Patches 2 and 3)

Product Notes for AIX 5.2, AIX 5.3 and AIX 6.1 System

  • Product notes for AFS 3.6 GA release still apply

In addition to the following notes, the product notes for AIX in the AFS Release Notes distributed with the GA release of AFS 3.6 (build level afs3.6 2.0) also apply to this patch release.
  • AIX 6.1 TL2 and TL3 are supported.

This patch onwards we are supporting upto AIX 61 TL3. The bins to be used on different AIX 6.1 is as follows :
AIX 6.1 Base and AIX 6.1 TL1 need to use rs_aix61.tar.gz.
AIX 6.1 TL2 and AIX 6.1 TL3 need to use rs_aix61.TL2.tar.gz.

(Noted at patch 19)

  • NFS-AFS translator Support for AIX 6.1

    NFS-AFS translator not supported on AIX 6.1 TL1, TL2 and TL3.

    (Noted at patch 19)

  • AIX 6.1 TL 2 and above not supported

    This patch does not support AIX 6.1 TL 2 and above.

    (Noted at patch 18)

  • APAR IY64887 required for AIX 5.3

    (AIX 5.3 Only) For AFS to work properly on AIX 5.3 systems, it is required that APAR IY64887 is applied to AIX. Corresponding defect no. is 484175. This APAR is available at: https://techsupport.services.ibm.com/server/fixes

    (Noted at Patch 11)

  • NFS-AFS Translator on AIX 5.3

    (AIX 5.3 Only)
    NFS-AFS Translator is supported on AIX 5.3

    (Noted at Patch 12)

  • APAR IY38963 Required for AIX 5.2

(AIX 5.2 Only) For AFS to work properly on AIX 5.2 systems, it is required that APAR IY38963 is applied to AIX. Corresponding defect no. is 381080. This APAR is available at: https://techsupport.services.ibm.com/server/fixes

(Noted at Patch 7)

  • Change to IBM AFS Quick Beginnings instructions for enabling AFS login on AIX 5.x machines


If AIX version 5.x is installed, edit the /usr/lib/security/methods.cfg file instead of the /etc/security/login.cfg file as documented in IBM AFS Quick Beginnings.

The change affects Step 3 in the section titled Enabling AFS Login on AIX Systems in each of two chapters in IBM AFS Quick Beginnings: Installing the First AFS Machine and Installing Additional Client Machines. The corrected text follows.

Create or edit the DCE and AFS stanzas in the /usr/lib/security/methods.cfg file on the local disk:

Edit the stanzas as follows:

  • In the DCE stanza, set the program attribute as indicated.


If you use the AFS Authentication Server (kaserver process):

   DCE:
       program = /usr/vice/etc/afs_dynamic_auth  
       options = authonly


If you use a Kerberos implementation of AFS authentication:
   DCE:
       program = /usr/vice/etc/afs_dynamic_kerbauth  
       options = authonly
  • In the AFS stanza, set the program attribute as indicated.


If you use the AFS Authentication Server (kaserver process):

   AFS:
       program = /usr/vice/etc/afs_dynamic_auth  
       options = authonly


If you use a Kerberos implementation of AFS authentication:
   AFS:
       program = /usr/vice/etc/afs_dynamic_kerbauth  
       options = authonly

(Noted at Patch 3)

  • JFS2 partitions not supported


AIX 5.x supports two types of local filesystems: JFS and JFS2.
  • The partition on which the AFS Disk cache (typically /usr/vice/cache) is located must be a JFS partition.
  • The partitions which host the fileserver data must be JFS partitions.
(Noted at Patch 3)

  • Tokens command and identification of PAG based tokens on AIX 5.x


Due to a change in the internal implementation of PAG based tokens in AIX 5.x, the command "id --G" can no longer be used to identify PAG based tokens. Therefore, the "tokens" command has been modified to additionally display the "type" of token being displayed, that is to say, PAG based token or UID based token.

For UID based tokens, the output of the tokens command looks like:

# tokens
Tokens held by the Cache Manager (UID Based Tokens) :
User's (AFS ID 1024) tokens for [email protected]
[Expires Apr 11 10:43]
--End of list--


For PAG based tokens, the output of the tokens command looks like:
# tokens
Tokens held by the Cache Manager (PAG Based Tokens) :
User's (AFS ID 1024) tokens for [email protected]
[Expires Apr 11 10:43]
--End of list--

(Noted at Patch 3)
Product Notes for HP-UX Systems
  • Product notes for AFS 3.6 GA release still apply


In addition to the following notes, the product notes for HP-UX in the AFS Release Notes distributed with the GA release of AFS 3.6 (build level afs3.6 2.50) also apply to this patch release.

  • HP-UX patches required


Adding patches to your HP-UX system is a requirement for continued AFS support. If the patches are not installed, then AFS cannot be started. Install the patches listed if they are not already installed on the AFS machine.

For HP-UX 11i, apply the following patches:

  • PHNE_28568
  • PHKL_25994
  • PHKL_29707
  • PHKL_25993
  • PHKL_28122
  • PHKL_29706
HP-UX patches are available for download from www.itrc.hp.com. Occasionally, patches are superseded by newer ones; check www.itrc.hp.com to find if these patches have been superseded by other patches, and install the newer ones.

(Noted at Patch 5 and 9)

  • Upgrade recommended to prevent salvager from deleting volumes


On HP-UX 11i, if the salvager were run on a partition that was greater than 4GB in size, it would delete the volumes in that partition. This was a virtual deletion, as only volume headers were deleted, but no actual data was deleted. AFS 3.6 Patch 5 includes a fix for HP-UX 11i.

(Noted at Patch 5)

  • VxFS not supported


HP-UX 11i supports two types of local file systems: HFS and VxFS.
  • The partition on which the AFS disk cache (typically /usr/vice/cache) is located must be an HFS partition.
  • The partitions that host the fileserver data must be HFS partitions.

(Noted at Patch 4)

Product Notes for Linux Systems


  • Most product notes for AFS 3.6 GA release still apply


The following note supersedes the first note in the section of the AFS Release Notes entitled Requirements and Limitations for Linux Systems. However, all other notes for Linux in the AFS Release Notes still apply to this patch.
  • Security related changes in Linux client

This code change fixes a security problem in Linux Client. It checks the erroneous return codes sent by the fileserver to AFS Linux client which may result into a denial of service attack.

AFS may pass an error code obtained from the fileserver directly to the Linux kernel, using a Linux mechanism that merges error codes and pointers into a single value. However, this mechanism is unable
to distinguish certain error codes from pointers. When AFS returns a code of this type to the kernel, the kernel treats it as a pointer and attempts to dereference it. This causes a kernel panic, and results in a
denial of service attack.

( Noted at patch 19 )

  • TSM 6.1 support on Linux

    On Linux, AFS supports TSM 6.1.

    (Noted at Patch 19)



  • TSM support for AFS butc

AFS now supports butc with TSM on Linux ( RHEL 4 and 5 ).

( Noted at patch 18 )


  • Integrated logging update for RHEL 4

To enable integrated login on Linux RHEL 4 keep the below line as first line in file /etc/pam.d/system-auth .
auth sufficient /lib/security/pam_afs.so try_first_pass ignore_root

(Noted at Patch 14)
  • For RedHat Enterprise Linux AS 3.0 kernel version 2.4.21-27.EL is supported

(Noted at Patch 12)
  • Different Packages for RedHat Enterprise Linux ES/AS 2.1 and RedHat Enterprise Linux AS 3.0
With patch 10, separate packages of AFS installables are provided for different RedHat versions:
For RedHat Enterprise Linux AS/ES 2.1, AFS distribution package to be used is, i386_linux24.rh7.tar.gz.
For RedHat Enterprise Linux AS 3.0, AFS distribution package to be used is, i386_linux24.rh9.tar.gz.
(Noted at Patch 10)
  • Following notes apply for AFS on RedHat Enterprise Linux AS 3.0

  • Upgrade of 'afs.rc' required
The afs startup script for Linux, i.e /etc/rc.d/init.d/afs.rc has also been changed. Upgrading to latest patch
also requires the afs.rc script to be replaced with the new script from "/usr/vice/etc/afs.rc".
  • Automatic restart of afs server processes on Sunday at 4:00 am fails on RHEL 3.0


By default AFS servers are configured to restart automatically every Sunday at 4:00 am. The daily cron job restart time is 4:01 am and the logrotate restart at this time may cause the AFS server to fail to restart. To resolve this problem the daily cron job time needs to be changed.
To change daily cron job time:
Edit the file /etc/crontab and set a different restart time.
Example: If we want to reschedule the daily cron job at 1 minute past midnight, edit file /etc/crontab to replace the line
02 4 * * * root run-parts /etc/cron.daily
...with...
01 0 * * * root run-parts /etc/cron.daily

  • Default firewall configuration needs to be changed


Communication between AFS server and client is restricted by the default firewall configuration on RHEL
3.0 . The firewall configuration needs to be changed to allow traffic to flow between AFS server and client.


To change the firewall configuration, follow the procedure mentioned below:
Log on to the system as root
Issue command setup and proceed to Firewall Configuration
Select Customize in the next screen.

· 7001:udp if the machine is configured as AFS client.
· 7000:udp, 7005:udp if the machine is configured as fileserver
· 7002:udp, 7003:udp, 7004:udp if the machine is configured as database server
.
7007:udp for the bosserver process
· 7008:udp if machine is used as an update server
.
7020:udp if the machine is a backup coordinator
.
7021:udp if the machine is a backup buserver
.
7025:udp-7032:udp if the machine a backup tape controller

NOTE: All ports used by AFS can be found using 'ports' as a search term on the AFS Product Support page.
Link to the AFS Product Support web page:

http://www.ibm.com/software/stormgmt/afs/support.

  • Modified AFS Installation Procedure on RedHat 8.0 or 9.0
As of patch 7, apart from Standard AFS installation steps, it was required to patch the Linux kernel for installing AFS onto RedHat Linux 8.0 to export sys_call_table symbol, so that it can be used to introduce AFS system call.

