[OpenAFS] New Cell on debian with krb5 and afs-newcell script

Frank Burkhardt fbo2@gmx.net
Fri, 15 Jul 2005 13:42:43 +0200 

Hi Lars,

On Wed, Jul 13, 2005 at 02:02:00PM +0200, Lars Schimmer wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hi!
> 
> I just setup a new cell on debian using the scripts in the package.
> For all: it was NOT as easy as just running the scripts.
> First: in the afs-newcell I added a line to add the IP to the server/CellServDB.
> Without that entry, bos couldn't find the local server.
> After that Script in the server dir of preferences the CellServDB and ThisCell
> was on localcell, maybe Ok, but I changed it to the real data.
> And for debian specific: I told the openafs-client not to start while debconf
> installed it. That has to be changed after running that script, or the
> afs-rootvol didn't run.
> OK, I managed to entry a user without the /admin tab from krb5 as afs-admin, so
> I had problems getting admin token...
> 
> Everything is real annoying, still after 1 year experience with OpenAFS.
> But you won't start a new cell in every day, or?

You might want to have a look at InstantAFS

 http://fbo.no-ip.org/cgi-bin/twiki/view/Instantafs/WebHome

InstantAFS is a set of Scripts, Perl-Modules, printable Documentation and
lots of backported/modified packages incl. prepackaged linux-kernels. I'm
using it to maintain the AFS cell at a Max Planck Institute in Leipzig,
Germany. At the request of my employer - printable documentation and the
homepage is german only but the libraries/scripts are documented in english.

There's a script 'instantafs.setup' which should setup a working AFS-cell
(incl MIT-Kerberos5, DNS, NTP, Samba-Gateway, User-management, "virtual
Tape"-Backup, example AFS-users, RPC-infrastructure and a special
NSS-service (*) ) by entering the important information into some
"dialog"-dialogs.

(*) libnss-ptdb - a libc-nss-plugin which gets user/uid/homedir-information
from PTDB directly

I didn't have that much time recently so I don't know if the setup-script is
still working perfectly (I don't start that much cells a day, too ;-) ). It
is intended to run on Debian Woody, Sarge and Sid.

Regards,

Frank