A few days ago a friend asked me, how to install openafs on a Debian Linux. I told him, that he just has to follow my article on www.debianplanet.org...
But on www.debianplanet.org he only got the following information:
Temporarily removed due to spammers, read-only archive version will be back after reconfiguration.
So i searched in my files and finally i found my article:
Submitted by dschroff on Friday, November 01, 2002 - 23:59
Here the content:
This is a quick and dirty rundown of how to install OpenAFS and Kerberos 5 and get it all working. OpenAFS is a pretty advanced and rockin' distributed filesyste; for more information, check out openafs.org.
As an absolute minimum, you'll need to install the following packages:
libpam-openafs-session
openafs-client
openafs-krb5
openafs-modules-source
libkrb53
krb5-clients
krb5-config
krb5-doc
krb5-user
libpam-krb5
openafs-krb5
If you're running a server, you'll also need to install the following packages.
openafs-dbserver
openafs-fileserver
krb5-admin-server
krb5-kdc
Secondly, you'll need to set Kerberos up. Read and follow the instructions in /usr/share/doc/krb5-doc/install-guide.ps.gz and create a user called admin.
After this, you'll need to build the OpenAFS module. Extract the /usr/src/openafs.tar.gz file and
read /usr/src/modules/openafs/debian/README.modules; this will create the package and tell you how to install it.
After you're built OpenAFS, you'll need to configure this. First, edit /etc/openafs/ThisCell to set your domain name, then edit /etc/openafs/CellServDB, and add your server and domain. Copy these files to /etc/openafs/server and create a partition /vicepa for the data with a filesystem of your choice.
On the server, type:
#>kadmin.local -q "ank -randkey afs"
#>kadmin.local -q "ktadd -e des-cbc-crc:afs3 -k /etc/krb5.keytab.afs afs"
#>asetkey add foo /etc/krb5.keytab.afs afs
#>bosserver -noauth &
#>bos listhosts servername -noauth
#>bos create -server servername -instance ptserver -type simple -cmd /usr/lib/openafs/ptserver -cell domainname -noauth
#>bos adduser servername admin -cell domainname -noauth
#>bos listkeys servername -cell domainname -noauth
#>pts createuser -name admin -cell domainname -noauth
#>pts adduser admin system:administrators -cell domainname -noauth
#>pts membership admin -cell domainname -noauth
#>bos restart servername -all -cell domainname -noauth
#>bos create -server servername -instance fs -type fs -cmd /usr/lib/openafs/fileserver -cmd /usr/lib/openafs/volserver -cmd /usr/lib/openafs/salvager -cmd /usr/lib/openafs/vlserver -cell domainname -noauth
#>bos status servername fs -long -noauth
#>vos create -server servername -partition /vicepa -name root.afs -cell domainname -noauth
#>bos shutdown servername -wait
#>pkill bosserver
#>/etc/init.d/openafs-fileserver start
#>/etc/init.d/openafs-client start
#>kinit admin && klist
#>aklog && tokens
#>fs checkvolumes
#>fs setacl /afs system:anyuser rl
#>vos create servername /vicepa root.cell
#>fs mkmount /afs/domainname root.cell
#>fs setacl /afs/domainname system:anyuser rl
#>fs mkmount /afs/.domainname root.cell -rw
#>pts creategroup groupname -id -groupname
#>mkdir /afs/domainname/home
foo is the number of the key.
When you've done all this, it's time to add a user; you need a working NSS system for this. To add users, type:
#>adduser --disabled-password
To tell Kerberos and OpenAFS about your new user, type:
#>kadmin.local -q "ank -maxlife 30days username"
#>vos create servername /vicepa username
#>fs mkmount /afs/domainname/home/username username
#>vos release root.cell
#>fs checkvolumes
#>pts createuser username -id userid
#>pts adduser username groupname
#>fs sa /afs/domainname/home/username username all
#>fs setquota /afs/domainname/home/username -max 500000
Now you'll need to set up the /etc/pam.d files. Just play with the configuration files or send me an e-mail; even better, check out the debian-security archives.
Good luck!
Yes, i know there are better installation tutorials like this one, which is really excellent, but look at the references: [1] Installing OpenAFS, http://www.debianplanet.org/node.php?id=816 !!!!