With patch 8, the requirement to patch the kernel has been removed. It is no longer required for installing AFS onto RedHat 8.0 or RedHat 9.0. New procedure requires user to follow steps mentioned below in addition to Standard AFS installation, before starting AFS:

  • Copy the vmlinux (uncompressed kernel) from /src/linux-<kernel-version>/vmlinux to the directory /boot, along with the bzImage (compressed kernel). Both of these files are installed as part of the default RedHat installation procedure.
  • If AFS installation is performed as an upgrade to Patch 8, it is essential to also upgrade AFS startup script, afs.rc.

(Noted at Patch 8)
  • Different Packages for RedHat7.x, RedHat Enterprise Linux ES 2.1, RedHat Enterprise Linux AS 2.1, RedHat 8.0 or 9.0


In earlier AFS patch releases, the distribution of AFS installables for RedHat Linux 7.x, 8.0 and 9.0, were included in one single package called i386_linux24.tar.gz. However, with patch 8, separate packages of AFS installables are provided for different RedHat versions.

For RedHat 7.x, RedHat Enterprise Linux AS/ES 2.1, AFS distribution package to be used is, i386_linux24.rh7.tar.gz.
For RedHat 8.0, AFS distribution package to be used is, i386_linux24.rh8.tar.gz.
For RedHat 9.0, AFS distribution package to be used is, i386_linux24.rh9.tar.gz.


(Noted at Patch 8 and 9)
  • The ext3 file system is not supported

AFS does not support the ext3 filesystem which is available in RedHat Linux.

(Noted at Patch 5)

Product Notes for Solaris Systems


  • Product notes for AFS 3.6 GA release still apply
In addition to the following notes, the product notes for Solaris in the AFS Release Notes distributed with the GA release of AFS 3.6 also apply to this patch release.
  • Support for Solaris 10 Update 6

Solaris 10 Update 6 supported from this patch onwards.
These bins don't work on Solaris 10 Base and Update 2.

(Noted at Patch 19)
  • TSM 6.1 support on Solaris

    On Solaris, AFS supports TSM 6.1.

    (Noted at Patch 19)


  • Support for Solaris 10 Update 4

This patch is not applicable to Solaris 10 base version. Solaris 10 must be updated with recommended patches in Update-4 for AFS to work.

(Noted at Patch 17)

  • NFS-AFS Translator

NFS-AFS Translator is not supported on Solaris 10 Update-4.

(Noted at Patch 17)

  • TSM 5.4 support on Solaris 10

On Solaris 10, AFS supports TSM 5.4. TSM 5.4 Client on Solaris has some known issues, so its latest patches should be used.
(Noted at Patch 17)
  • NFS-AFS Translator

NFS-AFS Translator is not supported on Solaris 10 Update-2.

(Noted at Patch 15)

  • TSM 5.2 and 5.3 support on Solaris 10

On Solaris 10, AFS supports TSM 5.2 and 5.3.

(Noted at Patch 15)

  • Unmounting afs on Solaris

    This patch fixes a defect, which caused a non-root user to panic AFS on Solaris, by trying to unmount /afs.

(Noted at Patch 14)
  • Fix for logging enabled vice partitions on Solaris 10
This patch fixes a problem, with AFS fsck on Solaris 10, where fsck of /vicep* partitions would fail, on partitions, which had logging enabled previously.

(Noted at Patch 14)
  • Fix for machine crash due to "ctstat -v" command
This patch fixes the problem of machine crash due to “ctstat –v” command on solaris-10 machine.

(Noted at Patch 14)
  • Fix for "mv" command on Solaris 10

This patch fixes problems caused due to “mv” command on solaris-10 which would corrupt vnode.

(Noted at Patch 14)

  • NFS-AFS Translator

NFS-AFS Translator is supported on Solaris 10.

(Noted at Patch 13)

  • TSM support

TSM 5.2 with butc is supported on Solaris 10.

(Noted at Patch 13)

  • Use of logging for UFS vice partitions


    The use of logging for UFS vice partitions is not recommended on Solaris systems. Turning on logging for UFS vice partitions may cause problems with file system recovery operations.

    (Noted at Patch 11)


  • Limitation on volume ids


    Due to a limitation in the quot command of Solaris, volume ids greater than "2147483648" will cause the quot command to fail/core. If you wish to use quot you must take this into consideration.

    (Noted at Patch 11)

  • Upgrade of 'afs.rc' required


There has been some necessary changes made to AFS startup procedure on Solaris, so it is essential to upgrade AFS startup script, afs.rc.
(Noted at Patch 8)
  • Tivoli Storage Manager (TSM) Support on Solaris


butc
binary distributed with AFS 3.6 now supports TSM5.1 and TSM5.2. There is only one butc binary which can be used with both TSM 5.1 and TSM 5.2. On Solaris 9, butc is supported for TSM 5.1.5 and TSM 5.2.
(Noted at Patch 8)
  • Support for Solaris 9


AFS 3.6 (build 2.43 and higher) supports the 32-bit or 64-bit version of Solaris 9. As part of replacing the standard fsck program on an AFS File Server machine that runs Solaris 9, you have to make two changes in the /sbin/mountall script as indicated in "SunSoft Patch 109576-10 for Solaris 8 /sbin/mountall changes" section of this readme.
(Noted at Patch 6)
  • Support for Solaris 8


AFS 3.6 (build 2.6 and higher) supports the 32-bit or 64-bit version of Solaris 8.
(Noted at Patch 2)
  • SunSoft Patch 105516-05 for Solaris 2.6 replaces the /sbin/mountall script


Refer to the product notes for Solaris in the AFS Version 3.6 Release Notes. The note concerning installing SunSoft Patch 10654 for Solaris 7 also applies to this SunSoft patch.
(Noted at Patch 2)
  • SunSoft Patch 109576-01 for Solaris 8 /sbin/mountall changes


As part of replacing the standard fsck program on an AFS File Server machine that runs Solaris, you make two changes in the /sbin/mountall script. The instructions for editing the /sbin/mountall script are in IBM AFS Quick Beginnings.

If you use Solaris 8 and apply SunSoft Patch 109576-01, the /sbin/mountall script is replaced and a new /usr/lib/fs/ufs/fsckall script is added. If you apply the patch on an existing File Server machine, the changes you already made in the /sbin/mountall script are overwritten.


1. You must make the first change listed for /sbin/mountall as specified in IBM AFS Quick Beginnings, which is shown here for clarity.
case "$2" in
ufs)     foptions="-o p"
        ;;
afs)     foptions="-o p"
        ;;
s5)      foptions="-y -t /var/tmp$$ -D"
        ;;
*)       foptions="-y"
        ;;

2. You must copy /usr/lib/fs/ufs/fsckall to /usr/lib/fs/afs/fsckall and change the word ufs to afs in file /usr/lib/fs/afs/fsckall as indicated below. This ensures that AFS fsck is called on vice partitions.
a. Copy /usr/lib/fs/ufs/fsckall to /usr/lib/fs/afs/fsckall.
cp /usr/lib/fs/ufs/fsckall /usr/lib/fs/afs/fsckall
b. Edit /usr/lib/fs/afs/fsckall and replace ufs with afs as indicated below.


Original:

for fsckdev in $*; do
/usr/sbin/fsck -m -F ufs $fsckdev >/dev/null 2>&1


Modified:
for fsckdev in $*; do
/usr/sbin/fsck -m -F afs $fsckdev >/dev/null 2>&1

(Noted at Patch 2)
Product Notes for Windows Systems
  • Product notes for AFS 3.6 GA release still apply


In addition to the following notes, all notes in the AFS for Windows Release Notes distributed with the General Availability release of AFS for Windows, version 3.6 also apply to this patch release.
  • Changes in windows client for Locking related problems.

This code change fixes the Windows client crashes because of locking problems. When two or more threads start acting on a global variables which maintain critical data then it crashes.

Locks are taken at various critical sections in the windows client code to avoid it from crashing.

(Noted at Patch 19)

  • AFS for Windows on Windows Vista

You can now install AFS for Windows components on a Windows Vista machine. Only AFS Client is supported on Windows Vista.

Following things should be noted :


1. This installable currently supports only AFS Client on Microsoft Windows Vista.
2. Only Local Administrator can start and stop the services on Microsoft Windows Vista.
3. Users belonging to the administrator group cannot work as a Local administrator and perform operations like install/configure/Start AFS.
4. It is suggested to Local Administrators to make sure that AFS will start automatically when computer restarts. For this, on the "Advanced" tab of the AFS Client GUI, check the box, "Start the AFS Client service whenever the computer restarts". This is necessary because, ONLY LOCAL administrator CAN start/stop any service on Microsoft Windows Vista as described earlier.

Installation Steps on Windows Vista:


1. Log in as a Local administrator.
2. Unpack the zip file mentioned above.
3. Start setup.exe contained in the zip file.
4. While selecting the components to be installed, please UNCHECK the "AFS Server" & "Control Center" components.
5. Follow the remaining steps for Installation.
6. Restart the machine.
7. Once machine is up, configure the AFS Client.

Known Issues:


1. Current AFS client does not support creation of "My Briefcase" type of files on Windows Vista.
(Noted at Patch 17)
  • Limitation on volume ids


Please note that volume ids should not be specified values greater than "2147483648". There is a limitation of afs on Windows and the salvager will not be able to handle volumes, having volume ids beyond this value.

(Noted at Patch 10)

  • Change of sysname from i386_nt40 to i386_win2k


Starting AFS 3.6 Patch 9, AFS is not supported on Windows NT. Hence, AFS sysname for Windows platform has been changed from i386_nt40 to i386_win2k. Links to i386_nt40 directory needs to be modified to point to i386_win2k for @sys to work properly.
(Noted at Patch 9)
  • AFS for Windows on Windows Server 2003


You can now install AFS for Windows components on a Windows Server 2003 machine.
(Noted at Patch 9)
  • NetBIOS Settings required for Windows 2000 SP3


On Windows 2000 Professional systems with SP3, AFS Client reaches an internal NetBIOS command limit, under certain cases. This is mainly due to some additional Security requests added in SP3. You need to add the following values in the registry, under the key HKLM/System/CurrentControlSet/Services/TransarcAFSDaemon/Parameters:

MaxMpxRequests DWORD 50
MaxVCPerServer DWORD 100

This will also fix the same problem reported on Windows XP Professional with SP1.


