[OpenAFS] OpenAFS 1.2.11 on Gentoo 1.4

Sven Oehme oehmes@de.ibm.com
Tue, 20 Jan 2004 08:59:27 +0100


This is a multipart message in MIME format.
--=_alternative 002BE0D6C1256E21_=
Content-Type: text/plain; charset="US-ASCII"

Hy Stephen , 

afs is not as easy to install , like other Software :-) or at least the 
first time you do it ...

you have to create your Filesystem Volumes , initialize the Userdatabase , 
.....
a good starting point is the following Page --> 
http://www.gentoo.org/doc/en/openafs.xml

Sven

-------------------------------------------------------------------------------------------------------------------------
Dept. 8524,  TG/SSG EMEA AIS
Development Leader Stonehenge 
IBM intranet ---> http://w3.ais.mainz.de.ibm.com/stonehenge/
internet ---> http://www-5.ibm.com/services/de/its/filestore.html
Phone (+49)-6131-84-3151
Fax      (+49)-6131-84-6708
Mobil   (+49)-171-970-6664
E-Mail : oehmes@de.ibm.com



Stephen Bosch <posting@vodacomm.ca> 
Sent by: openafs-info-admin@openafs.org
20.01.2004 08:46

To
Sven Oehme/Germany/IBM@IBMDE
cc
openafs-info@openafs.org, openafs-info-admin@openafs.org
Subject
Re: [OpenAFS] OpenAFS 1.2.11 on Gentoo 1.4






Sven Oehme wrote:
> hy Stephen ,
> 
> post your CellServDB and ThisCell  and your afs config file (should be
> under /etc/sysconfig/ or /etc/openafs/ )
> 
> to what cell you like to connect ?

Hi, Sven:

Thanks for the reply - your message caused me to look at the 
/etc/sysconfig/afs again, where I noticed the following lines:

# AFS_CLIENT and AFS_SERVER determine if we should start the client and or
# the bosserver. Possible values are on and off.
AFS_CLIENT=on
AFS_SERVER=off

Obviously if the server is off the client won't run, now will it? I've 
changed that to

AFS_CLIENT=on
AFS_SERVER=on

and now, it starts normally. However -- I am now having permissions 
problems.

Honestly, the whole access control business confuses me quite a bit. I 
am using pam authentication, but I don't know -- do I have to have 
identical users in AFS and in /etc/passwd for this to work? I'll show 
you what I am getting and I'll include my pam.d/login:

wopr root # /etc/init.d/afs start
Starting AFS services.....
afsd: All AFS daemons started.
wopr root # cd /afs
-bash: cd: /afs: Permission denied
wopr root # mount
/dev/hda2 on / type ext3 (rw)
none on /dev type devfs (rw)
none on /proc type proc (rw)
/dev/hda6 on /usr type ext3 (rw)
/dev/hda7 on /usr/vice/cache type ext3 (rw)
/dev/hda8 on /mnt/storage type ext3 (rw)
/dev/sda1 on /vicepa type ext3 (rw)
/dev/sda6 on /vicepb type ext3 (rw)
none on /dev/shm type tmpfs (rw)
AFS on /afs type afs (rw)
wopr root # /usr/afs/bin/fs setacl /afs system:anyuser rl
fs: You don't have the required access rights on '/afs'
wopr root #

Here's my pam.d/login:

#%PAM-1.0

auth       required     /lib/security/pam_securetty.so
auth       required     /lib/security/pam_stack.so service=system-auth
auth       required     /lib/security/pam_nologin.so
auth       sufficient   /lib/security/pam_afs.so try_first_pass 
ignore_root
account    required     /lib/security/pam_stack.so service=system-auth

password   required     /lib/security/pam_stack.so service=system-auth

session    required     /lib/security/pam_stack.so service=system-auth
session    optional     /lib/security/pam_console.so

