[OpenAFS] OpenAFS 1.2.11 on Gentoo 1.4
Sven Oehme
oehmes@de.ibm.com
Tue, 20 Jan 2004 08:59:27 +0100
This is a multipart message in MIME format.
--=_alternative 002BE0D6C1256E21_=
Content-Type: text/plain; charset="US-ASCII"
Hy Stephen ,
afs is not as easy to install , like other Software :-) or at least the
first time you do it ...
you have to create your Filesystem Volumes , initialize the Userdatabase ,
.....
a good starting point is the following Page -->
http://www.gentoo.org/doc/en/openafs.xml
Sven
-------------------------------------------------------------------------------------------------------------------------
Dept. 8524, TG/SSG EMEA AIS
Development Leader Stonehenge
IBM intranet ---> http://w3.ais.mainz.de.ibm.com/stonehenge/
internet ---> http://www-5.ibm.com/services/de/its/filestore.html
Phone (+49)-6131-84-3151
Fax (+49)-6131-84-6708
Mobil (+49)-171-970-6664
E-Mail : oehmes@de.ibm.com
Stephen Bosch <posting@vodacomm.ca>
Sent by: openafs-info-admin@openafs.org
20.01.2004 08:46
To
Sven Oehme/Germany/IBM@IBMDE
cc
openafs-info@openafs.org, openafs-info-admin@openafs.org
Subject
Re: [OpenAFS] OpenAFS 1.2.11 on Gentoo 1.4
Sven Oehme wrote:
> hy Stephen ,
>
> post your CellServDB and ThisCell and your afs config file (should be
> under /etc/sysconfig/ or /etc/openafs/ )
>
> to what cell you like to connect ?
Hi, Sven:
Thanks for the reply - your message caused me to look at the
/etc/sysconfig/afs again, where I noticed the following lines:
# AFS_CLIENT and AFS_SERVER determine if we should start the client and or
# the bosserver. Possible values are on and off.
AFS_CLIENT=on
AFS_SERVER=off
Obviously if the server is off the client won't run, now will it? I've
changed that to
AFS_CLIENT=on
AFS_SERVER=on
and now, it starts normally. However -- I am now having permissions
problems.
Honestly, the whole access control business confuses me quite a bit. I
am using pam authentication, but I don't know -- do I have to have
identical users in AFS and in /etc/passwd for this to work? I'll show
you what I am getting and I'll include my pam.d/login:
wopr root # /etc/init.d/afs start
Starting AFS services.....
afsd: All AFS daemons started.
wopr root # cd /afs
-bash: cd: /afs: Permission denied
wopr root # mount
/dev/hda2 on / type ext3 (rw)
none on /dev type devfs (rw)
none on /proc type proc (rw)
/dev/hda6 on /usr type ext3 (rw)
/dev/hda7 on /usr/vice/cache type ext3 (rw)
/dev/hda8 on /mnt/storage type ext3 (rw)
/dev/sda1 on /vicepa type ext3 (rw)
/dev/sda6 on /vicepb type ext3 (rw)
none on /dev/shm type tmpfs (rw)
AFS on /afs type afs (rw)
wopr root # /usr/afs/bin/fs setacl /afs system:anyuser rl
fs: You don't have the required access rights on '/afs'
wopr root #
Here's my pam.d/login:
#%PAM-1.0
auth required /lib/security/pam_securetty.so
auth required /lib/security/pam_stack.so service=system-auth
auth required /lib/security/pam_nologin.so
auth sufficient /lib/security/pam_afs.so try_first_pass
ignore_root
account required /lib/security/pam_stack.so service=system-auth
password required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_stack.so service=system-auth
session optional /lib/security/pam_console.so
pam_afs.so is definitely present:
wopr root # cd /lib/security/
wopr security # ls
pam_access.so pam_limits.so pam_stress.so
pam_afs.so pam_listfile.so pam_tally.so
pam_afs.so.1 pam_localuser.so pam_time.so
pam_chroot.so pam_mail.so pam_timestamp.so
pam_console.so pam_mkhomedir.so pam_unix.so
pam_console_apply_devfsd.so pam_motd.so pam_unix_acct.so
pam_cracklib.so pam_nologin.so pam_unix_auth.so
pam_deny.so pam_permit.so pam_unix_passwd.so
pam_env.so pam_pwdb.so pam_unix_session.so
pam_filter pam_radius.so pam_userdb.so
pam_filter.so pam_rhosts_auth.so pam_warn.so
pam_ftp.so pam_rootok.so pam_wheel.so
pam_group.so pam_securetty.so pam_xauth.so
pam_issue.so pam_shells.so
pam_lastlog.so pam_stack.so
wopr security #
(pam_afs.so is a symlink to pam_afs.so.1)
Here are my various CellServDB and ThisCell files:
/usr/vice/etc/CellServDB:
>vodacomm.ca #Cell name
192.168.1.50 #wopr
/usr/vice/etc/ThisCell:
vodacomm.ca
/usr/afs/etc/CellServDB:
>vodacomm.ca #Cell name
192.168.1.50 #wopr
/usr/afs/etc/ThisCell:
vodacomm.ca
Contents of (now revised) /etc/sysconfig/afs
#! /bin/sh
# Copyright 2000, International Business Machines Corporation and others.
# All Rights Reserved.
#
# This software has been released under the terms of the IBM Public
# License. For details, see the LICENSE file in the top-level source
# directory or online at http://www.openafs.org/dl/license10.html
# Configuration information for AFS client
# AFS_CLIENT and AFS_SERVER determine if we should start the client and or
# the bosserver. Possible values are on and off.
AFS_CLIENT=on
AFS_SERVER=on
# AFS client configuration options:
XXLARGE="-stat 4000 -dcache 4000 -daemons 6 -volumes 256 -files 50000"
XLARGE="-stat 3600 -dcache 3600 -daemons 5 -volumes 196 -files 50000"
LARGE="-stat 2800 -dcache 2400 -daemons 5 -volumes 128"
MEDIUM="-stat 2000 -dcache 800 -daemons 3 -volumes 70"
SMALL="-stat 300 -dcache 100 -daemons 2 -volumes 50"
# cachesize and according options are set by /afs/rc.d/init.d/afs
# * if you set CACHESIZE to "AUTOMATIC", it will automatically be chosen
# deduced by parition sizes (does not work if your cache is on / or
/usr)
# * if you set OPTIONS to "AUTOMATIC", the init script will choose a set
# of options based on the cache size
# otherwise the values specified here will be used. So be careful!
# Note: if you leave these as-is, no changes are made.
CACHESIZE=AUTOMATIC
OPTIONS=$XLARGE
# you should never need to change these settings
AFSDIR=/afs
CACHEDIR=/usr/vice/cache
CACHEINFO=/usr/vice/etc/cacheinfo
# Set to "-verbose" for a lot of debugging information from afsd. Only
# useful for debugging as it prints _a lot_ of information.
VERBOSE=
# Sample server preferences function. Set server preferences using this.
# afs_serverprefs() {
# /usr/afsws/etc/fs setserverprefs <host> <rank>
#}
# Either the name of an executable script or a set of commands go here.
# AFS_POST_INIT=afs_serverprefs
AFS_POST_INIT=
---
I feel so close...
Thanks for the help!
-Stephen-
_______________________________________________
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
--=_alternative 002BE0D6C1256E21_=
Content-Type: text/html; charset="US-ASCII"
<br><font size=2 face="sans-serif">Hy Stephen , </font>
<br>
<br><font size=2 face="sans-serif">afs is not as easy to install , like
other Software :-) or at least the first time you do it ...</font>
<br>
<br><font size=2 face="sans-serif">you have to create your Filesystem Volumes
, initialize the Userdatabase , .....</font>
<br><font size=2 face="sans-serif">a good starting point is the following
Page --> http://www.gentoo.org/doc/en/openafs.xml</font>
<br>
<br><font size=2 face="sans-serif">Sven</font>
<br>
<br><font size=2 face="sans-serif">-------------------------------------------------------------------------------------------------------------------------<br>
Dept. 8524, TG/SSG EMEA AIS<br>
Development Leader Stonehenge <br>
IBM intranet ---> http://w3.ais.mainz.de.ibm.com/stonehenge/<br>
internet ---> http://www-5.ibm.com/services/de/its/filestore.html<br>
Phone (+49)-6131-84-3151<br>
Fax (+49)-6131-84-6708<br>
Mobil (+49)-171-970-6664<br>
E-Mail : oehmes@de.ibm.com</font>
<br>
<br>
<br>
<table width=100%>
<tr valign=top>
<td width=40%><font size=1 face="sans-serif"><b>Stephen Bosch <posting@vodacomm.ca></b>
</font>
<br><font size=1 face="sans-serif">Sent by: openafs-info-admin@openafs.org</font>