(Noted at Patch 7)
  • AFS for Windows on Windows XP


You can now install AFS for Windows components on a Windows XP machine. Only Windows XP Professional edition is currently supported.
(Noted at Patch 6)
  • AFS installation for Windows is upgraded to InstallShield Professional 6.31


AFS installation for Windows is upgraded from InstallShield 5.1 Professional to InstallShield Professional 6.31.

The following items should be noted:


1. An existing Patch 6 or above setup cannot be downgraded to any previously released Patch level. If there is a Patch 6 or above installed on the machine and the user wishes to downgrade to an earlier Patch level, then it is recommended that the Patch 6 or above setup be uninstalled prior to the fresh install with the Patch level which is desired. The AFS configurations can be saved for use with the earlier Patch level.
2. AFS Server installation requires the AFS Client for communication and the Control Center application for efficient AFS Server management. These two components are installed with the AFS Server for Windows and cannot be deselected if the AFS Server for Windows is selected for installation.
3. If AFS server is already installed then re-installation on a different path is not allowed. The re-installation takes place on the existing path. In all other cases re-installation on a different path is allowed.

(Noted at Patch 6 and 7)

  • pthread.dll is renamed


In this patch, pthread.dll is renamed to afspthread.dll. Any scripts or application using AFS's pthread.dll must be modified to call the renamed library.

(Noted at Patch 4)

  • AFS backup on Windows


Backup on a file

1. When a relative dump path is specified in the tapeconfig file, the configuration file (CFG) can be named in two ways.
a. Construct the device_name portion by stripping off the initial slash (\) and replacing any other back slashes (\) in the name with underscores. For example, CFG_dump_tmp_FILE is the appropriate filename for a backup data file called \dump\tmp\FILE.
b. Construct the file name by appending _portnumber to CFG. For example, if butc is running on port 2000, the CFG file should be named CFG_2000.
2. When an absolute dump path is specified in the tapeconfig file, the configuration file must be named by appending _portnumber to CFG. For example, if the absolute path is C:\afs\dump\FILE and butc is running on port 2000, the CFG file must be named CFG_2000.
Backup on a tape

The device path must be specified as \\.\tapedevice. For example, if the tape device is TAPE0, the dump path must be specified as \\.\TAPE0.

Common guidelines


1. In case of backup on a file or floppy, FILE YES must be written in the CFG file.
2. In case of backup on a Tape, FILE NO must be written in the CFG file.
3. Capacity must be properly set in the tapeconfig file.
4. If name check (label check) is not required, write NAME_CHECK NO in the CFG file.
5. There are two ways to bypass the tape coordinator's initial tape-acquisition steps:
a. Include the instruction AUTOQUERY NO in the device configuration file.
b. Include the -noautoquery flag to the butc command.
6. To suppress the prompts and cause the tape coordinator to handle the errors in a predetermined manner, include the instruction ASK NO in the device configuration file.
7. To bypass the 'expiration date' check ASK NO should not be written in the CFG file.
Additional documentation notes

Due to file format differences between UNIX and Windows, the dump files are not cross compatible. Dump files created on a Windows machine can only be restored on a Windows machine.

(Noted at Patch 4)

  • AFS for Windows on Windows 2000


You can now install AFS for Windows components on a Windows 2000 machine. Windows 2000 Professional, Server, and Advanced Server editions are supported. Windows 2000 DataCenter Server edition and the use of TerminalServer services are not supported at this time.

There must be enough contiguous free disk space on the Windows 2000 machine to accommodate the size of the cache. For example, if you have 30 MB of free disk space on your machine and you intend to set a 20 MB cache, the cache configuration can possibly fail unless 20 MB of the available free space is contiguous.

(Noted at Patch 1)

  • AFS Client trace logging enhancements


A memory-mapped file is now used for the AFS Client trace log, allowing it to be viewed after a system failure. In addition, the log can now be viewed remotely and descriptive text is displayed instead of error codes.

(Noted at Patch 1)

  • AFS for Windows components are supported with Service Pack 6


You can now install AFS for Windows components on a Windows NT machine with Service Pack 6.

(Noted at Patch 1)

  • All AFS components on a machine must be the same version


The AFS for Windows installation tool does not allow a user to install AFS components that have different version numbers. If you have more than one AFS for Windows component installed on your machine, you cannot update one component without updating all of the other components as well.

(Noted at Patch 1)




Corrected Defects
This section describes the defects fixed in each patch release, with the most recent release listed first. Defects are sorted by functionality within each patch release. Refer to the appropriate section:


Defects Corrected in Patch 19 (Build Level 2.64)

This section describes the defects fixed in Patch 19. They are sorted into the following categories.

Server Defects Corrected in Patch 19

UNIX Client Defects Corrected in Patch 19

Windows Client Defects Corrected in Patch 19

Other Defects Corrected in Patch 19

Server Defects Corrected in Patch 19

  • ID71119

This delta updates file count information as soon as the files get added/deleted in the volume.
  • ID71126

This delta makes the -minhour restriction applicable to all users including the ADMIN.

This delta also solves a kaserver hang, caused when changing password of a non-existent user.


UNIX Client Defects Corrected in Patch 19
  • ID71129

Added NFS-AFS translator setup comments for AIX in rc.afs.
  • ID71121

This delta decreases the load time of the AFS client on AIX.
  • ID71123

This delta fixes a security risk in Linux client that could lead to a client crash and may lead to a denial of service attack.

Windows Client Defects Corrected in Patch 19

  • IZ53921

This APAR fixes the locking issues in windows client that lead to frequent crashes.


Other Defects Corrected in Patch 19

Defects Corrected in Patch 18 (Build Level 2.63)

This section describes the defects fixed in Patch 18. They are sorted into the following categories.

Server Defects Corrected in Patch 18

UNIX Client Defects Corrected in Patch 18

Windows Client Defects Corrected in Patch 18

Other Defects Corrected in Patch 18

Server Defects Corrected in Patch 18

  • IZ19609

This APAR modifies the heap segment of all the AFS servers on AIX to accommodate the higher load and runtime for several days.
  • IZ19462

This delta fixes the volume inode corruption, which may cause fileserver crash at the time when large number of volumes are moved from one fileserver to another.
  • IZ31952

This APAR adds a feature in butc, which can be used to allow restoration of volumes from a specified TSM Server, even if that volume was backed-up to any other TSM server, and later moved to this TSM Server. This APAR overrides the Server name obtained from the backed-up volume information, and avoids it to switch back to the server where it was backed-up.
  • IZ25164

This APAR fixes the inconsistency of the Authentication database when admin account is deleted.
  • IZ25169

This APAR allows admin to forcefully put a check on user’s password being reused. This is done by adding a new flag option “checkreuse” in “kas setfield” command.
  • IZ25167

This APAR restricts a user to change his/her password only once after admin changes it, within a specified minimum limit. This limit can be set using “minhour” option in the Kaserver.
  • ID71102

This delta adds the TSM support in AFS butc in Linux ( RHEL 4 and 5 ).

UNIX Client Defects Corrected in Patch 18

  • ID71114

This delta fixes several issues regarding Authentication failures in AIX.

Windows Client Defects Corrected in Patch 18

  • IZ20136

This APAR generated the appropriate error messages if there are any preoccupied ports which are being used by AFS Client.
  • ID71108

This delta fixes the display of appropriate user name who has logged in the Vista machine, on the Afscreds window.

Other Defects Corrected in Patch 18


Defects Corrected in Patch 17 (Build Level 2.61)

This section describes the defects fixed in Patch 17. They are sorted into the following categories.

Server Defects Corrected in Patch 17

UNIX Client Defects Corrected in Patch 17

Windows Client Defects Corrected in Patch 17

Other Defects Corrected in Patch 17

Server Defects Corrected in Patch 17


UNIX Client Defects Corrected in Patch 17
  • APAR IZ07486

This APAR fixes the AIX client crash because of Rx-Connection structure getting corrupted.
  • APAR IZ06540
Solaris 10 Update 4 added support for multiple IP stacks in the kernel, which restricted the AFS client to access the IP information from Solaris Kernel using non-public ILL Structures.
This APAR fixes the AFS client to get the IP information correctly from Solaris kernel.
This APAR is not applicable to Solaris 10 base version, it might result in a system crash. Solaris 10 must be updated with recommended patches in Update-4 for AFS to work.
  • APAR IZ09655
This APAR adds the support of TSM native API to BUTC utility. Henceforth BUTC will not be using XBSA API’s provided by TSM installable.
  • APAR ID71096

This delta fixes the bug on Linux platform due to which ‘volinfo’ command, when used with ‘-saveinodes’ option would give segmentation violation error.

Windows Client Defects Corrected in Patch 17


Other Defects Corrected in Patch 17

Defects Corrected in Patch 16 (Build Level 2.60)

This section describes the defects fixed in Patch 16. They are sorted into the following categories.

Server Defects Corrected in Patch 16

UNIX Client Defects Corrected in Patch 16

Windows Client Defects Corrected in Patch 16

Other Defects Corrected in Patch 16

Server Defects Corrected in Patch 16

  • APAR IY95805

This APAR enables the salvager in AIX, to allocate up to 2GB of data during execution, by increasing the data segment size of salvager binary from 256 MB to 2 GB.

UNIX Client Defects Corrected in Patch 16

  • APAR IY99918

This APAR fixes the hang, which occurs when two or more threads try to do a bulk stat on the same directory entry.
  • APAR IZ00041

This APAR fixes the race condition and client crash, which could occur at the time of un-mapping a file.
  • APAR IY99004
This APAR fixes a problem in AIX, in which rxk_input() is modified to pass the MAC header pointer in udp_input1(). Also, call to m_pullup() is removed, which was splitting mbuf into two mbufs, and causing trouble for above layers like UDP.
  • APAR IY95408

In this APAR, changes are made to the CheckServers daemon, to prevent calls to AFS servers that it can not reach.

