Installing OpenAFS on Ubuntu 6.06 Dapper

Introduction

This document describes the means for setting up OpenAFS on Ubuntu 6.06 "Dapper" using the ISIS.UNC.EDU AFS system. These steps only document the process for getting read-write access to /afs for what would normally be a stand-alone system. Setting up PAM so users log into their AFS home directories is covered by the UNC AFS Client Installation Guide for Linux 2.6 Systems article.

This setup was originally intended for a laptop that is not always connected to the UNC network so thus you wouldn't want to start AFS on boot-up.
This hasn't been thoroughly tested, so I welcome any comments or corrections. Please send me an email to dan_blanchette -at- unc -dot- edu

Download and install module-assistant

    $  sudo  apt-get  install  module-assistant

Or you can use the GUI way with the "Add/Remove" option of the "Applications" menu.

1. Click on the "Advanced" button

2. Click the "Search" button

3. Scroll down the list of All packages for "module-assistant." Clicking the "Search" button it may not work.

4. Select "module-assistant"

5. Click the "Apply" button to start the download process.

Download and install the openafs-client

1. Now download and install the openafs-client and openafs-krb5 krb5-user krb4-config:

$ sudo apt-get install openafs-client openafs-krb5 krb5-user krb4-config
If the command line above doesn't work, then use the "Add/Remove" menu option of the "Applications" menu on your Desktop toolbar to install these packages.
When you start the installation process, you will be asked several questions by the script. In most cases you can accept the default values. However, for the specific questions documented in the next steps, use answers provided.

2. Set your AFS cell.

Q: What AFS cell does your workstation belong to?
    A:  isis.unc.edu

3. Set your AFS cache size at /var/cache/openafs.

This value should match the size of your AFS partition if you have a one.
Q: How large is your AFS cache (kB)?
    A:  (make  it  at  least  50000,  300000  is  not  bad)

4. Set AFS database servers to be the UNC AFS servers.

Q: What hosts are DB servers for your home cell?
    A:  152.2.1.5  152.2.1.6  152.2.1.7      (enter  these  all  on  the  same  line  separated  by  a  space)

5. Try starting AFS. It is likely that the installed openafs-client is not going to work as is. If this command doesn't work, then proceed to the following steps.

    $  sudo  /etc/init.d/openafs-client  start

6. Use module-assistant to download, compile and install the OpenAFS kernel modules from source code.

$ sudo module-assistant prepare openafs-modules
    $  sudo  module-assistant  auto-build  openafs-modules
This step and the next one will need to be done every time you upgrade to a new kernel, so keep that in mind when AFS stops working for you later.

7. The last step puts a .deb package file in /usr/src, which can then be installed. Run depmod after the install command to make the system aware of the new kernel module without rebooting. 

$ sudo dpkg -i /usr/src/openafs-modules*
    $  sudo  depmod

8. Try starting AFS again.

    $  sudo  /etc/init.d/openafs-client  start

Kerberos Config Files

The most up-to-date configuration files may be at /afs/isis/depts/atn/services/kerberos/etc/ or on http://help.unc.edu/ .

Your /etc/krb.conf should contain the following: 

----------------------------------------------------------
    ISIS.UNC.EDU
    ISIS.UNC.EDU  krb1.unc.edu
    ISIS.UNC.EDU  krb0.unc.edu
    ISIS.UNC.EDU  krb2.unc.edu
----------------------------------------------------------

Your /etc/krb5.conf should only contain the following (backup the original and make the new one exactly like this) 

----------------------------------------------------------
    [libdefaults]
    default_realm  =  ISIS.UNC.EDU
    [realms]
    ISIS.UNC.EDU  =  {
        kdc  =  krb0.unc.edu
        kdc    =  krb1.unc.edu
        kdc  =    krb2.unc.edu
        admin_server  =  krba.unc.edu
        default_domain  =  isis.unc.edu
        v4_domains  =  isis.unc.edu
    }
    [domain_realm]
    .isis.unc.edu  =  ISIS.UNC.EDU
    .unc.edu            =  ISIS.UNC.EDU
----------------------------------------------------------

But this may be required:

----------------------------------------------------------
    [libdefaults]
    default_realm  =  ISIS.UNC.EDU
    default_tgs_enctypes  =  des-cbc-crc
    default_tkt_enctypes  =  des-cbc-crc
    default_etypes  =  des-cbc-crc
    default_etypes_des  =  des-cbc-crc
    clockskew  =  300
    checksum_type  =  1
    ticket_lifetime=86000
    [realms]
    ISIS.UNC.EDU  =  {
      kdc  =  krb0.unc.edu  krb1.unc.edu  krb2.unc.edu
      admin_server  =  krba.unc.edu
      default_domain  =  isis.unc.edu
      v4_domains  =  isis.unc.edu
    }
    [domain_realm]
    .isis.unc.edu  =  ISIS.UNC.EDU
    .unc.edu            =  ISIS.UNC.EDU
    [pam]
    ticket_lifetime=153300
----------------------------------------------------------

Your /etc/krb.realms should contain the following: 

----------------------------------------------------------
    isis.unc.edu  ISIS.UNC.EDU
    .isis.unc.edu  ISIS.UNC.EDU  
    unc.edu  ISIS.UNC.EDU
    .unc.edu  ISIS.UNC.EDU
----------------------------------------------------------

Obtaining AFS Tokens

To get the tokens you need to manipulate your files, use the klog command: 

$ kinit
    $  aklog  -c  isis.unc.edu  -k  ISIS.UNC.EDU
    $  klog

Setting your uid (user id number) and gid (group number)

This step only helpful if you are going to be accessing your AFS space from multiple machines.

When you have the AFS client working, you will benefit from making your user id (uid) and group id (gid) the same as it is in AFS space so that the files you create have the same UNIX ownership and permissions that you expect.

If you are installing OpenAFS on a computer that you have had an account on for while and thus have files all over the place BACKUP EVERYTHING SOMEWHERE ELSE as you could easily mess this part up. Make sure you have at least one other active account on your computer that you can login as before changing these ids as the potential for ruining your ability to login on your current account is high.

1. Log into isis.unc.edu and invoke the id command to see what your uid and gid is.

    $  id

2. On your computer edit /etc/passwd and /etc/group change your uid and gid to be the same numbers (not names) as on isis.unc.edu.

3. Then change the ownership of all your files to your new uid and gid:

$ find ~/ -name "*" -exec chgrp my_group_name
    $  find  ~/  -name  "*"  -exec  chown  my_user_name

4. (the directory /tmp/gconfd-my_user_name/ is accessed during login)

$ find /tmp -name "*" -exec chgrp my_group_name
    $  find  /tmp  -name  "*"  -exec  chown  my_user_name

Helpful Links

OpenAFS Home Page

Introduction to AFS


Top
University of North Carolina - Chapel Hill