<p><font size=1 face="sans-serif">20.01.2004 08:46</font>
<td width=59%>
<table width=100%>
<tr>
<td>
<div align=right><font size=1 face="sans-serif">To</font></div>
<td valign=top><font size=1 face="sans-serif">Sven Oehme/Germany/IBM@IBMDE</font>
<tr>
<td>
<div align=right><font size=1 face="sans-serif">cc</font></div>
<td valign=top><font size=1 face="sans-serif">openafs-info@openafs.org,
openafs-info-admin@openafs.org</font>
<tr>
<td>
<div align=right><font size=1 face="sans-serif">Subject</font></div>
<td valign=top><font size=1 face="sans-serif">Re: [OpenAFS] OpenAFS 1.2.11
on Gentoo 1.4</font></table>
<br>
<table>
<tr valign=top>
<td>
<td></table>
<br></table>
<br>
<br>
<br><font size=2><tt>Sven Oehme wrote:<br>
> hy Stephen ,<br>
> <br>
> post your CellServDB and ThisCell and your afs config file (should
be<br>
> under /etc/sysconfig/ or /etc/openafs/ )<br>
> <br>
> to what cell you like to connect ?<br>
<br>
Hi, Sven:<br>
<br>
Thanks for the reply - your message caused me to look at the <br>
/etc/sysconfig/afs again, where I noticed the following lines:<br>
<br>
# AFS_CLIENT and AFS_SERVER determine if we should start the client and
or<br>
# the bosserver. Possible values are on and off.<br>
AFS_CLIENT=on<br>
AFS_SERVER=off<br>
<br>
Obviously if the server is off the client won't run, now will it? I've
<br>
changed that to<br>
<br>
AFS_CLIENT=on<br>
AFS_SERVER=on<br>
<br>
and now, it starts normally. However -- I am now having permissions <br>
problems.<br>
<br>
Honestly, the whole access control business confuses me quite a bit. I
<br>
am using pam authentication, but I don't know -- do I have to have <br>
identical users in AFS and in /etc/passwd for this to work? I'll show <br>
you what I am getting and I'll include my pam.d/login:<br>
<br>
wopr root # /etc/init.d/afs start<br>
Starting AFS services.....<br>
afsd: All AFS daemons started.<br>
wopr root # cd /afs<br>
-bash: cd: /afs: Permission denied<br>
wopr root # mount<br>
/dev/hda2 on / type ext3 (rw)<br>
none on /dev type devfs (rw)<br>
none on /proc type proc (rw)<br>
/dev/hda6 on /usr type ext3 (rw)<br>
/dev/hda7 on /usr/vice/cache type ext3 (rw)<br>
/dev/hda8 on /mnt/storage type ext3 (rw)<br>
/dev/sda1 on /vicepa type ext3 (rw)<br>
/dev/sda6 on /vicepb type ext3 (rw)<br>
none on /dev/shm type tmpfs (rw)<br>
AFS on /afs type afs (rw)<br>
wopr root # /usr/afs/bin/fs setacl /afs system:anyuser rl<br>
fs: You don't have the required access rights on '/afs'<br>
wopr root #<br>
<br>
Here's my pam.d/login:<br>
<br>
#%PAM-1.0<br>
<br>
auth required /lib/security/pam_securetty.so<br>
auth required /lib/security/pam_stack.so
service=system-auth<br>
auth required /lib/security/pam_nologin.so<br>
auth sufficient /lib/security/pam_afs.so try_first_pass
ignore_root<br>
account required /lib/security/pam_stack.so
service=system-auth<br>
<br>
password required /lib/security/pam_stack.so service=system-auth<br>
<br>
session required /lib/security/pam_stack.so
service=system-auth<br>
session optional /lib/security/pam_console.so<br>
<br>
pam_afs.so is definitely present:<br>
wopr root # cd /lib/security/<br>
wopr security # ls<br>
pam_access.so pam_limits.so
pam_stress.so<br>
pam_afs.so
pam_listfile.so pam_tally.so<br>
pam_afs.so.1 pam_localuser.so
pam_time.so<br>
pam_chroot.so pam_mail.so
pam_timestamp.so<br>