Windows Client Defects Corrected in Patch 16


Other Defects Corrected in Patch 16

Defects Corrected in Patch 15 (Build Level 2.59)

This section describes the defects fixed in Patch 15. They are sorted into the following categories.

Server Defects Corrected in Patch 15

UNIX Client Defects Corrected in Patch 15

Windows Client Defects Corrected in Patch 15

Other Defects Corrected in Patch 15

Server Defects Corrected in Patch 15


UNIX Client Defects Corrected in Patch 15
  • APAR IY87646

This APAR fixes the problem of AFS utilities like vos, being unable to create large files in non AFS space, on Linux Platform.
  • APAR IY89668

This APAR fixes the problem on AIX, where root file system is getting corrupted due to AFS, if it is of type JFS2 instead of JFS.
  • Defect 71085

This fix resolves the hang of “fuser” command, when run by root user on AIX.

Windows Client Defects Corrected in Patch 15


Other Defects Corrected in Patch 15

Defects Corrected in Patch 14 (Build Level 2.58)

This section describes the defects fixed in Patch 14. They are sorted into the following categories.

Server Defects Corrected in Patch 14

UNIX Client Defects Corrected in Patch 14

Windows Client Defects Corrected in Patch 14

Other Defects Corrected in Patch 14

Server Defects Corrected in Patch 14

UNIX Client Defects Corrected in Patch 14

Windows Client Defects Corrected in Patch 14


Other Defects Corrected in Patch 14
  • APAR IY84430

This APAR fixes a problem of hangs because of “pagsh” command issued by non-root user.
  • APAR IY77646

This APAR fixes the problem of windows server configuration wizard failing to configure server because of primary interface being down.

Defects Corrected in Patch 13 (Build Level 2.57)

This section describes the defects fixed in Patch 13. They are sorted into the following categories.

Server Defects Corrected in Patch 13

UNIX Client Defects Corrected in Patch 13

Windows Client Defects Corrected in Patch 13

Other Defects Corrected in Patch 13

Server Defects Corrected in Patch 13

  • APAR IY71053

This APAR makes AFS fsck work on Solaris 10.
  • APAR IY76945

This APAR makes the ”M” feature working fine for NetRestrict file, which restricts the interface from registering in cache manager.
  • APAR IY77101
This APAR adds "–reuse" option to the kaserver so that kaserver can be configured as to how many principal passwords it should
store as history in kaserver database. This option should be specified on all the kaserver instances in a cell.

UNIX Client Defects Corrected in Patch 13

  • APAR IY75876

The APAR fixes the problem of Solaris client crashing due to deadlock caused by not properly grabbing the curproc->p_crlock lock.

Windows Client Defects Corrected in Patch 13

  • APAR IY72749

The APAR fixes the problem of afs integrated login failing on some clients because of network going down.
  • APAR IY77107

The APAR fixes the problem of AFS configuration wizard failing on some windows installations.

Other Defects Corrected in Patch 13

  • APAR IY70786

This APAR fixes a problem in "vos " command, the problem occurred when orphaned backup volumes were encountered during "syncvldb" operations.
  • APAR IY66579

This APAR fixes to make -nodns work with –zip option in "vos" command.

Defects Corrected in Patch 12 (Build Level 2.56)

This section describes the defects fixed in Patch 12. They are sorted into the following categories.

Server Defects Corrected in Patch 12

UNIX Client Defects Corrected in Patch 12

Windows Client Defects Corrected in Patch 12

Other Defects Corrected in Patch 12

Server Defects Corrected in Patch 12

  • APAR IY66579

This APAR adds “-zip” flag to “vos listvol”, which gives extended information about the volume in a single line. This new flag provides the information given by "vos listvol -extended" in a single line, and gives result faster than "vos listvol -extended".

  • APAR IY66411
This APAR adds a transaction identifier to the fileserver log messages. The transaction identifier is useful for tracking transactions on a fileserver. The transaction identifier is not dumped to the fileserver log unless the loglevel exceeds 1000. The transaction identifier feature is supported for fileservers that use pthreads for implementing light-weight processes.

UNIX Client Defects Corrected in Patch 12

  • APAR IY66957
This APAR has changed the afs.rc file for Linux to accept AFSD_OPTIONS from /etc/sysconfig/afs instead of OPTIONS.

Windows Client Defects Corrected in Patch 12

  • APAR IY69219

This APAR addresses the issue of windows client authentication attempt not being logged on windows.
  • APAR IY69221

The APAR fixes the problem of windows and ssh client logins not being logged in AuthLog.

Other Defects Corrected in Patch 12

  • APAR IY68503
NFS-AFS Translator works on AIX 5.3.


Defects Corrected in Patch 11 (Build Level 2.55)

This section describes the defects fixed in Patch 11. They are sorted into the following categories.

Server Defects Corrected in Patch 11

UNIX Client Defects Corrected in Patch 11

Windows Client Defects Corrected in Patch 11

Other Defects Corrected in Patch 11

Server Defects Corrected in Patch 11

  • APAR IY57174

This APAR fixes the problem of server preference not set properly on Solaris 8 and Solaris 9.
  • APAR IY28627

(AIX only) This fix enables the AFS File Server to use up to 254 MB of memory. Previously, the default limit for a user level process was 127 MB, which sometimes caused the File Server, under a heavy load, to fail and write to a core file.
UNIX Client Defects Corrected in Patch 11
  • APAR IY55183

This delta solves a problem in which AFS client was hanging on HPUX 11.0 machine due to use of older type of semaphores.
  • APAR IY58931

The rc.afs script has been modified to verify the AFS cache partition is of the type JFS. Earlier, if the cache partition is of the type JFS2, would result in panic.
  • APAR IY59119

This APAR resolves the memory leak caused by the cred structure inside the routine to set PAG.
Windows Client Defects Corrected in Patch 11
Other Defects Corrected in Patch 11
  • APAR IY62062

This APAR fixes the problem of Account Manager not working on windows xp with sp2.

Defects Corrected in Patch 10 (Build Level 2.53)


This section describes the defects fixed in Patch 10. They are sorted into the following categories.
Server Defects Corrected in Patch 10

UNIX Client Defects Corrected in Patch 10

Windows Client Defects Corrected in Patch 10

Other Defects Corrected in Patch 10

Server Defects Corrected in Patch 10

  • APAR IY45909
This APAR adds a new -timeout option to both vos commands and Volume Server, which enables vos commands to
wait for a longer time for a response from the File server. Use this argument only in consultation with AFS Development
or Product Support.
UNIX Client Defects Corrected in Patch 10
Windows Client Defects Corrected in Patch 10
  • APAR IY51565
This APAR fixes the problems faced while doing a silent uninstall of AFS on windows.
  • APAR IY51293
This APAR fixes AFS Windows Client hangs on heavy load.
  • APAR IY54040
This APAR fixes the problem of "accept/reject license conditions" screen and other buttons not being shown
in the selected installation language.
  • APAR IY52395
This APAR fixes the problem of salvager not being able to salvage the volumes when both RO and RW volumes
exist on same server and the problems of salvager crash on windows.
  • APAR IY53721
This APAR scans for Microsoft loop back adapter and if found, binds exclusively to it. This is supported only on
WinXP and Windows 2003. The loopback adapter needs to be given a hard-coded IP otherwise, integrated.
login fails while it's waiting for Windows to give it an auto-assigned address.
  • APAR IY52843
This APAR fixes the problem of AFS binaries getting deleted while upgrading. On some Windows machines the
installer fails to register service during upgrade because Windows is not able to delete the service. This problem
is reproducible on Windows 2000 only.
Other Defects Corrected in Patch 10
APAR IY53278
This APAR fixes the problem where backup restore operations, using multiple port offsets, were not working properly.
Defects Corrected in Patch 9.1 (Build Level 2.51)
This section describes the defects fixed in Patch 9.1. They are sorted into the following categories.
Server Defects Corrected in Patch 9.1

UNIX Client Defects Corrected in Patch 9.1

Windows Client Defects Corrected in Patch 9.1

Other Defects Corrected in Patch 9.1

Server Defects Corrected in Patch 9.1

  • APAR IY52479

This APAR fixes the problem of AFS database servers failing to elect quorum from 10th Jan 2004.
  • ID70121

This Delta fixes the fileserver hangs caused by number of interfaces of a host, becoming corrupt.
UNIX Client Defects Corrected in Patch 9.1
Windows Client Defects Corrected in Patch 9.1
Other Defects Corrected in Patch 9.1
Defects Corrected in Patch 9 (Build Level 2.50)
This section describes the defects fixed in Patch 9. They are sorted into the following categories.
Server Defects Corrected in Patch 9

UNIX Client Defects Corrected in Patch 9

Windows Client Defects Corrected in Patch 9

Other Defects Corrected in Patch 9

Server Defects Corrected in Patch 9

  • APAR IY49707


This APAR makes pts listowned work for the special pts:sysviewers groups.
  • APAR IY48289


This APAR fixes an assert in ubik_ClientInit due to race condition where a lock is taken on a destroyed mutex.

UNIX Client Defects Corrected in Patch 9

  • APAR IY47386


(AIX) This APAR fixes an AFS client hang caused by creation of two vcache entries in the cache manager for the same FID.
  • APAR IY46729


This APAR fixes the client panic in GetVolSlots due to inadequate file limits to write in VolumeItems file.
  • APAR IY47781


This APAR fixes an assert in close, which is called on a failed open call.
  • APAR IY47200


This APAR fixes the problem of Kernel panic while calling bcopy panic by handling memory allocation properly.

Windows Client Defects Corrected in Patch 9

  • APAR IY48605


This APAR fixes the corruption problem, while trying to copy file from windows local file system to AFS space.

Other Defects Corrected in Patch 9


Defects Corrected in Patch 8 (Build Level 2.48)
This section describes the defects fixed in Patch 8. They are sorted into the following categories.
Server Defects Corrected in Patch 8

UNIX Client Defects Corrected in Patch 8

Windows Client Defects Corrected in Patch 8

Other Defects Corrected in Patch 8

Server Defects Corrected in Patch 8

  • APAR IY40189


This APAR fixes the problem of volserver or salvager crash on a machine having a long device name (more than 32 chars) for /vicepxx partitions, due to limited length of string used for device name.
  • APAR IY37309


This APAR fixes a defect that might lead to the corruption of the fileserver's host chain which in turn might result in a fileserver crash.
  • APAR IY44872


This APAR fixes the bos addkey coredump problem, on newer versions of AIX.

