[OpenAFS] Initial server setup again
Martin Lütken
mlu@danware.dk
Fri, 20 Apr 2007 23:49:14 +0200
This is a multi-part message in MIME format.
------_=_NextPart_001_01C78395.BD070C77
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Hi again
Still trying to set op the OpenAFS server with Kerberos.
A few questions:
- Is a problem to have all kadmin, kdc, openafs server, and open =
afsclient=20
on same machine? Easier if I can very fy the server setup of =
kerberos/openafs,=20
on just one machine.
- I have gotten to the part in your "krb5Scripts.txt" file with haedline
"Create an AFS principal in the Kerberos database. Call it:"
Ok then I do that but when I come to "asetkey list" command to list my
AFS KeyFile, it seems I have no such keyfile. How can I create that ?
- I got your fine "afs-client" script along with the aliases "startc", =
"stopc"
to work fine. But what do I need to have set up before trying to =
invoke=20
"afs-server". But perhaps it's the very final step :-) ?
My kdc.conf, kadm5.acl and krb5.conf files currently look like this:
-- kdc.conf --
[kdcdefaults]
acl_file =3D /var/lib/kerberos/krb5kdc/kadm5.acl
dict_file =3D /usr/share/dict/words
admin_keytab =3D /var/lib/kerberos/krb5kdc/kadm5.keytab
v4_mode =3D nopreauth
[realms]
DELTA.LOCAL =3D {
master_key_type =3D des-cbc-crc
supported_enctypes =3D arcfour-hmac:normal arcfour-hmac:norealm =
arcfour-hmac:onlyrealm des3-hmac-sha1:normal des-hmac-sha1:normal =
des-cbc-md5:normal des-cbc-crc:normal des-cbc-crc:v4 des-cbc-crc:afs3
}
-- kadm5.acl --
*/admin@DELTA.LOCAL *
root/*@DELTA.LOCAL *
ml@DELTA.LOCAL ADMCIL
ml/*@DELTA.LOCAL il */root@DELTA.LOCAL
*@DELTA.LOCAL cil *1/admin@DELTA.LOCAL
*/*@DELTA.LOCAL i
-- krb5.conf --
[logging]
default =3D FILE:/var/log/krb5/krb5libs.log
kdc =3D FILE:/var/log/krb5/krb5kdc.log
admin_server =3D FILE:/var/log/krb5/kadmind.log
[libdefaults]
ticket_lifetime =3D 24000
default_realm =3D DELTA.LOCAL
dns_lookup_realm =3D false
dns_lookup_kdc =3D false
[realms]
DELTA.LOCAL =3D {
kdc =3D afs1.delta.local:88
admin_server =3D afs1.delta.local:749
default_domain =3D delta.local
}
[domain_realm]
.delta.local =3D DELTA.LOCAL
delta.local =3D DELTA.LOCAL
[kdc]
profile =3D /var/lib/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam =3D {
debug =3D false
ticket_lifetime =3D 36000
renew_lifetime =3D 36000
forwardable =3D true
krb4_convert =3D false
}
afs_krb5 =3D {
DELTA.LOCAL =3D {
afs =3D false
}
}
------------------
-Regards Martin L=FCtken
-----Original Message-----
From: ted creedon [mailto:tcreedon@easystreet.com]
Sent: Mon 4/2/2007 4:18 PM
To: Martin L=FCtken
Subject: RE: [OpenAFS] Initial server setup
=20
/usr/vice/cache is a directory under /usr/vice along with /usr/vice/etc, =
and
/vicepa should be on the same drive for small systems (e.g. /usr/vice is
/dev/sda1 and /vicepa is /dev/sda2)
=20
You want /usr/vice/etc preserved in case you unplug the drives and =
relocate
them en-masse to another box. That way you don't have to set anything up =
-
in fact I'd recommend putting /usr/afs on its own partition, say =
/dev/sda3,
so all of afs moves with /dev/sda. That's why I use the scripts to set =
up
trial afs systems, takes about 5 minutes for a total re-do.
=20
There's no hard and fast rule, except that the /vicepxx's be on =
individual
partitions.
=20
Roll your own.
