You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 14 Next »

 File Sharing Folders

 Home Directory

         there is a public folder. Unless you change the permissions on this
folder, any files or new subfolders are readable and copyable by any other user
of the CNF Fileserver or anyone accessing the fileserver from a computer on the
CNF networks.

CNF Public Share

        Located under the shares folder, public subfolder, cnf subfolder --
anyone on a computer on one of the CNF networks and any user of our fileserver
can read, write, create, modify, and delete files.

CNF Outside Users Share

        Located under the shares folder, public subfolder, outside_users
subfolder. Only staff can place files here. But files placed here can be read
by any user on our fileserver, anyone accessing the fileserver from a computer
on the CNF networks, and any user of AFS (the file system we use) at another
institution.

 CNF Staff Share

         Located under the shares folder, private or CNF_Staff subfolder,
staff_compound subfolder. Any staff member can create, delete, read, write,
modify new files and subfolders.

AFS Access Control Lists (ie permissions)

On a unix machine, fs la directory
On a Mac OS X machine, right or control click on a folder and choose AFS -
Access Control List
On a WIndows machine, right click on a folder and choose AFS - Access Control
Lists

Possible permissions are rlidwka

r - read a file/copy a file (but can't see they're there w/o the l permission)
l - lookup - be able to look through the directories and see that files are
there (but can't actually read/copy them w/o the r permission)
i - insert - create a new file/folder
d - delete - delete an existing file/folder
w - write - write to/modify an existing file/folder
k - lock
a - administer - be able to set the permissions on files/folders here

 Where is the fileserver?

On Windows machines which I have set up, our AFS "cell", cnf.cornell.edu, is
mapped to the X drive. Windows users can also go to the start menu, select run,
and enter the path: \\afs\cnf.cornell.edu

On Mac OS X machines, there will be an icon on the desktop labeled AFS. Double
click it. Under that, you will see a list of cells your machine knows about.
Ours is "cnf.cornell.edu"

On UNIX machines, use the path /afs/cnf.cornell.edu

Some CNF AFS Groups

 cnfhosts - all computers on the main CNF network (CNF offices, CAD room) and
the lab network (eg cleanroom) -- does not include CIT RedRover wireless.

grp_all - everyone who has an account on our fileserver

grp_staff - all CNF staff

grp_users - all CNF users (at present, most users do not yet have accounts)

grp_fellows - the CNF Fellows

grp_finance - Financial staff

grp_it - Your friendly CNF IT staff

system:anyuser - anyone anywhere in the world 

You can also create your own groups and add people to them. 

 Backups

 Data on the CNF file server is backed up on a daily basis.

Also, a daily snapshop of your home directory is kept in a subfolder named "Yesterday". This daily snapshot folder may also be available for some of the CNF shares.

 Installing

 Windows

 1. d/l 1.5.x client installer from http://www.openafs.org
4. run the openafs installer
   A. For the type of install, if not already selected, choose "AFS Client"
   B. This will select the optional components (if not, select these two): AFS Client and MS Loopback
Adapter
   C. CellServDB Configuration - Choose to Download from web address
   D. Client Cell Name Configuration
      1. Cell name is: cnf.cornell.edu
      2. Check Enable AFS crypt security, Enable AFS Freelance client, and Use
DNS to Search for Cell Servers
   E. AFS Credentials Configuration
      1. Check Start AFS Credentials at system login
      2. Check Auto initialize AFS Credentials
      3. Check Renew drive maps
      4. Check IP Address change detection
      5. Check Quiet

    F. DO NOT REBOOT - Install Kerberos for OpenAFS msi, first!!! 

   G. Unzip and Install Kerberos for OpenAFS msi package (attached zip file) - no options to choose, just run the installer

   H. Copy the attached krb5.ini to c:\windows (e:\windows on some computers) overwriting the krb5.ini file that may be already there
    I. Firewall Configuration - it is recommended that you just use the built in Windows firewall. For other firewalls:

  SYMANTEC

If the Symantec Client Firewall is installed, you will need to add a rule
allowing all traffic to/from 10.254.254.253
    A. Open Symantec CLient Firewall
    B. Client Firewall - Configure
    C. Advanced Tab
    D. General Button
    E. Add a rule
    F. Permit
    G. Connection to and from other computers
    H. Only the computers and sites listed below: Add 10.254.254.253
    I. TCP and UDP and All types of communication
    J. Don't log anything
    K. Name the rule AFS Loopback Rule
    L. Check All Locations
    M. Finish
    N. FInd the rule in the list of General Rules (it will be at the bottom) and
repeatedly click "Move Up" to get the rule to the top of the list

If, during the Symantec configuration process, you get a pop up window about a script error, you have two choices:

1. Reinstalling Symantec usually fixes this.

2. Disabling the firewall portion of Symantec and just enabling the built in Windows firewall. 

J.  NOW, REBOOT. After rebooting, your firewall may prompt you to allow the various afs applications access to the network. You should choose to Always Allow these.

  OPTIONAL, set up a drive mapping.

A. Right click on My Network Places

B. Map drive

C. To follow the CNF convention, set the drive letter to X

D. Set the path to \\afs\cnf.cornell.edu

E. Choose to Reconnect the drives

F. Done
 

Mac

1. Download OAFS package (1.4.x) from www.openafs.org
2. Download afsinstall.app.tar.gz from
http://cf.ccmr.cornell.edu/publicdownloads/afs/
3. Run the OAFS package
   A. do NOT reboot when done
4. Run the afsinstall.app
   A. Cellname: cnf.cornell.edu
   B. CellAlias: cnf
   C. Accept defaults for CellServDB
   D. For the AFS Options
      a. change -fakestat to -fakestat-all
5. copy the attached edu.mit.Kerberos file to Mac HD - Library - Preferences
6. Download the gui AFSTokens app (Tiger version) from
https://forge.cornell.edu/sf/projects/afs_tokens
        File Releases tab
7. Download the OpenAFS Contextual Menu Plugin from:
http://www.ncsu.edu/mac/pn/index.php?name=UpDownload&req=viewdownloaddetails&lid=10
8. Copy the Contextual Menu Plugin to Mac HD - Library - Contextual Menu Items
9. Reboot
10. Enjoy

 Using

Windows 

 to login to afs, start menu -> All Programs -> OpenAFS -> Authentication (icon
is a lock icon)

this will put a lock icon w. a red X over it in your system tray. You can
double click on this icon to pop up a window where you can obtain afs tokens.

Tokens are what your afs client presents to the afs file server to authenticate
you.

For your username, you will use:

netid@CIT.CORNELL.EDU

having CIT.CORNELL.EDU in all caps is very important.

and use your netid password.

To access afs from windows, you can:

start menu -> run

\\afs\cnf.cornell.edu

 this will bring up the root of the cnf afs cell. You can map this path to a
drive letter

1. rt click on My Network Places

2. Choose Map Network Drive

3. Drive letter X (to match what we've done elsewhere)

4. Path should be //afs/cnf.cornell.edu 

Lengthy delays in obtaining tokens or trying to browse through the AFS filespace are most likely the result of firewall issues (Symantec or others). If you experience these problems, consult with CNF IT staff on how to resolve the problem.

Mac

Linux/Solaris

To get tokens, after logging in to the machine:

kinit netid (gets kerberos tickets)
aklog (converts kerberos tickets to afs tokens)

You can then view your kerberos tickets w.
klist
and your tokens with:
tokens

Remove Kerberos tickets with:
kdestroy

and remove afs tokens with:
unlog

Our afs cell is in the path /afs/cnf.cornell.edu

  • No labels