UNIX Client Defects Corrected in Patch 8

  • APAR IY40530


(Solaris 9) This APAR fixes the ls hang on the nfs client running Solaris 9 using the AFS-NFS translator.
  • APAR IY42563


(HP-UX only) This APAR fixes the defect wherein starting the AFS client results in a panic if the HP-UX patch PHNE_28089 is installed on the system.
  • APAR IY43766


(Solaris only) This APAR fixes the defect wherein starting the AFS client results in a panic if the Solaris patch 108528-20 is installed on the system.
  • APAR IY44671


This APAR fixes the defect where 'ls -l' on a directory containing huge number of files, used to take a very long time, due to a bug in the AFS bulkstat.
  • APAR IY45559


This APAR resolves a deadlock between memcache and RX implementation.

Windows Client Defects Corrected in Patch 8

  • APAR IY40533


This APAR corrects the wrong error message by windows client, for the case where client and server clock times were skewed (> 15 mins).
  • APAR IY41441


This APAR fixes afsd_service crash problems at startup/shutdown when the network is disconnected.
  • APAR IY42899


This APAR fixes the defect where AFS Client failed to start, because AFS Control Center Icon appears in control panel, instead of AFS Client Icon, when AFS is installed in Japanese language.
  • APAR IY45599


This APAR fixes the problem of random AFS Client crash on Windows.

Other Defects Corrected in Patch 8

  • APAR IY41595


This APAR fixes a problem in where lock out time specified in uss template file was not being interpreted correctly by uss add command.
  • APAR IY42921


This APAR fixes a defect wherein the commands "klog.krb" and "tokens.krb" (and possibly other commands) did not work properly for UIDs greater than 65535.

Defects Corrected in Patch 7 (Build Level 2.45)


This section describes the defects fixed in Patch 7. They are sorted into the following categories.
Server Defects Corrected in Patch 7

UNIX Client Defects Corrected in Patch 7

Windows Client Defects Corrected in Patch 7

Other Defects Corrected in Patch 7

Server Defects Corrected in Patch 7

  • APAR IY37099


This APAR fixes a ubik bug which may cause database servers to crash under certain circumstances. This problem is more prevalent in on HP-UX 11i.
  • APAR IY38088


(Windows Only) Salvager may crash Windows AFS Servers if there are volumes with invalid (high) volume ids. This APAR corrects this problem.

UNIX Client Defects Corrected in Patch 7

  • APAR IY37731


(HP-UX Only) This APAR fixes a problem which causes system slowdown or crash because vcaches, belonging to mapped files and executable, can't be recycled immediately due to the HP-UX VMM holding a reference on these vcaches.
  • APAR IY39056


(Linux 2.4.X Only) This APAR corrects a problem where 64-bit file locking commands (F_GETLK64, F_SETLK64 and F_SETLKW64) did not work properly on Linux 2.4.

Windows Client Defects Corrected in Patch 7

  • APAR IY36018


This APAR fixes the problem on Windows systems wherein vos restore would fail for high volume ids.
  • APAR IY37068


This APAR fixes the problem where NetBIOS Command reaches its limit in Windows 2000 SP3. Please refer to Product Notes for Windows, for more details.
  • APAR IY37351


This APAR fixes the problem on Windows systems wherein vos dump <vol> | vos restore <vol> would result in crash.

Other Defects Corrected in Patch 7

  • APAR IY39008


This APAR fixes a problem in which backup volinfo command returns with a wrong error message if the length of the volume name exceeded 25 characters.

Defects Corrected in Patch 6 (Build Level 2.43)


This section describes the defects fixed in Patch 6. They are sorted into the following categories.
Server Defects Corrected in Patch 6

UNIX Client Defects Corrected in Patch 6

Windows Client Defects Corrected in Patch 6

Other Defects Corrected in Patch 6

Server Defects Corrected in Patch 6

  • APAR IY33274


Fileserver was reported to have crashing with "Assertion fail." at function GetClient, for a condition representing bad state of connection, which is not really an assert situation. So, for safe fileserver operations assert is replaced with reporting error condition to the caller.
  • APAR IY33365


This defect resolves a problem, wherein volserver was not able to access volumes with volume IDs greater than 2147483647, which caused all volserver operations like vos examin, vos move etc. on these volumes to fail.
  • APAR IY33581


When a badly configured client firewall product sends requests to the fileserver, fileserver faces difficulty in getting back to the client and keeps trying this, repeatedly. This can cause the fileserver into a meltdown. The fileserver needs a way to recognize that a client is in this state so it can prevent this client from causing bad performance to all users. This problem has been noticed on Windows clients which had misconfigured firewall due to which server could not client at port 7001. This fix helps server to identify this condition and remove entries of such hosts from the host hash chain.
  • APAR IY34441


A rare occurrence of callback chain corruption caused a fileserver thread to loop infinitely inside the callback chain. A check was added to detect this and recover from this condition.
  • APAR IY34442


This fix resolves a problem, wherein sending the signals SIGTSTP or SIGHUP to the fileserver process sometimes results in a crash.
  • APAR IY34952


This fix resolves a problem wherein shutting down or restarting the fileserver using "bos shutdown" or "bos restart" sometimes crashes the fileserver.
  • APAR IY33045


When a vos release command is executed, AFS volserver first completes release job and then waits to for an acknowledgement from fileserver, for breaking callbacks to the client. If fileserver takes time to do this operation, it keeps volserver waiting, making it unavailable for other vos requests. With this fix, fileserver sends an acknowledgement to volserver, as soon as it receives request from volserver.

UNIX Client Defects Corrected in Patch 6

  • APAR IY31112


(Solaris only) Session would hang if we try to copy a large file from AFS space to an UFS partition mounted with force directio option enabled on Solaris. Sessions trying to do "ps" or "who" would also hang and client wont shutdown cleanly. This APAR fixes the problem which enables to copy files from AFS to partition mounted with directio.
  • APAR IY31752


This fix resolves a race condition in the AFS buffer cache code that results in the recycling of a buffer that is in use.
  • APAR IY32248


(AIX 4.3.3 only) This fix resolves a problem where the token passing mechanism of AFS inetd, fails with "getpeername failure", when the maintenance level of AIX 4.3.3 is upgraded from ML6 to ML10.
  • APAR IY32279


(AIX only) This fix resolves a problem where the AIX client would deadlock/panic under heavy load.
  • APAR IY32316


(Linux only) On Linux, when a file in AFS is checked to see if it is locked or unlocked for advisory locking, AFS does not return the correct lock status. As a result, return status used to indicate file as locked, always. This was due to a bug in AFS lock vnodeop's implementation where the return structures was not copied back with the correct status. This has been fixed in this APAR
  • APAR IY35858


This fix resolves a problem wherein sending a signal to the BIO daemons (Some of the afsd daemons are BIO daemons) results in their termination. As a result all reads and writes to AFS space block forever.

Windows Client Defects Corrected in Patch 6

  • APAR IY29990


This delta is created to add descriptive message to the afsd_init.log.
If the registry entry "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\ClientProtocols" does not exist then the afsd service crashes with error code 1719. For this error code, a descriptive message is added in the afsd_init.log. Also modifications are done so that the client does not crash..
  • APAR IY33185


The memory consumption of the AFS Client on Windows grows by almost 16MB with each LAN Adapters added in the system. This high memory usage problem has been resolved under this APAR.
  • APAR IY33603


During reinstall/upgrade/downgrade, if a new path is chosen for re-installation than the previous one, service fails to start upon reboot flagging an error that it was unable to find the path specified. This is fixed under this APAR.
  • APAR IY32563


This corrects a problem where "Timeout" messages were repeatedly added in the Authlog

Other Defects Corrected in Patch 6

  • APAR IY34083


(HPUX only) This resolves the panic in afs_setgroups, because of pointer truncation.
  • APAR IY34705


(Windows only) In AFS Control Centre - Account Manager GUI, the pattern box doesn't work for any pattern. This was seen for all of the "User", "Groups" or "Machines" tabs. This problem is fixed under this APAR.

Defects Corrected in Patch 5.1 (Build Level 2.39)


This section describes the defects fixed in Patch 5.1. They are sorted into the following categories.
Other Defects Corrected in Patch 5.1
Other Defects Corrected in Patch 5.1
  • APAR IY33842


This fix resolves an integer overflow vulnerability in the Sun derived XDR library used by AFS.

The vulnerability can be exploited by an attacker to induce a buffer overrun in certain AFS servers. This could result in a server crash or in the attacker being able to execute arbitrary code on the server allowing the attacker to obtain unauthorized root access.

Defects Corrected in Patch 5 (Build Level 2.38)


This section describes the defects fixed in Patch 5. They are sorted into the following categories.
Server Defects Corrected in Patch 5

UNIX Client Defects Corrected in Patch 5

Windows Client Defects Corrected in Patch 5

Other Defects Corrected in Patch 5

Server Defects Corrected in Patch 5

  • APAR IY24786


(AIX only) The AFS login process was sometimes time-consuming. This was due to the fact that AFS-specific methods had to be implemented to read and search the /etc/passwd and the /etc/group files, which are often large. This problem has been corrected.

Note that a previous version of this APAR (included in Patch 4) resolved login and lsuser problems with the AFS authentication module caused by code changes in the security module of the AIX operating system.