pam_console.so pam_mkhomedir.so
pam_unix.so<br>
pam_console_apply_devfsd.so pam_motd.so
pam_unix_acct.so<br>
pam_cracklib.so pam_nologin.so
pam_unix_auth.so<br>
pam_deny.so pam_permit.so
pam_unix_passwd.so<br>
pam_env.so
pam_pwdb.so pam_unix_session.so<br>
pam_filter
pam_radius.so pam_userdb.so<br>
pam_filter.so pam_rhosts_auth.so
pam_warn.so<br>
pam_ftp.so
pam_rootok.so pam_wheel.so<br>
pam_group.so pam_securetty.so
pam_xauth.so<br>
pam_issue.so pam_shells.so<br>
pam_lastlog.so pam_stack.so<br>
wopr security #<br>
<br>
(pam_afs.so is a symlink to pam_afs.so.1)<br>
<br>
<br>
Here are my various CellServDB and ThisCell files:<br>
<br>
/usr/vice/etc/CellServDB:<br>
>vodacomm.ca #Cell name<br>
192.168.1.50 #wopr<br>
<br>
/usr/vice/etc/ThisCell:<br>
vodacomm.ca<br>
<br>
/usr/afs/etc/CellServDB:<br>
>vodacomm.ca #Cell name<br>
192.168.1.50 #wopr<br>
<br>
/usr/afs/etc/ThisCell:<br>
vodacomm.ca<br>
<br>
Contents of (now revised) /etc/sysconfig/afs<br>
#! /bin/sh<br>
# Copyright 2000, International Business Machines Corporation and others.<br>
# All Rights Reserved.<br>
#<br>
# This software has been released under the terms of the IBM Public<br>
# License. For details, see the LICENSE file in the top-level source<br>
# directory or online at http://www.openafs.org/dl/license10.html<br>
<br>
# Configuration information for AFS client<br>
<br>
# AFS_CLIENT and AFS_SERVER determine if we should start the client and
or<br>
# the bosserver. Possible values are on and off.<br>
AFS_CLIENT=on<br>
AFS_SERVER=on<br>
<br>
# AFS client configuration options:<br>
XXLARGE="-stat 4000 -dcache 4000 -daemons 6 -volumes 256 -files 50000"<br>
XLARGE="-stat 3600 -dcache 3600 -daemons 5 -volumes 196 -files 50000"<br>
LARGE="-stat 2800 -dcache 2400 -daemons 5 -volumes 128"<br>
MEDIUM="-stat 2000 -dcache 800 -daemons 3 -volumes 70"<br>
SMALL="-stat 300 -dcache 100 -daemons 2 -volumes 50"<br>
<br>
# cachesize and according options are set by /afs/rc.d/init.d/afs<br>
# * if you set CACHESIZE to "AUTOMATIC", it will automatically
be chosen<br>
# deduced by parition sizes (does not work if your cache
is on / or <br>
/usr)<br>
# * if you set OPTIONS to "AUTOMATIC", the init script
will choose a set<br>
# of options based on the cache size<br>
# otherwise the values specified here will be used. So be careful!<br>
# Note: if you leave these as-is, no changes are made.<br>
CACHESIZE=AUTOMATIC<br>
OPTIONS=$XLARGE<br>
<br>
# you should never need to change these settings<br>
AFSDIR=/afs<br>
CACHEDIR=/usr/vice/cache<br>
CACHEINFO=/usr/vice/etc/cacheinfo<br>
<br>
# Set to "-verbose" for a lot of debugging information from afsd.
Only<br>
# useful for debugging as it prints _a lot_ of information.<br>
VERBOSE=<br>
<br>
# Sample server preferences function. Set server preferences using this.<br>
# afs_serverprefs() {<br>
# /usr/afsws/etc/fs setserverprefs <host> <rank><br>
#}<br>
<br>
# Either the name of an executable script or a set of commands go here.<br>
# AFS_POST_INIT=afs_serverprefs<br>
AFS_POST_INIT=<br>
<br>
---<br>
<br>
I feel so close...<br>
<br>
Thanks for the help!<br>
<br>
-Stephen-<br>
<br>
<br>
<br>
<br>
_______________________________________________<br>
OpenAFS-info mailing list<br>
OpenAFS-info@openafs.org<br>
https://lists.openafs.org/mailman/listinfo/openafs-info<br>
</tt></font>
<br>
--=_alternative 002BE0D6C1256E21_=--