pam_afs.so is definitely present:
wopr root # cd /lib/security/
wopr security # ls
pam_access.so                pam_limits.so       pam_stress.so
pam_afs.so                   pam_listfile.so     pam_tally.so
pam_afs.so.1                 pam_localuser.so    pam_time.so
pam_chroot.so                pam_mail.so         pam_timestamp.so
pam_console.so               pam_mkhomedir.so    pam_unix.so
pam_console_apply_devfsd.so  pam_motd.so         pam_unix_acct.so
pam_cracklib.so              pam_nologin.so      pam_unix_auth.so
pam_deny.so                  pam_permit.so       pam_unix_passwd.so
pam_env.so                   pam_pwdb.so         pam_unix_session.so
pam_filter                   pam_radius.so       pam_userdb.so
pam_filter.so                pam_rhosts_auth.so  pam_warn.so
pam_ftp.so                   pam_rootok.so       pam_wheel.so
pam_group.so                 pam_securetty.so    pam_xauth.so
pam_issue.so                 pam_shells.so
pam_lastlog.so               pam_stack.so
wopr security #

(pam_afs.so is a symlink to pam_afs.so.1)


Here are my various CellServDB and ThisCell files:

/usr/vice/etc/CellServDB:
 >vodacomm.ca    #Cell name
192.168.1.50    #wopr

/usr/vice/etc/ThisCell:
vodacomm.ca

/usr/afs/etc/CellServDB:
 >vodacomm.ca    #Cell name
192.168.1.50    #wopr

/usr/afs/etc/ThisCell:
vodacomm.ca

Contents of (now revised) /etc/sysconfig/afs
#! /bin/sh
# Copyright 2000, International Business Machines Corporation and others.
# All Rights Reserved.
#
# This software has been released under the terms of the IBM Public
# License.  For details, see the LICENSE file in the top-level source
# directory or online at http://www.openafs.org/dl/license10.html

# Configuration information for AFS client

# AFS_CLIENT and AFS_SERVER determine if we should start the client and or
# the bosserver. Possible values are on and off.
AFS_CLIENT=on
AFS_SERVER=on

# AFS client configuration options:
XXLARGE="-stat 4000 -dcache 4000 -daemons 6 -volumes 256 -files 50000"
XLARGE="-stat 3600 -dcache 3600 -daemons 5 -volumes 196 -files 50000"
LARGE="-stat 2800 -dcache 2400 -daemons 5 -volumes 128"
MEDIUM="-stat 2000 -dcache 800 -daemons 3 -volumes 70"
SMALL="-stat 300 -dcache 100 -daemons 2 -volumes 50"

# cachesize and according options are set by /afs/rc.d/init.d/afs
#   * if you set CACHESIZE to "AUTOMATIC", it will automatically be chosen
#     deduced by parition sizes (does not work if your cache is on / or 
/usr)
#   * if you set OPTIONS to "AUTOMATIC", the init script will choose a set
#     of options based on the cache size
# otherwise the values specified here will be used. So be careful!
# Note: if you leave these as-is, no changes are made.
CACHESIZE=AUTOMATIC
OPTIONS=$XLARGE

# you should never need to change these settings
AFSDIR=/afs
CACHEDIR=/usr/vice/cache
CACHEINFO=/usr/vice/etc/cacheinfo

# Set to "-verbose" for a lot of debugging information from afsd. Only
# useful for debugging as it prints _a lot_ of information.
VERBOSE=

# Sample server preferences function. Set server preferences using this.
# afs_serverprefs() {
#    /usr/afsws/etc/fs setserverprefs <host> <rank>
#}

# Either the name of an executable script or a set of commands go here.
# AFS_POST_INIT=afs_serverprefs
AFS_POST_INIT=

---

I feel so close...

Thanks for the help!

