File Sharing Folders

 Home Directory

Your home directory is located under the "home" folder, which is parallel to the "shares" folder. In your home directory, you will find a few folders:

• public - you place files for others here
• private - no one can get here but you
• incoming - others can place files for you here
• windows_profile - where your Windows XP roaming profile is stored (Desktop, My Documents, etc)

The rest of the folders and files, by default, can be seen, but not read, by others. So, feel free to create other directories in your home directory. You can, of course, also change the Access Control Lists on any of these predefined folders however you choose.

CNF Public Share

        Located under the shares folder, public subfolder, cnf subfolder --
anyone on a computer on one of the CNF networks and any user of our fileserver
can read, write, create, modify, and delete files.

CNF Outside Users Share

        Located under the shares folder, public subfolder, outside_users
subfolder. Only staff can place files here. But files placed here can be read
by any user on our fileserver, anyone accessing the fileserver from a computer
on the CNF networks, and any user of AFS (the file system we use) at another
institution.

 CNF Staff Share

         Located under the shares folder, private or CNF_Staff subfolder,
staff_compound subfolder. Any staff member can create, delete, read, write,
modify new files and subfolders.

AFS Access Control Lists (ie permissions)

On a unix machine, fs la directory
On a Mac OS X machine, right or control click on a folder and choose AFS -
Access Control List
On a WIndows machine, right click on a folder and choose AFS - Access Control
Lists

Possible permissions are rlidwka

r - read a file/copy a file (but can't see they're there w/o the l permission)
l - lookup - be able to look through the directories and see that files are
there (but can't actually read/copy them w/o the r permission)
i - insert - create a new file/folder
d - delete - delete an existing file/folder
w - write - write to/modify an existing file/folder
k - lock
a - administer - be able to set the permissions on files/folders here

 Where is the fileserver?

On Windows machines which I have set up, our AFS "cell", cnf.cornell.edu, is
mapped to the X drive. Windows users can also go to the start menu, select run,
and enter the path: \\afs\cnf.cornell.edu

On Mac OS X machines, there will be an icon on the desktop labeled AFS. Double
click it. Under that, you will see a list of cells your machine knows about.
Ours is "cnf.cornell.edu"

On UNIX machines, use the path /afs/cnf.cornell.edu

Some CNF AFS Groups

 cnfhosts - all computers on the main CNF network (CNF offices, CAD room) and
the lab network (eg cleanroom) -- does not include CIT RedRover wireless.

grp_all - everyone who has an account on our fileserver

grp_staff - all CNF staff

grp_users - all CNF users (at present, most users do not yet have accounts)

grp_fellows - the CNF Fellows

grp_finance - Financial staff

grp_it - Your friendly CNF IT staff

system:anyuser - anyone anywhere in the world 

You can also create your own groups and add people to them. 

 Backups

 Data on the CNF file server is backed up on a daily basis.

Also, a daily snapshop of your home directory is kept in a subfolder named "Yesterday". This daily snapshot folder may also be available for some of the CNF shares.

 Installing

 Windows

1. If installing on 64 bit Windows, see CNF staff
2. d/l MIT Kerberos for Windows 3.x from http://web.mit.edu/kerberos/dist/index.html
   1. Grab the MSI installer, not the regular installer
   2. Do a Typical install
3. d/l 1.5.x MSI client installer (for Managed installations) from http://www.openafs.org
4. run the openafs installer
   1. Select a Custom install
   2. Accept the defaults for which components to install
   3. Change the cell name from openafs.org to cnf.cornell.edu
   4. Accept defaults on the rest of the screens
5. Run the attached .reg files to set OpenAFS registry settings
6. Copy the attached krb5.ini to c:\windows (e:\windows on some computers) overwriting the krb5.ini file that may be already there
7. Firewall Configuration - Under Windows XP and Vista, we recommend that you just use the built in Windows firewall. For other firewalls:
   1. SYMANTEC - If the Symantec Client Firewall is installed, you will need to add a rule allowing all traffic to/from 10.254.254.253
      • If, during the Symantec configuration process, you get a popup window about a script error, you have two choices:
        • Reinstall Symantec - this MAY fix the problem
        • Disable the Symantec firewall and enable the Windows firewall - consult CNF IT staff for help on doing this

1. 1. 1. Open Symantec Client Firewall
      2. Client Firewall - Configure
      3. Advanced Tab
      4. General Button
      5. Add a rule
      6. Permit
      7. Connection to and from other computers
      8. Only the computers and sites listed below: Add 10.254.254.253
      9. TCP and UDP and All types of communication
      10. Don't log anything
      11. Name the rule AFS Loopback Rule
      12. Check All Locations
      13. Finish
      14. Find the rule in the list of General Rules (it will be at the bottom) and repeatedly click "Move Up" to get the rule to the top of the list
2. NOW, REBOOT. After rebooting, your firewall may prompt you to allow the various afs applications access to the network. You should choose to Always Allow these.
3. OPTIONAL, set up a drive mapping (must be done AFTER REBOOTING)
   1. Right click on My Network Places
   2. Map drive
   3. To follow the CNF convention, set the drive letter to X
   4. Set the path to \\afs\cnf.cornell.edu
   5. Choose to Reconnect the drives
   6. Done
      

Mac

1. Download OAFS package (1.4.x) from www.openafs.org
2. Download afsinstall.app.tar.gz from
http://cf.ccmr.cornell.edu/publicdownloads/afs/
3. Run the OAFS package
   A. do NOT reboot when done
4. Run the afsinstall.app
   A. Cellname: cnf.cornell.edu
   B. CellAlias: cnf
   C. Accept defaults for CellServDB
   D. For the AFS Options
      a. change -fakestat to -fakestat-all
5. copy the attached edu.mit.Kerberos file to Mac HD - Library - Preferences
6. Download the gui AFSTokens app (Tiger version) from
https://forge.cornell.edu/sf/projects/afs_tokens
        File Releases tab
7. Download the OpenAFS Contextual Menu Plugin from:
http://www.ncsu.edu/mac/pn/index.php?name=UpDownload&req=viewdownloaddetails&lid=10
8. Copy the Contextual Menu Plugin to Mac HD - Library - Contextual Menu Items
9. Reboot
10. Enjoy

 Using

Windows 

 to login to afs, start menu -> All Programs -> OpenAFS -> Authentication (icon
is a lock icon)

this will put a lock icon w. a red X over it in your system tray. You can
double click on this icon to pop up a window where you can obtain afs tokens.

Tokens are what your afs client presents to the afs file server to authenticate
you.

For your username, you will use:

netid@CIT.CORNELL.EDU

having CIT.CORNELL.EDU in all caps is very important.

and use your netid password.

To access afs from windows, you can:

start menu -> run

\\afs\cnf.cornell.edu

 this will bring up the root of the cnf afs cell. You can map this path to a
drive letter

1. rt click on My Network Places

2. Choose Map Network Drive

3. Drive letter X (to match what we've done elsewhere)

4. Path should be //afs/cnf.cornell.edu 

Lengthy delays in obtaining tokens or trying to browse through the AFS filespace are most likely the result of firewall issues (Symantec or others). If you experience these problems, consult with CNF IT staff on how to resolve the problem.

Mac

Linux/Solaris

To get tokens, after logging in to the machine:

kinit netid (gets kerberos tickets)
aklog (converts kerberos tickets to afs tokens)

You can then view your kerberos tickets w.
klist
and your tokens with:
tokens

Remove Kerberos tickets with:
kdestroy

and remove afs tokens with:
unlog

Our afs cell is in the path /afs/cnf.cornell.edu