=20
Tedc
=20
_____ =20
From: Martin L=FCtken [mailto:mlu@danware.dk]=20
Sent: Monday, April 02, 2007 3:40 AM
To: tcreedon@easystreet.com
Cc: melvin.wong@muvee.com
Subject: Re: [OpenAFS] Initial server setup
=20
ted creedon wrote:=20
PS if you make a new opensuse system use ext3 filesystems and make a
partition:
=20
/usr/afs 1gig #client cache
/vicepa however many gig you want , I use 250gig #server volumes and =
data
=20
This way if you blow the os away, you'll probably be able to save the =
client
and server data
I created the /usr/afs partition, but it seems to me that we directed =
the
cache to /usr/vice/cache ?
Should I instead have created the /usr/vice as a seperate partition?
-Martin
=20
_____ =20
From: openafs-info-admin
@openafs.org [mailto:openafs-info-admin@openafs.org] On Behalf Of Martin
L=FCtken
Sent: Tuesday, March 20, 2007 8:40 AM
To: openafs-info@openafs.org
Subject: Re: [OpenAFS] Initial server setup
=20
=20
=20
------_=_NextPart_001_01C78395.BD070C77
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Diso-8859-1">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
6.5.7651.59">
<TITLE>Initial server setup again</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/plain format -->
<P><FONT SIZE=3D2>Hi again<BR>
<BR>
Still trying to set op the OpenAFS server with Kerberos.<BR>
A few questions:<BR>
- Is a problem to have all kadmin, kdc, openafs server, and open =
afsclient<BR>
on same machine? Easier if I can very fy the server setup of =
kerberos/openafs,<BR>
on just one machine.<BR>
<BR>
- I have gotten to the part in your "krb5Scripts.txt" file =
with haedline<BR>
"Create an AFS principal in the Kerberos database. =
Call it:"<BR>
Ok then I do that but when I come to "asetkey list" =
command to list my<BR>
AFS KeyFile, it seems I have no such keyfile. How can I create =
that ?<BR>
<BR>
- I got your fine "afs-client" script along with the aliases =
"startc", "stopc"<BR>
to work fine. But what do I need to have set up before trying to =
invoke<BR>
"afs-server". But perhaps it's the very final step :-) =
?<BR>
<BR>
<BR>
My kdc.conf, kadm5.acl and krb5.conf files currently look like this:<BR>
<BR>
-- kdc.conf --<BR>
[kdcdefaults]<BR>
acl_file =3D /var/lib/kerberos/krb5kdc/kadm5.acl<BR>
dict_file =3D /usr/share/dict/words<BR>
admin_keytab =3D /var/lib/kerberos/krb5kdc/kadm5.keytab<BR>
v4_mode =3D nopreauth<BR>
<BR>
[realms]<BR>
DELTA.LOCAL =3D {<BR>
master_key_type =3D des-cbc-crc<BR>
supported_enctypes =3D arcfour-hmac:normal arcfour-hmac:norealm =
arcfour-hmac:onlyrealm des3-hmac-sha1:normal des-hmac-sha1:normal =
des-cbc-md5:normal des-cbc-crc:normal des-cbc-crc:v4 =
des-cbc-crc:afs3<BR>
}<BR>
<BR>
<BR>
-- kadm5.acl --<BR>
*/admin@DELTA.LOCAL *<BR>
root/*@DELTA.LOCAL *<BR>
ml@DELTA.LOCAL ADMCIL<BR>
ml/*@DELTA.LOCAL il =
*/root@DELTA.LOCAL<BR>
*@DELTA.LOCAL =
cil *1/admin@DELTA.LOCAL<BR>
*/*@DELTA.LOCAL i<BR>
<BR>
-- krb5.conf --<BR>
[logging]<BR>
default =3D <A =
HREF=3D"FILE:/var/log/krb5/krb5libs.log">FILE:/var/log/krb5/krb5libs.log<=
/A><BR>
kdc =3D <A =
HREF=3D"FILE:/var/log/krb5/krb5kdc.log">FILE:/var/log/krb5/krb5kdc.log</A=
><BR>
admin_server =3D <A =
HREF=3D"FILE:/var/log/krb5/kadmind.log">FILE:/var/log/krb5/kadmind.log</A=