-Stephen-




_______________________________________________
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info


--=_alternative 002BE0D6C1256E21_=
Content-Type: text/html; charset="US-ASCII"


<br><font size=2 face="sans-serif">Hy Stephen , </font>
<br>
<br><font size=2 face="sans-serif">afs is not as easy to install , like
other Software :-) or at least the first time you do it ...</font>
<br>
<br><font size=2 face="sans-serif">you have to create your Filesystem Volumes
, initialize the Userdatabase , .....</font>
<br><font size=2 face="sans-serif">a good starting point is the following
Page --&gt; http://www.gentoo.org/doc/en/openafs.xml</font>
<br>
<br><font size=2 face="sans-serif">Sven</font>
<br>
<br><font size=2 face="sans-serif">-------------------------------------------------------------------------------------------------------------------------<br>
Dept. 8524, &nbsp;TG/SSG EMEA AIS<br>
Development Leader Stonehenge <br>
IBM intranet ---&gt; http://w3.ais.mainz.de.ibm.com/stonehenge/<br>
internet ---&gt; http://www-5.ibm.com/services/de/its/filestore.html<br>
Phone (+49)-6131-84-3151<br>
Fax &nbsp; &nbsp; &nbsp;(+49)-6131-84-6708<br>
Mobil &nbsp; (+49)-171-970-6664<br>
E-Mail : oehmes@de.ibm.com</font>
<br>
<br>
<br>
<table width=100%>
<tr valign=top>
<td width=40%><font size=1 face="sans-serif"><b>Stephen Bosch &lt;posting@vodacomm.ca&gt;</b>
</font>
<br><font size=1 face="sans-serif">Sent by: openafs-info-admin@openafs.org</font>
<p><font size=1 face="sans-serif">20.01.2004 08:46</font>
<td width=59%>
<table width=100%>
<tr>
<td>
<div align=right><font size=1 face="sans-serif">To</font></div>
<td valign=top><font size=1 face="sans-serif">Sven Oehme/Germany/IBM@IBMDE</font>
<tr>
<td>
<div align=right><font size=1 face="sans-serif">cc</font></div>
<td valign=top><font size=1 face="sans-serif">openafs-info@openafs.org,
openafs-info-admin@openafs.org</font>
<tr>
<td>
<div align=right><font size=1 face="sans-serif">Subject</font></div>
<td valign=top><font size=1 face="sans-serif">Re: [OpenAFS] OpenAFS 1.2.11
on Gentoo 1.4</font></table>
<br>
<table>
<tr valign=top>
<td>
<td></table>
<br></table>
<br>
<br>
<br><font size=2><tt>Sven Oehme wrote:<br>
&gt; hy Stephen ,<br>
&gt; <br>
&gt; post your CellServDB and ThisCell &nbsp;and your afs config file (should
be<br>
&gt; under /etc/sysconfig/ or /etc/openafs/ )<br>
&gt; <br>
&gt; to what cell you like to connect ?<br>
<br>
Hi, Sven:<br>
<br>
Thanks for the reply - your message caused me to look at the <br>
/etc/sysconfig/afs again, where I noticed the following lines:<br>
<br>
# AFS_CLIENT and AFS_SERVER determine if we should start the client and
or<br>
# the bosserver. Possible values are on and off.<br>
AFS_CLIENT=on<br>
AFS_SERVER=off<br>
<br>
Obviously if the server is off the client won't run, now will it? I've
<br>
changed that to<br>
<br>
AFS_CLIENT=on<br>
AFS_SERVER=on<br>
<br>
and now, it starts normally. However -- I am now having permissions <br>
problems.<br>
<br>
Honestly, the whole access control business confuses me quite a bit. I
<br>
am using pam authentication, but I don't know -- do I have to have <br>
identical users in AFS and in /etc/passwd for this to work? I'll show <br>