  • APAR IY26483


(HP-UX only) This fix resolves partial hangs in the AFS filespace that were due to processes holding resources when stopped. This fix requires the addition of HP-UX patches to both HP-UX 11.0 and HP-UX 11i systems. See (HP_PATCHES) for details.
  • APAR IY27173


The fix resolves a problem where the AFS File Server failed to create the /usr/afs/local/sysid file after AFS was upgraded from version 3.5 to version 3.6.
  • APAR IY28627


(AIX only) This fix enables the AFS File Server to use up to 254 MB of memory. Previously, the default limit for a user level process was 127 MB, which sometimes caused the File Server, under a heavy load, to fail and write to a core file.
  • APAR IY29160


This fix prevents the File Server from generating a core file, which occurred when a race condition in the File Server caused the File Server's SAFS_Rename function to attempt to rename a file that no longer existed in the AFS filespace.
  • APAR IY29756


This fix prevents the File Server from generating a core file, which occurred when the File Server's h_Enumerate function traversed the list of hosts.

UNIX Client Defects Corrected in Patch 5

  • APAR IY27687


(Solaris 8 only) This fix corrects a porting problem with the NFS-AFS Translator on Solaris 8 machines which caused basic operations, such as lookup, create, remove, rename, when issued from an NFS version 3 client machine, to fail.
  • APAR IY28348


(AIX 4.3.3 only) This fix prevents a condition that caused AFS to panic when a multi-processor machine was shut down or rebooted.
  • APAR IY28760


This fix resolves a condition where an AFS client session hangs while waiting for packets from a server. This occurred because the server discarded the outgoing packets thinking that the client had already received them.

Windows Client Defects Corrected in Patch 5

  • APAR IY27805


This fix corrects a cache inconsistency. If a directory listing was done on an AFS Client for Windows machine and if the directory included a file in the AFS filespace that was modified using a different machine, then the modified file's size was not displayed.
  • APAR IY28009


This fix resolves a problem where, after installing software such as VMWARE that uses a large number of transport layer protocols, the AFS Client service could not be started.
  • APAR IY29251


(Windows 2000 only) This fix enables multiple directories to be created concurrently.

Other Defects Corrected in Patch 5

  • APAR IY26872


(Windows only) This fix corrects a problem where the AFS Control Center Server Manager was sorting and displaying the Date-Time field incorrectly.
  • APAR IY26981


(Windows only) Any file or directory created on Windows File Server vice partition and having a name starting with 'V' was incorrectly listed as a corrupted volume by the AFS Server Manager and in the list of volumes generated by using the vos listvolumes command. This problem has been corrected.

Defects Corrected in Patch 4 (Build Level 2.32)


This section describes the defects fixed in Patch 4. They are sorted into the following categories.
Server Defects Corrected in Patch 4

UNIX Client Defects Corrected in Patch 4

Windows Client Defects Corrected in Patch 4

Other Defects Corrected in Patch 4

Server Defects Corrected in Patch 4

  • Defect 12669


(Solaris 7, 8) This fix resolves a machine deadlock caused by AFS not taking proper UFS locks prior to calling UFS functions.
  • Defect 12697


(All) This fix resolves a fileserver deadlock (fileserver meltdown) that occurred when the fileserver experienced a very heavy load.
  • Defect 12744


(Solaris 2.6, 7, 8) This fix resolves a machine deadlock during a reboot sequence caused by closing the socket descriptors in an incorrect sequence. This fix implements a sequence variable to ensure that the system closes a socket only after the process that was listening on the open socket has completed its operation.
  • Defect 12803 (APAR IY21708)


(Windows) This fix resolves a condition where the AFS Client on a newly installed and configured AFS Server improperly displayed the status of volumes on /afs and /afs<cell name> as READ/WRITE. Previously, it was necessary to restart the AFS Client in order for the status to be properly displayed as READ-ONLY.
  • Defect 12818 (APAR IY21906)


(Solaris) This fix merges the /etc/name_to_sysnum is file for several versions of Solaris. A check has been added in the afs.rc script for Solaris to check for valid values in the /etc/name_to_sysnum file. Incorrect values cause problems when AFS is starting.
  • Defect 12849 (APAR IY24327)


(Windows) Previously, deleting a volume on a Windows AFS Server did not completely remove the .data directory. This fix resolves that problem.
  • Defect 12862 (APAR IY24786)


(AIX) This fix resolves login and lsuser problems with the AFS authentication module caused by code changes in the security module of the AIX operating system.
  • Defect 12870 (APAR IY25146)


(All) This fix resolves a condition where various volume related commands showed the used space of a volume as negative when the size of any file in the volume exceeded 2 GB.
  • Defect 12871 (APAR IY25223)


(Windows) This fix resolves a condition on Windows AFS Servers where the klog command failed to authenticate for certain passwords.
  • Defect 12872 (APAR IY21567)


(AIX 4.3) This fix resolves an infinite loop condition that caused fileservers to eventually meltdown.
  • Defect 12873


(AIX 4.3) This fix adds a check to verify if the fields of the UUID structure have valid values. This identifier is used to manage clients with multiple IP interfaces.
  • Defect 12886 (APAR IY26379)


(AIX) This fix corrects a problem where Kerberos tokens for logged in users were not visible on AIX systems.

UNIX Client Defects Corrected in Patch 4

  • Defect 12815 (APAR IY23080)


(Digital UNIX 4.0) This fix resolves a condition on Digital UNIX 4.0 machines where an improper error message was displayed when removing a mountpoint. Previously, when the "fs rmm <mountpoint>" command was issued on an Digital UNIX 4.0 machine in AFS space, the mount was deleted, but an error message appeared stating "fs : file <mountpoint> does not exist."
  • Defect 12837 (APAR IY22536)


(All) This fix prevents a condition that caused the NFS-AFS Translator (AFS Client) to panic when the NFS server forwarded requests from NFS clients to the NFS-AFS Translator before it was completely initialized.
  • Defect 12858 (APAR IY25847)


(All) This fix resolves a vcache leak problem.
  • Defect 12885 (APAR IY26793)


(Linux 2.2, 2.4) This fix resolves a race condition in the event handling code for Linux. This race condition results in processes losing wakeup calls; the process gets the wakeup before it actually goes to sleep. As a result, the process continues sleeping on events because it is waiting for a wakeup which has already occured, and it never returns from the system call. To the user, it appears as if the process has hung.
  • Defect 12889 (APAR IY26576)


(Linux 2.4) This fix resolves a condition where a Linux client session hangs when a user issues the "su -" command from a terminal within a KDE environment.

Windows Client Defects Corrected in Patch 4

  • Defect 12806 (APAR IY22737)


This fix adds support for the -servers option in the klog command. The -servers option allows the user to specify the authentication server when retrieving tokens.
  • Defect 12827 (APAR IY23335)


This fix resolves a condition where Windows AFS Clients did not correctly follow traversal rules.
  • Defect 12829 (APAR IY23589)


This fix resolves a problem where, when the AFS Client GUI/Advanced tab page/checkbox "Start the AFS Client whenever the computer restarts" is checked, the following error message is displayed: Error Configuring Service-The AFS Client Service's startup parameters could not be changed. You might not have the authorization to perform this operation. Error 0x000003E5.
  • Defect 12847 (APAR IY24326)


This fix resolves a condition where roaming profiles were not being created if the roaming profile path contained links.
  • Defect 12848 (APAR IY24383)


This fix solves the problem of "?S" appearing in a volume label name on Windows 2000 machines when "dir" is issued from the Command Prompt.
  • Defect 12855 (APAR IY24188)


This fix resolves a condition where, when the Windows AFS Client and Tivoli Policy Director Admin Client were both installed on the same machine, the afsd service did not start. This occurred because both programs used a pthread.dll file. The AFS file has been renamed to afspthread.dll.
  • Defect 12863 (APAR IY24034)


This fix resolves a condition that prevented removing Global Drive Mappings in the Windows AFS Client.
  • Defect 12866 (APAR IY24038)


This fix stops the AFS Client when the connection to the network is lost.
  • Defect 12867 (APAR IY25039)


This fix writes a message to the event log whenever a Windows application requests a byte-range lock of a file in AFS space.

Other Defects Corrected in Patch 4

  • Defect 12351


(All) This fix allows users to restore volumes with volume names in excess of 22 characters. It writes a warning into the ErrorLog/TapeLog file.
  • Defect 12483 (APAR IY23857)


(All) This fix resolves the Dump Information problem with AFS backup for volumes larger than 2 GB.
  • Defect 12805 (APAR IY22848)


(Windows) This fix suppresses the "License" dialog box during silent installs.
  • Defect 12808 (APAR IY22931)


(All) This fix adds a -nodns flag to three vos commands: vos exa, vos listvldb, vol listvol. If -nodns is specified in the command line, the server names will be listed in IP format rather than as the host names.
  • Defect 12843 (APAR IY24256)


(HP-UX 11.0) Undefined symbols for xdr_* were reported when using the AFS API on HP-UX. These missing symbols have been added to the librx.a file.
  • Defect 12854


(Windows) This fix allows the Windows AFS Control Center Servers Manager to create volumes with unlimited quotas.
  • Defect 12856 (APAR IY24503)


(Windows) This fix enables AFS backup to work on Windows systems.
  • Defect 12861


(All) This fix adds a -showprogress flag to the butc command. If -showprogress is specified in the command line, progress will be displayed as dots when dumping or restoring a volume. Each dot represents 64 K of data.

Defects Corrected in Patch 3 (Build Level 2.26)


This section describes the defects fixed in Patch 3. They are sorted into the following categories.
Server Defects Corrected in Patch 3

UNIX Client Defects Corrected in Patch 3

Windows Client Defects Corrected in Patch 3

Other Defects Corrected in Patch 3

Server Defects Corrected in Patch 3

  • Defect 12371


This fix prevents the salvager fom deleting hardlinked files. By default, orphan files are ignored, but if the '--orphan remove' option is specified, orphan files are removed. The default of '-orphan' is ignore, which allows the salvager to comment about orphans on every run, but not to delete them.
  • Defect 12541


This fix enables the kaserver process to authenticate krb-udp requests from Kerberos 4 clients.
  • Defect 12646


While trying to get data from a ptserver, an error condition was not being checked. This caused a core dump of the fileserver. The function acl_CheckRights() now checks for an error condition.
  • Defect 12665


A server panic was occurring as a result of a software assert (tweqi) caused by giving jfs_rele a vnode with a v_count=0. This resulted from insufficient locking. A VFS_LOCK for accessing the vnode list fom the VFS list was added to resolve this condition.
  • Defect 12695


When a file on an NT fileserver was saved, the data was being corrupted. This did not occur when the file was created for the first time, but it occurred when an existing file was opened and saved after being edited. This defect corrects that problem.
  • Defect 12674


(Linux only) Accessing AFS files through SAMBA caused refCount on inode to increase incorrectly and resulted in an "IPUT Bad refCount on inode" error. This fix resolves this problem.
  • Defect 12713


This fix enables RX to properly track retransmitted packets.
  • Defect 12724


(HPUX only) On HPUX 11.0, if the salvager were run on a partition that was greater than 4GB in size, it would delete the volumes in that partition. This fix solves that problem.