I hope debianplanet will be back soon...
But on www.debianplanet.org he only got the following information:
Temporarily removed due to spammers, read-only archive version will be back after reconfiguration.
So i searched in my files and finally i found my article:
Submitted by dschroff on Friday, November 01, 2002 - 23:59
Here the content:
This is a quick and dirty rundown of how to install OpenAFS and Kerberos 5 and get it all working. OpenAFS is a pretty advanced and rockin' distributed filesyste; for more information, check out openafs.org.
As an absolute minimum, you'll need to install the following packages:
libpam-openafs-session
openafs-client
openafs-krb5
openafs-modules-source
libkrb53
krb5-clients
krb5-config
krb5-doc
krb5-user
libpam-krb5
openafs-krb5
If you're running a server, you'll also need to install the following packages.
openafs-dbserver
openafs-fileserver
krb5-admin-server
krb5-kdc
Secondly, you'll need to set Kerberos up. Read and follow the instructions in /usr/share/doc/krb5-doc/install-guide.ps.gz and create a user called admin.
After this, you'll need to build the OpenAFS module. Extract the /usr/src/openafs.tar.gz file and
read /usr/src/modules/openafs/debian/README.modules; this will create the package and tell you how to install it.
After you're built OpenAFS, you'll need to configure this. First, edit /etc/openafs/ThisCell to set your domain name, then edit /etc/openafs/CellServDB, and add your server and domain. Copy these files to /etc/openafs/server and create a partition /vicepa for the data with a filesystem of your choice.
On the server, type:
#>kadmin.local -q "ank -randkey afs"
#>kadmin.local -q "ktadd -e des-cbc-crc:afs3 -k /etc/krb5.keytab.afs afs"
#>asetkey add foo /etc/krb5.keytab.afs afs
#>bosserver -noauth &
#>bos listhosts servername -noauth
#>bos create -server servername -instance ptserver -type simple -cmd /usr/lib/openafs/ptserver -cell domainname -noauth
#>bos adduser servername admin -cell domainname -noauth
#>bos listkeys servername -cell domainname -noauth
#>pts createuser -name admin -cell domainname -noauth
#>pts adduser admin system:administrators -cell domainname -noauth
#>pts membership admin -cell domainname -noauth
#>bos restart servername -all -cell domainname -noauth
#>bos create -server servername -instance fs -type fs -cmd /usr/lib/openafs/fileserver -cmd /usr/lib/openafs/volserver -cmd /usr/lib/openafs/salvager -cmd /usr/lib/openafs/vlserver -cell domainname -noauth
#>bos status servername fs -long -noauth
#>vos create -server servername -partition /vicepa -name root.afs -cell domainname -noauth
#>bos shutdown servername -wait
#>pkill bosserver
#>/etc/init.d/openafs-fileserver start
#>/etc/init.d/openafs-client start
#>kinit admin && klist
#>aklog && tokens
#>fs checkvolumes
#>fs setacl /afs system:anyuser rl
#>vos create servername /vicepa root.cell
#>fs mkmount /afs/domainname root.cell
#>fs setacl /afs/domainname system:anyuser rl
#>fs mkmount /afs/.domainname root.cell -rw
#>pts creategroup groupname -id -groupname
#>mkdir /afs/domainname/home
foo is the number of the key.
When you've done all this, it's time to add a user; you need a working NSS system for this. To add users, type:
#>adduser --disabled-password
To tell Kerberos and OpenAFS about your new user, type:
#>kadmin.local -q "ank -maxlife 30days username"
#>vos create servername /vicepa username
#>fs mkmount /afs/domainname/home/username username
#>vos release root.cell
#>fs checkvolumes
#>pts createuser username -id userid
#>pts adduser username groupname
#>fs sa /afs/domainname/home/username username all
#>fs setquota /afs/domainname/home/username -max 500000
Now you'll need to set up the /etc/pam.d files. Just play with the configuration files or send me an e-mail; even better, check out the debian-security archives.
Good luck!
Yes, i know there are better installation tutorials like this one, which is really excellent, but look at the references: [1] Installing OpenAFS, http://www.debianplanet.org/node.php?id=816 !!!!
I hope debianplanet will be back soon...