Jul 18, 2008

Openafs on Debian (Configuration)

A few days ago a friend asked me, how to install openafs on a Debian Linux. I told him, that he just has to follow my article on www.debianplanet.org...
But on www.debianplanet.org he only got the following information:
Temporarily removed due to spammers, read-only archive version will be back after reconfiguration.

OpenAFS Logo
So i searched in my files and finally i found my article:
Submitted by dschroff on Friday, November 01, 2002 - 23:59

Here the content:

This is a quick and dirty rundown of how to install OpenAFS and Kerberos 5 and get it all working. OpenAFS is a pretty advanced and rockin' distributed filesyste; for more information, check out openafs.org.
As an absolute minimum, you'll need to install the following packages:


If you're running a server, you'll also need to install the following packages.


Secondly, you'll need to set Kerberos up. Read and follow the instructions in /usr/share/doc/krb5-doc/install-guide.ps.gz and create a user called admin.
After this, you'll need to build the OpenAFS module. Extract the /usr/src/openafs.tar.gz file and
read /usr/src/modules/openafs/debian/README.modules; this will create the package and tell you how to install it.
After you're built OpenAFS, you'll need to configure this. First, edit /etc/openafs/ThisCell to set your domain name, then edit /etc/openafs/CellServDB, and add your server and domain. Copy these files to /etc/openafs/server and create a partition /vicepa for the data with a filesystem of your choice.
On the server, type:

#>kadmin.local -q "ank -randkey afs"
#>kadmin.local -q "ktadd -e des-cbc-crc:afs3 -k /etc/krb5.keytab.afs afs"
#>asetkey add foo /etc/krb5.keytab.afs afs
#>bosserver -noauth &
#>bos listhosts servername -noauth
#>bos create -server servername -instance ptserver -type simple -cmd /usr/lib/openafs/ptserver -cell domainname -noauth
#>bos adduser servername admin -cell domainname -noauth
#>bos listkeys servername -cell domainname -noauth
#>pts createuser -name admin -cell domainname -noauth
#>pts adduser admin system:administrators -cell domainname -noauth
#>pts membership admin -cell domainname -noauth
#>bos restart servername -all -cell domainname -noauth
#>bos create -server servername -instance fs -type fs -cmd /usr/lib/openafs/fileserver -cmd /usr/lib/openafs/volserver -cmd /usr/lib/openafs/salvager -cmd /usr/lib/openafs/vlserver -cell domainname -noauth
#>bos status servername fs -long -noauth
#>vos create -server servername -partition /vicepa -name root.afs -cell domainname -noauth
#>bos shutdown servername -wait
#>pkill bosserver
#>/etc/init.d/openafs-fileserver start
#>/etc/init.d/openafs-client start
#>kinit admin && klist
#>aklog && tokens
#>fs checkvolumes
#>fs setacl /afs system:anyuser rl
#>vos create servername /vicepa root.cell
#>fs mkmount /afs/domainname root.cell
#>fs setacl /afs/domainname system:anyuser rl
#>fs mkmount /afs/.domainname root.cell -rw
#>pts creategroup groupname -id -groupname
#>mkdir /afs/domainname/home

foo is the number of the key.
When you've done all this, it's time to add a user; you need a working NSS system for this. To add users, type:

#>adduser --disabled-password

To tell Kerberos and OpenAFS about your new user, type:

#>kadmin.local -q "ank -maxlife 30days username"
#>vos create servername /vicepa username
#>fs mkmount /afs/domainname/home/username username
#>vos release root.cell
#>fs checkvolumes
#>pts createuser username -id userid
#>pts adduser username groupname
#>fs sa /afs/domainname/home/username username all
#>fs setquota /afs/domainname/home/username -max 500000

Now you'll need to set up the /etc/pam.d files. Just play with the configuration files or send me an e-mail; even better, check out the debian-security archives.
Good luck!

Yes, i know there are better installation tutorials like this one, which is really excellent, but look at the references: [1] Installing OpenAFS, http://www.debianplanet.org/node.php?id=816 !!!!
I hope debianplanet will be back soon...

1 comment:

  1. Here a few line for adding additional fileservers into an afs-cell
    1. Install openafs-fileserver and openafs-dbserver
    1b. Doing asetkey....
    1c. Edit /etc/openafs/server/CellServDB
    1d. Create /etc/openafs/server/UserList with an entry: admin
    2. /etc/init.d/openafs-fileserver start
    Next Point only, if this is a database machine!
    3. "bos create -server servername2 -instance ptserver -type simple -cmd /usr/lib/openafs/ptserver -cell domainname"
    4a. "bos create -server servername2 -instance fs -type fs -cmd /usr/lib/openafs/fileserver -cmd /usr/lib/openafs/volserver -cmd /usr/lib/openafs/salvager -cell domainname
    4b. "/etc/init.d/openafs-fileserver stop" ".... start"
    5. "vos create servername2 /vicepa volumename ...." & "fs mkmount ....."