UNIX Client Defects Corrected in Patch 3

  • Defect 12481


(IRIX only) This fix resolves a panic in afs_strategy.
  • Defect 12501


(Linux 2.2only) This fix corrects a cache inconsistency problem with AFS under the Linux 2.2.* kernels.
  • Defect 12666


(Linux only) This fix resolves a condition that caused the Linux OS to suspend processing because of a potential deadlock in memory handling routines.
  • Defect 12708


(HP only) This fix allows the remsh command to function properly on HP11.
  • Defect 12712


(Solaris 8 only) In Solaris 8, "df" was generating errors for AFS directories. This fix allows the df command to function properly in AFS directories under Solaris 8.
  • Defect 12743


(HP only) This fix changes the startup script on HP 11. AFS used to panic when /usr/vice/cache was on VxFs. An afs.rc startup script corrects this problem.

Windows Client Defects Corrected in Patch 3

  • Defect 12503


With this fix, an AFS client queries the operating system on which it is installed during initialization. If the client is installed on the wrong OS, it will not start. This will prevent a Windows 98 AFS client from crashing a computer system that has been upgraded to Windows NT/2000.
  • Defect 12672

Windows 2000 systems running AFS client would hang (100% CPU) when they were disconnected from the network.This fix resolves that condition.
  • Defect 12673


This fix enables AFS clients on Windows 2000 running IIS to access a default page in AFS space.
  • Defect 12699


This fix corrects a problem where AFS would not start over a PPP connection when a LAN adapter was present, but not active on the machine. This is a common scenario for laptops that connect via the LAN when in the office and via a modem when working remotely.
  • Defect 12702


This fix provides a new binary that enables administrators to grant all users permission to start and stop an AFS service on a Windows NT/2000 system.

A default security descriptor on the afsd server permits the following access:

  • Members of the Power Users group and the LocalSystem account have SERVICE_START, SERVICE_PAUSE_CONTINUE, and SERVICE_STOP access, plus the access rights granted to all users.
  • Members of the Administrators and System Operators groups have SERVICE_ALL_ACCESS access.
With this default, only Administrative users can start and stop the afsd_service. To allow all users to start and stop the afsd_service, the DACL of the AFS service object must be modified. The following command changes the DACL:
afsdacl [-set] [-revoke]
where:
    -set sets the DACL on AFS service to allow all users
    in USERS group to start and stop services.
    -revoke revokes the DACL. Only administrators can start and stop services.

The afsdacl binary is installed in AFS/Client/Program.
  • Defect 12703


Writing files into AFS space from a Windows 2000 client took longer than performing the same operation on a Windows NT client. This fix improves write performance on Windows 2000 clients.
  • Defect 12711


If any icon in the system tray refreshes, Windows 95 considers this to be a screen refresh and restarts counting the amount of time that a system has been inactive.This can prevent a screen saver from starting. By default, the AFS tray icon refreshes every 3 minutes. This fix allows the user to set the refresh time of the lock icon by adding a registry entry.

Key:  HKEY_LOCAL_MACHINES\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters
Name: RefreshTimeInMinutes
Type: DWORD
Data:
time in minutes


If not value is given for data, a default of 3 minutes will be used.
  • Defect 12740


The menu that appears when right-clicking on the AFS tray icon was not disappearing unless the user opened and closed the AFS client window. This fix allows the user to dismiss the context menu by clicking elsewhere on the screen.
  • Defect 12766


When tokens from NT clients were taken into a file and from this file were set into the cache manager of any UNIX system, the tokens command on the UNIX system was not printing correct values. This fix resolves this printing problem.
  • Defect 12769


In AFS Windows clients, wildcard matching was not done correctly during a search, for example, if, from the command prompt, "dir /s *.txt" was submitted, files with the .txt extension were not shown in the results. This fix adds support for wildcard matching on Windows 2000/NT systems.

Other Defects Corrected in Patch 3

  • Defect 12663


This fix enables kdump to work properly on 64-bit Solaris.
  • Defect 12685


This fix enables special characters, such as colons, to be included in a field in the bulk file used by the uss_bulk command by escaping them with a backslash. The ':' is traditionally used to separate fields. In order to include it within a field, you must escape the ':' using the '\' (backslash). A ':' in a field is represented by '\:'. The '\' character itself can be represented by '\\'.
  • Defect 12730


The fix allows the bos server to perform its function correctly, along with the option setrestart -server <machine name> -time "now".

Before this fix, when the command was issued to restart the bos server at any instant by specifying the option "now", the bos server was restarting every minute. This was shown in the log file /usr/afs/logs/BosLog. This fix resolves that problem by updating the proper values in the BosConfig file.

  • Defect 12792


When an AFS client was installed for the Japanese language, the AFS menu, which is shown when you right-click on any AFS folder in Windows Explorer, was not showing up. This fix corrects that error.
  • Defect 12799


AFS command line syntax allows argument switches to be omitted if the arguments are in order. This fix solves a defect that caused the "pts" command to fail if the arguments were not accompanied by switches.

Defects Corrected in Patch 2 (Build Level 2.18)


This section describes the defects fixed in Patch 2. They are sorted into the following categories.
Server Defects Corrected in Patch 2

UNIX Client Defects Corrected in Patch 2

Windows Client Defects Corrected in Patch 2

Server Defects Corrected in Patch 2

  • Defect 9908


This fix enables the remove mountpoint command (fs rmm) to follow symbolic links. Previously, if a symbolic link was encountered, the mount point was not removed.
  • Defect 12337


This fix resolves a problem that occurred when an AFS File Server received requests from AFS Client machines to which it could not respond. The requests locked up threads in the File Server and rendered the server unusable.
  • Defect 12522


This fix prevents the File Server from generating a core file when calling the following functions in the TAdd code module: AddCallBack1_r and MultiBreakCallBack_r.
  • Defect 12530


This fix modifies the behavior of the backup dump process by preventing the creation of dumplevels with spaces in the name.
  • Defect 12536


This fix modifies the behavior of the BOS Server (bosserver) to automatically restart only when the timestamp changes on a binary. Previously, the BOS Server restarted processes when permissions were changed on binaries, even if there was no change to the timestamp of the binaries. This happened because the st_ctime time field was used to determine when to restart processes. Now, st_ctime is replaced by st_mtime as the reference time field. Therefore, processes are restarted only when the binary itself changes.
  • Defect 12541


This fix enables the kaserver process to authenticate krb-udp requests from Kerberos 4 clients.
  • Defect 12545


This fix improves File Server responses for Windows clients. It was previously possible for users (mostly those using Windows NT Explorer) to experience a delay before a "Permission denied" error was returned when accessing directories with the following access permissions: system anyuser li. Users can now run the File Server with the -dontdelay switch to prompt the File Server to more quickly return the "Permission denied" error.
  • Defect 12556


This fix prevents an infinite loop situation from occurring when the timeout chain receives a faulty link. Now, when a faulty link is encountered, a message if added to the log file.
  • Defect 12576


This fix resolves a condition that caused the AFS client to panic when server structures are no longer valid.
  • Defect 12597


(Linux only) This fix resolves a condition that caused Linux systems to suspend processing (hang) during a shutdown or reboot.
  • Defect 12625


This fix resolves a condition that caused the 'vos backupsys' command to fail when run by the bosserver as a cron job. On Linux, when the bosserver runs a process that tries to write to stdout/stderr, the process receives a SIGPIPE and fails. Although this error appeared only on Linux, code changes were made on all platforms to prevent processes that are started by the bosserver from writing to stdout/stderr.
  • Defect 12634


This fix enables AFS to return an ENODEV (error, no device) response when an invalid mount point (device) is encountered. Invalid mount points occur as a result of unknown cells or volumes.
  • Defect 12639


(Solaris only) This fix resolves a condition where a list command (ls) returned an error of "Value too large for defined data type" when it encountered an AFS file with a negative date.
  • Defect 12645


This fix eliminates a buffer overflow that had been occurring in VIOCSETVOSTAT pioclt.
  • Defect 12682


This fix resolves a race condition in the fileserver wherein the fileserver attempted to use a mutex that was not initialized.

UNIX Client Defects Corrected in Patch 2

  • Defect 12113


(Linux only) This fix enables the use of double cellname entries within the CellServDB file. In such an entry, the second cell name is used for AFS/DFS translator purposes.
  • Defect 12479


(Solaris only) This fix resolves package segment faults that occurred when the package client attempted to update files with long pathnames. The buffer provided to the file that is used to hold diagnostic messages, messages.c, overflows when the package program attempts to modify files with long pathnames. This was resulting in package segmentation faults. The buffer has been increased from 128 bytes to 256 bytes.
  • Defect 12581


(Linux only) This fix closes potential security holes.
  • Defect 12595


(Solaris 8 only) This fix resolves a condition that caused an AFS Client on a SparcStation 20 to panic while accessing AFS files.
  • Defect 12602


(Solaris only) This fix resolves a condition that caused an AFS client to suspend processing (hang) when configured with a memory cache greater than 2 GB.
  • Defect 12609


(Linux only) This fix improves performance on Linux clients.
  • Defect 12635


(HP only) This fix resolves a condition that caused the HP CDE screen to hang.