><BR>
<BR>
[libdefaults]<BR>
ticket_lifetime =3D 24000<BR>
default_realm =3D DELTA.LOCAL<BR>
dns_lookup_realm =3D false<BR>
dns_lookup_kdc =3D false<BR>
<BR>
<BR>
[realms]<BR>
DELTA.LOCAL =3D {<BR>
kdc =3D afs1.delta.local:88<BR>
admin_server =3D afs1.delta.local:749<BR>
default_domain =3D delta.local<BR>
}<BR>
<BR>
[domain_realm]<BR>
.delta.local =3D DELTA.LOCAL<BR>
delta.local =3D DELTA.LOCAL<BR>
<BR>
[kdc]<BR>
profile =3D /var/lib/kerberos/krb5kdc/kdc.conf<BR>
<BR>
[appdefaults]<BR>
pam =3D {<BR>
debug =3D false<BR>
ticket_lifetime =3D 36000<BR>
renew_lifetime =3D 36000<BR>
forwardable =3D true<BR>
krb4_convert =3D false<BR>
}<BR>
<BR>
<BR>
afs_krb5 =3D {<BR>
DELTA.LOCAL =3D {<BR>
&=
nbsp; afs =3D false<BR>
}<BR>
}<BR>
<BR>
------------------<BR>
<BR>
-Regards Martin L=FCtken<BR>
<BR>
<BR>
-----Original Message-----<BR>
From: ted creedon [<A =
HREF=3D"mailto:tcreedon@easystreet.com">mailto:tcreedon@easystreet.com</A=
>]<BR>
Sent: Mon 4/2/2007 4:18 PM<BR>
To: Martin L=FCtken<BR>
Subject: RE: [OpenAFS] Initial server setup<BR>
<BR>
/usr/vice/cache is a directory under /usr/vice along with /usr/vice/etc, =
and<BR>
/vicepa should be on the same drive for small systems (e.g. /usr/vice =
is<BR>
/dev/sda1 and /vicepa is /dev/sda2)<BR>
<BR>
<BR>
<BR>
You want /usr/vice/etc preserved in case you unplug the drives and =
relocate<BR>
them en-masse to another box. That way you don't have to set anything up =
-<BR>
in fact I'd recommend putting /usr/afs on its own partition, say =
/dev/sda3,<BR>
so all of afs moves with /dev/sda. That's why I use the scripts to set =
up<BR>
trial afs systems, takes about 5 minutes for a total re-do.<BR>
<BR>
<BR>
<BR>
There's no hard and fast rule, except that the /vicepxx's be on =
individual<BR>
partitions.<BR>
<BR>
<BR>
<BR>
Roll your own.<BR>
<BR>
<BR>
<BR>
Tedc<BR>
<BR>
<BR>
<BR>
_____ <BR>
<BR>
From: Martin L=FCtken [<A =
HREF=3D"mailto:mlu@danware.dk">mailto:mlu@danware.dk</A>]<BR>
Sent: Monday, April 02, 2007 3:40 AM<BR>
To: tcreedon@easystreet.com<BR>
Cc: melvin.wong@muvee.com<BR>
Subject: Re: [OpenAFS] Initial server setup<BR>
<BR>
<BR>
<BR>
ted creedon wrote:<BR>
<BR>
PS if you make a new opensuse system use ext3 filesystems and make a<BR>
partition:<BR>
<BR>
<BR>
<BR>
/usr/afs 1gig #client cache<BR>
<BR>
/vicepa however many gig you want , I use 250gig #server volumes =
and data<BR>
<BR>
<BR>
<BR>
This way if you blow the os away, you'll probably be able to save the =
client<BR>
and server data<BR>
<BR>
I created the /usr/afs partition, but it seems to me that we directed =
the<BR>
cache to /usr/vice/cache ?<BR>
Should I instead have created the /usr/vice as a seperate partition?<BR>
<BR>
-Martin<BR>
<BR>
<BR>
<BR>
<BR>
<BR>
<BR>
<BR>
_____ <BR>
<BR>
From: openafs-info-admin<BR>
<BR>
<BR>
<BR>
<BR>
<BR>
<BR>
@openafs.org [<A =
HREF=3D"mailto:openafs-info-admin@openafs.org">mailto:openafs-info-admin@=
openafs.org</A>] On Behalf Of Martin<BR>
L=FCtken<BR>
Sent: Tuesday, March 20, 2007 8:40 AM<BR>
To: openafs-info@openafs.org<BR>
Subject: Re: [OpenAFS] Initial server setup<BR>
<BR>
<BR>
<BR>
<BR>
<BR>
<BR>
<BR>
<BR>
</FONT>
</P>
</BODY>
</HTML>
------_=_NextPart_001_01C78395.BD070C77--