you what I am getting and I'll include my pam.d/login:<br>
<br>
wopr root # /etc/init.d/afs start<br>
Starting AFS services.....<br>
afsd: All AFS daemons started.<br>
wopr root # cd /afs<br>
-bash: cd: /afs: Permission denied<br>
wopr root # mount<br>
/dev/hda2 on / type ext3 (rw)<br>
none on /dev type devfs (rw)<br>
none on /proc type proc (rw)<br>
/dev/hda6 on /usr type ext3 (rw)<br>
/dev/hda7 on /usr/vice/cache type ext3 (rw)<br>
/dev/hda8 on /mnt/storage type ext3 (rw)<br>
/dev/sda1 on /vicepa type ext3 (rw)<br>
/dev/sda6 on /vicepb type ext3 (rw)<br>
none on /dev/shm type tmpfs (rw)<br>
AFS on /afs type afs (rw)<br>
wopr root # /usr/afs/bin/fs setacl /afs system:anyuser rl<br>
fs: You don't have the required access rights on '/afs'<br>
wopr root #<br>
<br>
Here's my pam.d/login:<br>
<br>
#%PAM-1.0<br>
<br>
auth &nbsp; &nbsp; &nbsp; required &nbsp; &nbsp; /lib/security/pam_securetty.so<br>
auth &nbsp; &nbsp; &nbsp; required &nbsp; &nbsp; /lib/security/pam_stack.so
service=system-auth<br>
auth &nbsp; &nbsp; &nbsp; required &nbsp; &nbsp; /lib/security/pam_nologin.so<br>
auth &nbsp; &nbsp; &nbsp; sufficient &nbsp; /lib/security/pam_afs.so try_first_pass
ignore_root<br>
account &nbsp; &nbsp;required &nbsp; &nbsp; /lib/security/pam_stack.so
service=system-auth<br>
<br>
password &nbsp; required &nbsp; &nbsp; /lib/security/pam_stack.so service=system-auth<br>
<br>
session &nbsp; &nbsp;required &nbsp; &nbsp; /lib/security/pam_stack.so
service=system-auth<br>
session &nbsp; &nbsp;optional &nbsp; &nbsp; /lib/security/pam_console.so<br>
<br>
pam_afs.so is definitely present:<br>
wopr root # cd /lib/security/<br>
wopr security # ls<br>
pam_access.so &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;pam_limits.so
&nbsp; &nbsp; &nbsp; pam_stress.so<br>
pam_afs.so &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
pam_listfile.so &nbsp; &nbsp; pam_tally.so<br>
pam_afs.so.1 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; pam_localuser.so
&nbsp; &nbsp;pam_time.so<br>
pam_chroot.so &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;pam_mail.so
&nbsp; &nbsp; &nbsp; &nbsp; pam_timestamp.so<br>
pam_console.so &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; pam_mkhomedir.so
&nbsp; &nbsp;pam_unix.so<br>
pam_console_apply_devfsd.so &nbsp;pam_motd.so &nbsp; &nbsp; &nbsp; &nbsp;
pam_unix_acct.so<br>
pam_cracklib.so &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;pam_nologin.so
&nbsp; &nbsp; &nbsp;pam_unix_auth.so<br>
pam_deny.so &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;pam_permit.so
&nbsp; &nbsp; &nbsp; pam_unix_passwd.so<br>
pam_env.so &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
pam_pwdb.so &nbsp; &nbsp; &nbsp; &nbsp; pam_unix_session.so<br>
pam_filter &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
pam_radius.so &nbsp; &nbsp; &nbsp; pam_userdb.so<br>
pam_filter.so &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;pam_rhosts_auth.so
&nbsp;pam_warn.so<br>
pam_ftp.so &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;
pam_rootok.so &nbsp; &nbsp; &nbsp; pam_wheel.so<br>
pam_group.so &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; pam_securetty.so
&nbsp; &nbsp;pam_xauth.so<br>