Windows Client Defects Corrected in Patch 2

  • Defect 12341


This fix enables usernames to contain a period, for example, username.admin.
  • Defect 12435


This fix resolves a condition that caused setup files to fail to execute if the were deeply nested within an AFS directory.
  • Defect 12456


This fix improves token management.
  • Defect 12534


For kerberos authentication, two new binaries have been created: C:\Program Files\IBM\AFS\Client\Program\klog_krb.exe and C:\Program Files\IBM\AFS\Common\afsauthent_krb.dll. To use kerberos authentication, rename these binaries to klog.exe and afsauthent.dll.
  • Defect 12535


This fix resolves a condition that caused a GUI account manager being used to unlock an account to fail with an error message of "No servers appear to be up".
  • Defect 12560


This fix improves the readability of the log file by removing excess blank lines.
  • Defect 12561


This fix removes an existing cache file during start up.
  • Defect 12562


This fix resolves a condition that caused the AFS NT client to crash in smb.c.
  • Defect 12565


This fix resolves a condition on Windows 2000 clients that prevented the AFS client from removing temporary files.
  • Defect 12584


This fix resolves a condition that caused the login screen to display an error dialog box stating that a problem existed in services.exe and that the workstation would automatically restart in 60 seconds. Microsoft also addressed this problem using a hotifx (see http://support.microsoft.com/support/kb/articles/q266/0/66.asp).
  • Defect 12627


This fix enables silent installs on Windows 2000.
  • Defect 12640


This fix prevent MS Visual C++ v6.0 from altering the timestamp whenever a file is opened and closed without being altered.

Defects Corrected in Patch 1 (Build Level 2.5)


This section describes the defects fixed in Patch 1. They are sorted into the following categories.
Server Defects Corrected in Patch 1

UNIX Client Defects Corrected in Patch 1

Windows Client Defects Corrected in Patch 1

Windows Control Center Defects Corrected in Patch 1

Other Defects Corrected in Patch 1

Server Defects Corrected in Patch 1

  • Defect 6008


This fix changes the AFS server processes to log messages via syslog. Previously, AFS wrote to /dev/console. When /dev/console was unavailable, the process that was trying to write to it waited until it became available again; it was not possible to kill the process.
  • Defect 12101


This fix eliminates one potential cause of timeouts when the vos listvol command has to produce output about a large number of volumes. As it processes this command, the Volume Server no longer writes to disk the three index files (large vnode, small vnode, and header) associated with a volume.
  • Defect 12326


(Linux 2.2 only) When restarting the bosserver process using the bos restart command, the process stopped but did not restart. Now, when the bos restart command is issued for the bosserver process, the process is correctly restarted.
  • Defect 12419


This fix enables the File Server to shut down properly if it receives the signal to shut down while attaching volumes.
  • Defect 12462


Previously, it was difficult to use a firewall with a network address translator (NAT). This enhancement enables users to have a File Server register inactive (or fake) IP addresses in the Volume Location database, thus allowing client machines outside the NAT to be able to access File Servers. In order to add fake IP addresses for server processes, add f as the first character in the NetInfo line for the corresponding IP address. For example, add:

f 10.10.3.100


This IP address is registered for the server process, but it is registered without being checked for a physical connection.
  • Defect 12475


(Solaris only) This fix eliminates a race condition in the File Server's h_ReleaseClient_r routine and so prevents the File Server from generating a core file.
  • Defect 12476


(Solaris only) This fix prevents the File Server from generating a core file, which occurred when a NULL value was passed to the rx_NewCall function.
  • Defect 12491


This fix prevents the File Server from failing when a file is being simultaneously accessed (created or read) and deleted.
  • Defect 12506


This performance enhancement limits the number of Volume Location Database entries that are searched by the Volume Location Server to 2000. Previously, it was possible for requests to become backed up on the Volume Location Server when the server was searching the entire Volume Location Database for a few entries.
  • Defect PQ36286


(Windows only) When using the Server Configuration Wizard, replicating root volumes failed if replicas already existed elsewhere. No error message was displayed when this occurred. This problem has been corrected and root volumes can now be replicated using the Server Configuration Wizard.

UNIX Client Defects Corrected in Patch 1

  • Defect 11926


This fix prevents remote procedure calls (RPCs) requesting impermissible operations to read-only volumes (such as rename, link, remove) from being made to File Servers; however, it allows sending RPCs to File Servers for file open operations when the file already exists.
  • Defect 12004


(AIX 4.3 only) When reading volume information, the number of bytes read did not always equal the actual size of the structure. This caused AFS to fail. The VolumeItems file is now read multiple times before AFS fails in order to increase the chance of a successful read.

This fix also corrects a client hang problem that appeared after the machine attempted to access a directory that contained a significant number of mount points.

  • Defect 12033


(AIX 4.3.2 only) This fix eliminates a problem that resulted from writing a large number of bytes to an invalid address in AFS. Previously, it was possible that when writing a large number of bytes to an invalid address in AFS, the file could become full, resulting in an infinite loop in the kernel, and the process could not be stopped.
  • Defect 12304


The pts createuser command did not function properly when used with positional parameters. This problem has been fixed and users can now specify the parameters explicitly or identify them by following the rules of positional parameters.
  • Defect 12418


(Solaris only) This fix corrects a problem that occurred when a process attempted to access the proc file system.
  • Defect 12446


(HP-UX only) This fix prevents a problem that resulted in AFS client machines not responding.
  • Defect 12501


(Linux only) This fix corrects a cache inconsistency.

Windows Client Defects Corrected in Patch 1

  • Defect 11331


When using the Windows Command Prompt to rename a file in the AFS filespace to be identical to an already existing file in the same AFS location, the already existing file was overwritten. This was not the desired behavior. Now, in this situation, the user is warned of the existence of a file with the same name and the file is not automatically overwritten.
  • Defect 11998


The error dialog box that was displayed when users attempted to obtain AFS tokens on a machine that had an incorrect date setting was misleading and partially unreadable. Now, the error message displayed is readable and contains more information.
  • Defect 12261


Previously, users were unable to map network drives using the graphical user interface when the root directory was not /afs. Now, when using a root volume other than /afs, users can map network drives using the graphical user interface.
  • Defect 12389


When using AFS Light and writing to the AFS filespace (saving, copying, etc.), seven hours were added to the time stamp associated with the file. This problem has been fixed and the time associated with files in the AFS filespace is now correct.
  • Defect 12442


This enhancement improves the AFS Client's trace logging. A memory-mapped file is now used for the log, allowing it to be viewed after a system failure. In addition, the log can now be viewed remotely and descriptive text is displayed instead of error codes.
  • Defect 12444


This enhancement enables the AFS Client to support all LAN Adapter (LANA) numbers. The client now automatically detects and uses all available LANA numbers.
  • Defect 12474


The Lan Adapter Number field on the AFS Client's Miscellaneous Configuration Dialog Box is now disabled. As of the Patch 1 release, the AFS Client automatically detects and uses all available LAN Adapter (LANA) numbers. Use of the Lan Adapter Number field could possibly result in users unknowingly disabling the auto-LANA functionality. If necessary, you can fix the LANA number used by the AFS Client service to a specific value by using the LANadapter Registry key, which is found under the following Registry setting:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TransarcAFSDaemon\Parameters

  • Defect 12505


Previously, non-relative symbolic links to the AFS root did not function correctly. The problem has been identified and corrected.

Windows Control Center Defects Corrected in Patch 1

  • Defect 11797


When restarting a process using the graphical user interface in the AFS Server Manager, all server processes were restarted. This problem has been fixed.

Other Defects Corrected in Patch 1

  • Defect 11481


(Solaris only) This fix enables remsh commands that point to an AFS version of rsh to be issued to remote machines and to work as expected, producing the same results as issuing remsh commands that point to native rsh.
  • Defect 11550


This enhancement improves the startup time to start dump by allowing temporary volume sets to be created local to the backup process and not stored in the Backup database. This reduces activity on the Backup Server.
  • Defect 12289


(Linux only) This fix enables AFS to shut down cleanly.
  • Defect 12351


Previously, it was possible to easily create volumes with names that exceeded the character limit. With this fix, a warning is now displayed when users create volumes using volume names with more than 22 characters. Also, the backup system displays a warning when backing up a volume will result in a new name containing more than 22 characters.
  • Defect 12387


This fix adds an additional step to the CheckVLserver routine to determine the definitive status of the servers. Previously, it was possible for AFS client machines to be unable to access volumes in foreign cells even though the Volume Location Servers (vlservers) in those cells were available. This was due to the CheckVLserver routine accessing conflicting variable settings.
  • Defect 12411


(Solaris 2.6 only) This fix eliminates kernel panics that sometimes occurred.
  • Defect 12412


(Linux only) This fix eliminates a kernel memory corruption that sometimes occurred.
  • Defect 12413


This fix resolves an RX error that resulted when operating systems were mixed in the AFS environment. The operating system combinations that caused the error were AIX with Linux and Windows NT with Solaris.
  • Defect 12415


This fix resolves an error that occurred when a CERT advisory was issued due to a buffer overflow in Kerberos 4 and Kerberos 5.
  • Defect 12431


This fix prevents the butc process from failing while talking to an ADSM server by avoiding contention for a pthread lock.
  • Defect 12463


This enhancement provides a new version of the SGI kernel to work with the SGI IP35 chip.
  • Defect 12485


(Solaris only) This fix prevents a panic in osi_NetReceive on Solaris machines.
  • Defect 12488


(Linux only) This enhancement provides changes to the AFS initialization script. The initialization script automatically selects the appropriate extensions file for the kernel version in use on the local machine. The module for the kernel that is closest to the installed kernel version is now chosen; whereas previously, the script only chose modules compiled specifically for the installed version.
  • Defect 12489


(AIX 4.3 only) This fix resolves a programming error that resulted in a client deadlock.
  • Defect 12520


(AIX 4.3.3 only) With this enhancement, an error message is now displayed if the klog command is used with the -setpag option when the user is logged on as root.



(C) IBM Corporation 2009. All Rights Reserved

afs36.patch19.readme.html

[{"Product":{"code":"SSXMUG","label":"AFS"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Component":"AFS","Platform":[{"code":"PF002","label":"AIX"}],"Version":"3.6","Edition":"All Editions","Line of Business":{"code":"LOB35","label":"Mainframe SW"}}]

Document Information

Modified date:
15 June 2018

UID

swg21396389