pam_issue.so &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; pam_shells.so<br>
pam_lastlog.so &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; pam_stack.so<br>
wopr security #<br>
<br>
(pam_afs.so is a symlink to pam_afs.so.1)<br>
<br>
<br>
Here are my various CellServDB and ThisCell files:<br>
<br>
/usr/vice/etc/CellServDB:<br>
 &gt;vodacomm.ca &nbsp; &nbsp;#Cell name<br>
192.168.1.50 &nbsp; &nbsp;#wopr<br>
<br>
/usr/vice/etc/ThisCell:<br>
vodacomm.ca<br>
<br>
/usr/afs/etc/CellServDB:<br>
 &gt;vodacomm.ca &nbsp; &nbsp;#Cell name<br>
192.168.1.50 &nbsp; &nbsp;#wopr<br>
<br>
/usr/afs/etc/ThisCell:<br>
vodacomm.ca<br>
<br>
Contents of (now revised) /etc/sysconfig/afs<br>
#! /bin/sh<br>
# Copyright 2000, International Business Machines Corporation and others.<br>
# All Rights Reserved.<br>
#<br>
# This software has been released under the terms of the IBM Public<br>
# License. &nbsp;For details, see the LICENSE file in the top-level source<br>
# directory or online at http://www.openafs.org/dl/license10.html<br>
<br>
# Configuration information for AFS client<br>
<br>
# AFS_CLIENT and AFS_SERVER determine if we should start the client and
or<br>
# the bosserver. Possible values are on and off.<br>
AFS_CLIENT=on<br>
AFS_SERVER=on<br>
<br>
# AFS client configuration options:<br>
XXLARGE=&quot;-stat 4000 -dcache 4000 -daemons 6 -volumes 256 -files 50000&quot;<br>
XLARGE=&quot;-stat 3600 -dcache 3600 -daemons 5 -volumes 196 -files 50000&quot;<br>
LARGE=&quot;-stat 2800 -dcache 2400 -daemons 5 -volumes 128&quot;<br>
MEDIUM=&quot;-stat 2000 -dcache 800 -daemons 3 -volumes 70&quot;<br>
SMALL=&quot;-stat 300 -dcache 100 -daemons 2 -volumes 50&quot;<br>
<br>
# cachesize and according options are set by /afs/rc.d/init.d/afs<br>
# &nbsp; * if you set CACHESIZE to &quot;AUTOMATIC&quot;, it will automatically
be chosen<br>
# &nbsp; &nbsp; deduced by parition sizes (does not work if your cache
is on / or <br>
/usr)<br>
# &nbsp; * if you set OPTIONS to &quot;AUTOMATIC&quot;, the init script
will choose a set<br>
# &nbsp; &nbsp; of options based on the cache size<br>
# otherwise the values specified here will be used. So be careful!<br>
# Note: if you leave these as-is, no changes are made.<br>
CACHESIZE=AUTOMATIC<br>
OPTIONS=$XLARGE<br>
<br>
# you should never need to change these settings<br>
AFSDIR=/afs<br>
CACHEDIR=/usr/vice/cache<br>
CACHEINFO=/usr/vice/etc/cacheinfo<br>
<br>
# Set to &quot;-verbose&quot; for a lot of debugging information from afsd.
Only<br>
# useful for debugging as it prints _a lot_ of information.<br>
VERBOSE=<br>
<br>
# Sample server preferences function. Set server preferences using this.<br>
# afs_serverprefs() {<br>
# &nbsp; &nbsp;/usr/afsws/etc/fs setserverprefs &lt;host&gt; &lt;rank&gt;<br>
#}<br>
<br>
# Either the name of an executable script or a set of commands go here.<br>
# AFS_POST_INIT=afs_serverprefs<br>
AFS_POST_INIT=<br>
<br>
---<br>
<br>
I feel so close...<br>
<br>
Thanks for the help!<br>
<br>
-Stephen-<br>
<br>
<br>
<br>
<br>
_______________________________________________<br>
OpenAFS-info mailing list<br>
OpenAFS-info@openafs.org<br>
https://lists.openafs.org/mailman/listinfo/openafs-info<br>
</tt></font>
<br>
--=_alternative 002BE0D6C1256E21_=--